Continuous and secure integration framework for smart contracts

En tiempo reciente, el desarrollo de contratos inteligentes ha tenido un auge debido al interés generado por criptomonedas en la tecnología de blockchains. Investigadores han encontrado diferentes usos para los contratos inteligentes gracias a este interés. Debido a esto, se ha logrado evidenciar los problemas de seguridad que se han presentado con múltiples contratos y los problemas que pueden llegar a ocasionarse. Por tanto, decidimos evaluar los esquemas de DevOps actual para buscar adaptarlo a un modelo de trabajo compatible con los contratos inteligentes. Siguiendo múltiples investigaciones realizadas por otros investigadores en fases específicas, logramos identificar las falencias de DevOps en contratos inteligentes. Considerando la información que recolectamos, trabajamos en definir las fases y actividades que deben ir en estas. El resultado es haber logrado proponer un framework adaptable con todos los pasos a considerar durante el desarrollo de contratos inteligentes. Además, dicho framework es probado utilizando tecnologías para demostrar su viabilidad.MaestríaMagister en Ingeniería de Sistemas y Computació

Pre-deployment Analysis of Smart Contracts -- A Survey

Smart contracts are programs that execute transactions involving independent parties and cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and vulnerabilities. Such vulnerabilities can result in significant losses. Furthermore, by design, smart contract transactions are irreversible. This creates a need for methods to ensure the correctness and security of contracts pre-deployment. Recently there has been substantial research into such methods. The sheer volume of this research makes articulating state-of-the-art a substantial undertaking. To address this challenge, we present a systematic review of the literature. A key feature of our presentation is to factor out the relationship between vulnerabilities and methods through properties. Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address. The methods considered include static analysis as well as dynamic analysis methods and machine learning algorithms that analyze smart contracts before deployment. Several patterns about the strengths of different methods emerge through this classification process

Impact of Design Patterns on Code Quality in Blockchain-based Applications

Blockchain or Distributed Ledger Technology (DLT) introduces a new computing paradigm that is viewed by experts as a disruptive and revolutionary technology. While bitcoin is the most well-known successful application of blockchain technology, many other applications and sectors could successfully utilize the power of blockchain. The potential applications of blockchain beyond finance and banking encouraged many organizations to integrate and adopt blockchain into existing or new software systems. Integrating and using any new computing paradigm is expected to affect the best practice and design principles of building software systems. Emerging blockchain-based applications require careful attention to many functional and nonfunctional requirements. One common practice in software engineering to handle potential pitfalls in software systems is using design patterns. Design patterns have been long used in software development to optimize the quality of software being developed. This research aims to determine the level of adoption of design patterns blockchain applications and their usefulness by analyzing the quality of the source code. This is achieved in a two-step process. Firstly, the quality of publicly available blockchain-based applications developed with design patterns is compared with applications without design patterns. In the next step, two versions of a blockchain-based application for cheque clearance are developed, with and without design patterns, and their quality and vulnerability to attacks are compared