4 research outputs found
Assessing Smart Contracts Security Technical Debts
Smart contracts are self-enforcing agreements that are employed to exchange
assets without the approval of trusted third parties. This feature has
encouraged various sectors to make use of smart contracts when transacting.
Experience shows that many deployed contracts are vulnerable to exploitation
due to their poor design, which allows attackers to steal valuable assets from
the involved parties. Therefore, an assessment approach that allows developers
to recognise the consequences of deploying vulnerable contracts is needed. In
this paper, we propose a debt-aware approach for assessing security design
vulnerabilities in smart contracts. Our assessment approach involves two main
steps: (i) identification of design vulnerabilities using security analysis
techniques and (ii) an estimation of the ramifications of the identified
vulnerabilities leveraging the technical debt metaphor, its principal and
interest. We use examples of vulnerable contracts to demonstrate the
applicability of our approach. The results show that our assessment approach
increases the visibility of security design issues. It also allows developers
to concentrate on resolving smart contract vulnerabilities through technical
debt impact analysis and prioritisation. Developers can use our approach to
inform the design of more secure contracts and for reducing unintentional debts
caused by a lack of awareness of security issues