Pre-deployment Analysis of Smart Contracts -- A Survey

Smart contracts are programs that execute transactions involving independent parties and cryptocurrencies. As programs, smart contracts are susceptible to a wide range of errors and vulnerabilities. Such vulnerabilities can result in significant losses. Furthermore, by design, smart contract transactions are irreversible. This creates a need for methods to ensure the correctness and security of contracts pre-deployment. Recently there has been substantial research into such methods. The sheer volume of this research makes articulating state-of-the-art a substantial undertaking. To address this challenge, we present a systematic review of the literature. A key feature of our presentation is to factor out the relationship between vulnerabilities and methods through properties. Specifically, we enumerate and classify smart contract vulnerabilities and methods by the properties they address. The methods considered include static analysis as well as dynamic analysis methods and machine learning algorithms that analyze smart contracts before deployment. Several patterns about the strengths of different methods emerge through this classification process

Cognitive Modelling for User Interface Design in HCI: A Comparative Analysis on Cognitive Models

This research aims to elaborate the cognition in the field of human-computer interaction, also acknowledges the cognitive modeling and human behavior processes. Cognitive modeling is a field of Human-Computer Interaction (HCI) which is used to design more efficient human interactive systems. It is used to model the interactive system in such a way that analysts can determine methods that users will interact with the system and also be used to understand the different processes of cognitive human behaviors. Hierarchal task analysis is a task to goal-based model, in which analyst selects the actions and tasks to perform. GOMS is a cognitive knowledge of the human information processing model in HCI that describes the user's cognitive architecture based on four components. The linguistic and grammatical model is a syntactical model in which languages and syntax are designed for the user for system communication in an interactive system. Cognitive human behavior processes are also described to understand the mutual coordination of cognition processes and cognitivemodels in designing an interactive system. Problem-solving is a cognitive process of the human mind to search for a problem and explore the possible solutions for that problem. Decision making is also a cognitive process of human behaviour in which human chooses an action from other alternatives based on certain criteria

Pre-deployment Analysis of Smart Contracts

Smart contracts are programs that reside and execute on top of blockchains. These programs commonly perform financial transactions and contain the backend logic of several blockchain-supported applications. The presence of errors and bugs in smart contracts poses security threats to the applications they support. This is especially concerning because operations performed by smart contracts are irreversible after deployment due to the immutable nature of blockchains. Thus, ensuring their correctness and security before deployment is important. For this purpose, several program analysis and verification approaches are being actively researched and applied to smart contracts. The volume of research in this area makes it challenging to articulate the state-of-the-art. The first contribution of this thesis is to investigate how predeployment analysis techniques ensure the correctness and security of smart contracts. This investigation factors out the relationship between vulnerabilities in smart contracts and pre-deployment analysis techniques through properties they address. Among the range of issues uncovered by the investigation, one notable set pertains to non-deterministic factors involved in the context of contract execution. For example, transactions (function invocations) dispatched to smart contracts are scheduled in non-deterministic order, and asynchronous calls to external services (known as oracles) return in a non-deterministic order. Consequently, these factors may cause data races and non-deterministic bugs in smart contracts. The second contribution of this thesis is to address such issues by unraveling specific forms of data races in Ethereum smart contracts, denoted as transactional data races. The thesis also presents a static analysis approach to detect issues arising from transactional data races. In addition, this thesis makes a third contribution relating to a design approach for Domain Specific Languages (DSLs). Research on DSL design approaches has the potential to complement the research on smart contracts, as smart contracts are commonly written using DSLs. This thesis proposes an agile approach for designing a DSL for automotive safety test grounds. This approach enables increased communication and learning between different stakeholders involved in DSL development. Finally, this thesis highlights our future research endeavors concerning various forms of concurrency and non-determinism-related issues in smart contracts

Pre-deployment Analysis of Smart Contracts

Smart contracts are programs that reside and execute on top of blockchains. These programs commonly perform financial transactions and contain the backend logic of several blockchain-supported applications. The presence of errors and bugs in smart contracts poses security threats to the applications they support. This is especially concerning because operations performed by smart contracts are irreversible after deployment due to the immutable nature of blockchains. Thus, ensuring their correctness and security before deployment is important. For this purpose, several program analysis and verification approaches are being actively researched and applied to smart contracts. The volume of research in this area makes it challenging to articulate the state-of-the-art. The first contribution of this thesis is to investigate how predeployment analysis techniques ensure the correctness and security of smart contracts. This investigation factors out the relationship between vulnerabilities in smart contracts and pre-deployment analysis techniques through properties they address. Among the range of issues uncovered by the investigation, one notable set pertains to non-deterministic factors involved in the context of contract execution. For example, transactions (function invocations) dispatched to smart contracts are scheduled in non-deterministic order, and asynchronous calls to external services (known as oracles) return in a non-deterministic order. Consequently, these factors may cause data races and non-deterministic bugs in smart contracts. The second contribution of this thesis is to address such issues by unraveling specific forms of data races in Ethereum smart contracts, denoted as transactional data races. The thesis also presents a static analysis approach to detect issues arising from transactional data races. In addition, this thesis makes a third contribution relating to a design approach for Domain Specific Languages (DSLs). Research on DSL design approaches has the potential to complement the research on smart contracts, as smart contracts are commonly written using DSLs. This thesis proposes an agile approach for designing a DSL for automotive safety test grounds. This approach enables increased communication and learning between different stakeholders involved in DSL development. Finally, this thesis highlights our future research endeavors concerning various forms of concurrency and non-determinism-related issues in smart contracts

