Analysis of Source Code Duplication in Ethreum Smart Contracts - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2021

Analysis of Source Code Duplication in Ethreum Smart Contracts

Résumé

The practice of writing smart contracts for the Ethereum blockchain is quite recent and still in development. A blockchain developer should expect constant changes in the security software field, as new bugs and security risks are discovered, and new good practices are developed. Following the security practices accepted in the blockchain community is not enough to ensure the writing of secure smart contracts. The paper aims to study the practice of code cloning among the smart contracts by analyzing two corpora. The first corpus, the "Smart-Corpus", includes smart contracts already deployed in the Ethereum blockchain. The second corpus, the "Open-Zeppelin's Solidity Library", is supervised by a community of developers who constantly take care to increase the security and efficiency of the smart contracts included in the corpus. From the comparative analysis of the corpora, we observe that the smart contracts developers frequently duplicate the code by cloning already existing smart contracts which are not part of the "OpenZeppelin corpus". In particular, we found that 79.1% of smart contracts contain duplicated code and only 18.4% of smart contracts reuse the code by implementing a smart corpus belonging to the OpenZeppelin repository. The paper discusses the advantages and the disadvantages of code duplication in the Ethereum blockchain ecosystem, and suggests to refer to the smart contracts of the OpenZeppelin's Solidity Library. The Ethereum blockchain community can indeed benefit from using the tested code presented in OpenZeppelin's Solidity Library to increase its security.
Fichier principal
Vignette du fichier
Pierr21c-DuplicationAnalysis-Saner.pdf (133.81 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-03358152 , version 1 (29-09-2021)

Identifiants

  • HAL Id : hal-03358152 , version 1

Citer

Giuseppe Antonio Pierro, Roberto Tonelli. Analysis of Source Code Duplication in Ethreum Smart Contracts. 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), Mar 2021, Honolulu, United States. ⟨hal-03358152⟩
49 Consultations
597 Téléchargements

Partager

Gmail Facebook X LinkedIn More