Software Assurance for Blockchain Contracts

Abstract

Blockchain technology is rapidly developing and, with proper execution, is on its way to widespread adoption in many areas outside of the technology sphere. Blockchains have many use cases and one function that can be provided is the idea of “smart contracts”. Smart contracts are applications that are stored on the blockchain that allow trustless transactions between peers. There are risks involved with utilizing these contracts because they can be developed and deployed by anyone with a working knowledge of common programming languages. This leads to issues because once these contracts are pushed to the blockchain it is impossible to change them without a hard fork. This means that vulnerable smart contracts must remain on the blockchain indefinitely, where they are open to exploitation by malicious parties. One suggestion to mitigate this issue is to have a clause that invalidates old contracts if a signed update is pushed. This solution is workable, but this project’s goal is to prevent this problem entirely by developing a testing suite that will allow smart contract developers to assure that their software is as error-free as possible before deploying it to the blockchain. This paper will analyze several popular blockchain platforms that support smart contracts, common vulnerabilities in smart contracts, and the cutting edge of smart contract assurance tools. We will be aggregating and extending this data to create the proposed testing suite.