TODLER : A Transaction Ordering Dependency anaLyzER - for Ethereum Smart Contracts

Smart contracts are programs with data (mutable state); stored on and executed by blockchain platforms. The transactions (or function invocations) dispatched to smart contracts often change their state. In the Ethereum blockchain, nodes (aka miners/validators) can schedule a set of transactions in any order in a block. Multiple transactions in a single block operating on a contract's shared state may yield different outcomes based on their execution order, thus creating a possibility for non-determinism and races between transactions. The resulting issue in Ethereum smart contracts is Transaction Ordering Dependency (TOD). Detecting a TOD requires identifying valid transactions affecting a contract's global/state variables which is equivalent to detecting read-after-write dependencies in race detection, and we expect it to be similarly nontrivial for human developers. In this paper, we identify various TODs, including a novel type previously undocumented in the literature. To detect these TODs, we propose an information flow analysis-based static analyzer, TODler. Our manual evaluation of 108 Ethereum smart contracts shows that TODler outperforms previously available approaches in terms of both run time and precision and also detects the novel TOD pattern identified in this paper

Challenges and Security Aspects of Blockchain Based Online Multiplayer Games​

Video gaming has always been a blooming industry. With the emergence of online multi- player video games , this industry’s worth have sky rocketed. Online multiplayer video games store data of player’s credentials, in-game progress, in-game virtual assets and payment details etc. Which mean security threats to these systems are nothing new and securing these games have always meant to protect player’s data from unauthorized breach. Integration of Blockchain technology in online multiplayer video games apart from other amazing features, provides a way to prove digital ownership of virtual assets with their verifiable scarcity. Trade of these in-game virtual assets have always been a goal for online multiplayer gaming companies, but there was none enough trust-able infrastructure available which can be relied on. Blockchain just solved that problem. It provided a platform for these asset’s secure and transparent transaction between players. Topic for our research not only consider the security challenges in online games but specifi- cally blockchain based online multiplayer games. This adaptation is still new and there is need of consideration of new security challenges. In this dissertation we try to bring out some important challenges related to security of blockchain based online multiplayer video games. There are currently no studies around security concerns and challenges of the integration of the online multiplayer video games in the emerging blockchain systems. In order to fill in the gap, this dissertation discusses and identifies two main security concerning questions related to this domain. Also this dissertation provides basic steps for expanding future research and application in this joint domain

Cholesteric Liquid Crystal Droplets for Biosensors

By utilizing a microfluidics approach, we prepared uniformly sized cholesteric liquid crystal (CLC) droplets from MLC-2132 doped with a chiral dopant (S)-4-cyano-4′-(2-methylbutyl)­biphenyl (CB15). We studied the helical structures and reflecting color patterns of high- and low-dopant CLC droplets coated with poly­(vinyl alcohol) (PVA) and sodium dodecyl sulfate (SDS). One central large spot with reflecting color in the CLC droplets (initially coated with PVA for planar anchoring) changed to many small spots with the same reflecting color (chicken-skin pattern) when an SDS aqueous solution was introduced to increase the homeotropic anchoring power. These small spots subsequently merged into several spots (flashlight pattern) with time. The CLC droplets coated with poly­(acrylic acid)-<i>b</i>-poly­(4-cyanobiphenyl-4′-oxyundecyl acrylate) (PAA-<i>b</i>-LCP) (CLC_PAA droplets) were pH-responsive. Their helical structure and the reflecting color pattern changed because of protonation (at low pH) and deprotonation (at high pH) of the carboxylic group of PAA, which causes the planar (tangential) and perpendicular (homeotropic) orientations, respectively. The CLC_PAA droplets immobilized with glucose oxidase (GOx) and cholesterol oxidase (ChO) (CLC_PAA‑GOx and CLC_PAA‑ChO droplets, respectively), for glucose and cholesterol detection, exhibited high sensitivity (0.5 and 2.5 μM for the CLC_PAA‑GOx and CLC_PAA‑ChO droplets, respectively), good selectivity, and fast response (≤4 s). Further optimization will enhance their performance as biosensors. With this novel approach, detection is possible by observing the coloring pattern of CLC droplets, without the crossed polarizers that are necessary for nematic LC biosensor systems