3,133 research outputs found
An empirical analysis of smart contracts: platforms, applications, and design patterns
Smart contracts are computer programs that can be consistently executed by a
network of mutually distrusting nodes, without the arbitration of a trusted
authority. Because of their resilience to tampering, smart contracts are
appealing in many scenarios, especially in those which require transfers of
money to respect certain agreed rules (like in financial services and in
games). Over the last few years many platforms for smart contracts have been
proposed, and some of them have been actually implemented and used. We study
how the notion of smart contract is interpreted in some of these platforms.
Focussing on the two most widespread ones, Bitcoin and Ethereum, we quantify
the usage of smart contracts in relation to their application domain. We also
analyse the most common programming patterns in Ethereum, where the source code
of smart contracts is available.Comment: WTSC 201
Towards Smart Hybrid Fuzzing for Smart Contracts
Smart contracts are Turing-complete programs that are executed across a
blockchain network. Unlike traditional programs, once deployed they cannot be
modified. As smart contracts become more popular and carry more value, they
become more of an interesting target for attackers. In recent years, smart
contracts suffered major exploits, costing millions of dollars, due to
programming errors. As a result, a variety of tools for detecting bugs has been
proposed. However, majority of these tools often yield many false positives due
to over-approximation or poor code coverage due to complex path constraints.
Fuzzing or fuzz testing is a popular and effective software testing technique.
However, traditional fuzzers tend to be more effective towards finding shallow
bugs and less effective in finding bugs that lie deeper in the execution. In
this work, we present CONFUZZIUS, a hybrid fuzzer that combines evolutionary
fuzzing with constraint solving in order to execute more code and find more
bugs in smart contracts. Evolutionary fuzzing is used to exercise shallow parts
of a smart contract, while constraint solving is used to generate inputs which
satisfy complex conditions that prevent the evolutionary fuzzing from exploring
deeper paths. Moreover, we use data dependency analysis to efficiently generate
sequences of transactions, that create specific contract states in which bugs
may be hidden. We evaluate the effectiveness of our fuzzing strategy, by
comparing CONFUZZIUS with state-of-the-art symbolic execution tools and
fuzzers. Our evaluation shows that our hybrid fuzzing approach produces
significantly better results than state-of-the-art symbolic execution tools and
fuzzers
LikeStarter: a Smart-contract based Social DAO for Crowdfunding
Crowdfunding has become a popular form of collective funding, in which small
donations or investments, made by groups of people, support the development of
new projects in exchange of free products or different types of recognition.
Social network sites, on the other hand, promote user cooperation and currently
are at the basis of any individuals cyber-interactions. In this paper, we
present LikeStarter, a blockchain-based decentralized platform that combines
social interactions with crowdfunding mechanisms, allowing any user to raise
funds while becoming popular in the social network. Being built over the
Ethereum blockchain, LikeStarter is structured as a Decentralized Autonomous
Organization (DAO), that fosters crowdfunding without the intervention of any
central authority, and recognizes the active role of donors, enabling them to
support artists or projects, while making profits.Comment: Proceedings of the 2st Workshop on Cryptocurrencies and Blockchains
for Distributed Systems (CryBlock'19). Paris, France, 29 April, 201
- …