Characterizing the cost of introducing secure programming patterns and practices in ethereum

Abstract

Ethereum is blockchain-based platform which enables the development and deployment of smart contracts. Smart contracts are computer programs that provide automation for the governance of decentralized autonomous organizations (DAO). However, while the Blockchain technology is secure, smart contracts are only as secure as the programmers has designed it to be. Therefore, smart contract exposes vulnerabilities that can be exploited by attackers and threaten the viability of the DAOs. This study presents a case study which investigated how security programming patterns and practices from other programming languages can be applied in Solidity – Ethereum programming language. We have characterized the cost of introducing these patterns and practices. We identified 30 security programming patterns and practices from C++, JAVA which can be applicable to Solidity and implemented ten in a representative smart contract. The results show that the application of the ten security patterns and practices identified and implemented increases the cost of the smart contract (when compared to the baseline). Furthermore, we argue that this difference is not significant and should not deter any programmers into introducing the security patterns and practices into their smart contracts.