Mark van Staalduinen

Pieter Hartel, Mark van Staalduinen

The Ethereum blockchain is essentially a globally replicated public database. Programs called smart contracts can access this database. Over 10 million smart contracts have been deployed on the Ethereum blockchain. Executing a method of a smart contract generates a transaction that is also stored on the blockchain. There are over 1 billion Ethereum transactions to date. Smart contracts that are transparent about their function are more successful than opaque contracts. We have therefore developed a tool (ContractVis) to explore the transparency of smart contracts. The tool generates a replay script for the historic transactions of a smart contract. The script executes the transactions with the same arguments as recorded on the blockchain, but in a minimal test environment. Running a replay script provides insights into the contract, and insights into the blockchain explorer that was used to retrieve the contract and its history. We provide five concrete recommendations for blockchain explorers like Etherscan to improve the transparency of smart contracts.

Vincent Chia, Pieter Hartel, Qingze Hum et al.

Blockchain technology has become almost as famous for incidents involving security breaches as for its innovative potential. We shed light on the prevalence and nature of these incidents through a database structured using the STIX format. Apart from OPSEC-related incidents, we find that the nature of many incidents is specific to blockchain technology. Two categories stand out: smart contracts, and techno-economic protocol incentives. For smart contracts, we propose to use recent advances in software testing to find flaws before deployment. For protocols, we propose the PRESTO framework that allows us to compare different protocols within a five-dimensional framework.