• PDF / 6,065,700 Bytes
• 59 Pages / 439.642 x 666.49 pts Page_size
• 35 Downloads / 241 Views

DOWNLOAD

REPORT

Code cloning in smart contracts: a case study on verified contracts from the Ethereum blockchain platform Masanari Kondo1 Osamu Mizuno1

· Gustavo A. Oliva2 · Zhen Ming (Jack) Jiang3 · Ahmed E. Hassan2 ·

© Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract Ethereum is a blockchain platform that hosts and executes smart contracts. Smart contracts have been used to implement cryptocurrencies and crowdfunding initiatives (ICOs). A major concern in Ethereum is the security of smart contracts. Different from traditional software development, smart contracts are immutable once deployed. Hence, vulnerabilities and bugs in smart contracts can lead to catastrophic financial loses. In order to avoid taking the risk of writing buggy code, smart contract developers are encouraged to reuse pieces of code from reputable sources (e.g., OpenZeppelin). In this paper, we study code cloning in Ethereum. Our goal is to quantify the amount of clones in Ethereum (RQ1), understand key characteristics of clone clusters (RQ2), and determine whether smart contracts contain pieces of code that are identical to those published by OpenZeppelin (RQ3). We applied Deckard, a tree-based clone detector, to all Ethereum contracts for which the source code was available. We observe that developers frequently clone contracts. In particular, 79.2% of the studied contracts are clones and we note an upward trend in the number of cloned contracts per quarter. With regards to the characteristics of clone clusters, we observe that: (i) 9 out of the top-10 largest clone clusters are token managers, (ii) most of the activity of a cluster tends to be concentrated on a few contracts, and (iii) contracts in a cluster to be created by several authors. Finally, we note that the studied contracts have different ratios of code blocks that are identical to those provided by the OpenZeppelin project. Due to the immutability of smart contracts, as well as the impossibility of reverting transactions once they are deemed final, we conclude that the aforementioned findings yield implications to the security, development, and usage of smart contracts. Keywords Smart contracts · Code cloning · Ethereum · Blockchain

Communicated by: Miryung Kim  Masanari Kondo

[email protected]

Extended author information available on the last page of the article.

Empirical Software Engineering

1 Introduction Ethereum is a blockchain platform (Wood 2017). A blockchain platform is a distributed, chronological database of transactions that is shared and maintained across nodes that participate in a peer-to-peer network (Swan 2015). The decentralized nature of a blockchain enables transactions to be processed without the need of a trusted third-party, such as a bank or a credit card company. Due to its unique properties, blockchain has attracted the attention of media outlets such as The Economist (Economist 2018) and The New York Times (Popper 2017). Industry-leading companies such as Facebook are also starting to develop their own blockchain platforms.1

Recommend Documents

How Similar Are Smart Contracts on the Ethereum?

170 78 55MB

HRM smart contracts on the blockchain: emulated vs native

158 49 1MB

Beginning Ethereum Smart Contracts Programming With Examples in Pyth

166 7 9MB

Legal Tech, Smart Contracts and Blockchain

108 48 5MB

Building Games with Ethereum Smart Contracts Intermediate Projects f

168 82 3MB

Formal Verification of Ethereum Smart Contracts Using Isabelle/HOL

179 73 7MB

Marlowe: Financial Contracts on Blockchain

192 94 11MB

GASOL: Gas Analysis and Optimization for Ethereum Smart Contracts

205 79 10MB

Proof-Carrying Smart Contracts

182 63 384KB

Secure Blockchain Smart Contracts for Efficient Logistics System

170 25 4MB

Reliable Smart Contracts

192 27 28MB

Deploying Smart Contracts

168 13 7MB