Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach
This addresses security issues for developers creating smart contracts on Ethereum, particularly in finance and IoT, but it is incremental as it builds on existing FSM concepts.
The authors tackled the problem of security vulnerabilities in Ethereum smart contracts, which can lead to asset theft or damage, by introducing FSolidM, a framework for designing contracts as Finite State Machines (FSM) with a graphical interface and automatic code generation, resulting in enhanced security through design patterns.
The adoption of blockchain-based distributed computation platforms is growing fast. Some of these platforms, such as Ethereum, provide support for implementing smart contracts, which are envisioned to have novel applications in a broad range of areas, including finance and Internet-of-Things. However, a significant number of smart contracts deployed in practice suffer from security vulnerabilities, which enable malicious users to steal assets from a contract or to cause damage. Vulnerabilities present a serious issue since contracts may handle financial assets of considerable value, and contract bugs are non-fixable by design. To help developers create more secure smart contracts, we introduce FSolidM, a framework rooted in rigorous semantics for designing con- tracts as Finite State Machines (FSM). We present a tool for creating FSM on an easy-to-use graphical interface and for automatically generating Ethereum contracts. Further, we introduce a set of design patterns, which we implement as plugins that developers can easily add to their contracts to enhance security and functionality.