Publications

Disclaimer: The papers below are intended for private viewing by the page owner or those who otherwise have legitimate access to them. No part of it may in any form or by any electronic, mechanical, photocopying, recording, or any other means be reproduced, stored in a retrieval system or be broadcast or transmitted without the prior permission of the respective publishers. If your organization has a valid subscription of the journals, click on the DOI link for the legitimate copy of the papers.

AIOps Anomaly Detection Distributed Traces Observability Smart Contract

Show all

2024

Soud, Majd; Liebel, Grischa; Hamdaqa, Mohammad

A Fly in the Ointment: An Empirical Study on the Characteristics of Ethereum Smart Contracts Code Weaknesses and Vulnerabilities Journal Article

In: Empirical Software Engineering, vol. 29, iss. 1, 2024.

Abstract | Links | BibTeX | Tags: Smart Contract

@article{soud2022fly,

title = {A Fly in the Ointment: An Empirical Study on the Characteristics of Ethereum Smart Contracts Code Weaknesses and Vulnerabilities},

author = {Majd Soud and Grischa Liebel and Mohammad Hamdaqa},

url = {https://link.springer.com/article/10.1007/s10664-023-10398-5},

year  = {2024},

date = {2024-01-01},

urldate = {2023-10-01},

journal = {Empirical Software Engineering},

volume = {29},

issue = {1},

abstract = {Context

Smart contracts are programs that are automatically executed on the blockchain. Code weaknesses in their implementation have led to severe loss of cryptocurrency. It is essential to understand the nature of code weaknesses in Ethereum smart contracts to prevent them in the future. Existing classifications are limited in several ways, e.g., in the breadth of data sources, and the generality of proposed categories.



Objective

We aim to characterize code weaknesses in Ethereum smart contracts written in Solidity, and provide an overview of existing classification schemes in relation to this characterization.



Method

We extracted code weaknesses in Ethereum smart contracts from two public coding platforms and two vulnerability databases and categorized them using an open card sorting approach. We devised a classification scheme of smart contract code weaknesses according to their error source and impact. Afterwards, we mapped existing classification schemes to our classification.



Results

The resulting classification consists of 11 categories describing the error source of code weaknesses and 13 categories describing potential impacts. Our findings show that the language specific coding and the structural data flow categories are the dominant categories, but that the frequency of occurrence differs substantially between the data sources.



Conclusions

Our findings enable researchers to better understand smart contract code weaknesses by defining various dimensions of the problem and supporting our classification with mappings with literature-based classifications and frequency distributions of the defined categories.},

keywords = {Smart Contract},

pubstate = {published},

tppubtype = {article}

}