Code cloning in smart contracts: a case study on verified contracts from the Ethereum blockchain platform

Masanari Kondo, Gustavo A. Oliva, Zhen Ming Jiang, Ahmed E. Hassan, Osamu Mizuno

研究成果: ジャーナルへの寄稿学術誌査読

14 被引用数 (Scopus)

抄録

Ethereum is a blockchain platform that hosts and executes smart contracts. Smart contracts have been used to implement cryptocurrencies and crowdfunding initiatives (ICOs). A major concern in Ethereum is the security of smart contracts. Different from traditional software development, smart contracts are immutable once deployed. Hence, vulnerabilities and bugs in smart contracts can lead to catastrophic financial loses. In order to avoid taking the risk of writing buggy code, smart contract developers are encouraged to reuse pieces of code from reputable sources (e.g., OpenZeppelin). In this paper, we study code cloning in Ethereum. Our goal is to quantify the amount of clones in Ethereum (RQ1), understand key characteristics of clone clusters (RQ2), and determine whether smart contracts contain pieces of code that are identical to those published by OpenZeppelin (RQ3). We applied Deckard, a tree-based clone detector, to all Ethereum contracts for which the source code was available. We observe that developers frequently clone contracts. In particular, 79.2% of the studied contracts are clones and we note an upward trend in the number of cloned contracts per quarter. With regards to the characteristics of clone clusters, we observe that: (i) 9 out of the top-10 largest clone clusters are token managers, (ii) most of the activity of a cluster tends to be concentrated on a few contracts, and (iii) contracts in a cluster to be created by several authors. Finally, we note that the studied contracts have different ratios of code blocks that are identical to those provided by the OpenZeppelin project. Due to the immutability of smart contracts, as well as the impossibility of reverting transactions once they are deemed final, we conclude that the aforementioned findings yield implications to the security, development, and usage of smart contracts.

本文言語英語
ページ(範囲)4617-4675
ページ数59
ジャーナルEmpirical Software Engineering
25
6
DOI
出版ステータス出版済み - 11月 1 2020
外部発表はい

!!!All Science Journal Classification (ASJC) codes

  • ソフトウェア

フィンガープリント

「Code cloning in smart contracts: a case study on verified contracts from the Ethereum blockchain platform」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル