Security checklists for Ethereum smart contract development: patterns and best practices
This addresses security risks for Ethereum smart contract developers, but it is incremental as it builds on existing research with a practical tool.
The paper tackles the challenge of developing secure Ethereum smart contracts by collecting security patterns and providing assessment checklists for design, coding, testing, and deployment phases, enabling developers to verify security measures.
In recent years Smart Contracts and DApps are becoming increasingly important and widespread thanks to the properties of blockchain technology. In most cases DApps are business critical, and very strict security requirements should be assured. Developing safe and reliable Smart Contracts, however, is not a trivial task. Several researchers have studied the security issues, however none of these provide a simple and intuitive tool to overcome these problems. In this paper we collected a list of security patterns for DApps. Moreover, based on these patterns, we provide the reader with security assessment checklists that can be easily used for the development of SCs. We cover the phases of design, coding, and testing and deployment of the software lifecycle. In this way, we allow developers to easily verify if they applied all the relevant security patterns to their smart contracts. We focus all the analysis on the most popular Ethereum blockchain, and on the Solidity language.