Presentation is loading. Please wait.

Presentation is loading. Please wait.

Final Presentation Master’s Thesis: Identification of Programming Patterns in Solidity Franz Volland, 04th June 2018, Scientific advisor: Ulrich Gallersdörfer.

Published byTil Bösch Modified over 6 years ago

Similar presentations

Presentation on theme: "Final Presentation Master’s Thesis: Identification of Programming Patterns in Solidity Franz Volland, 04th June 2018, Scientific advisor: Ulrich Gallersdörfer."— Presentation transcript:

1 Final Presentation Master’s Thesis: Identification of Programming Patterns in Solidity
Franz Volland, 04th June 2018, Scientific advisor: Ulrich Gallersdörfer

2 Agenda 1 2 3 4 5 6 From Blockchain to Solidity – A Short Introduction
Motivation 3 Research Questions 4 Approach 5 Pattern Catalog & Categories 6 Investigation on Pattern Usage Identification of Programming Patterns in Solidity © sebis

3 From Blockchain to Solidity - A Short Introduction
RECAP BLOCK 12344 BLOCK 12345 BLOCK 12346 TIME: PREV. HASH: 98A3B821A7 <TRANSACTIONS> BLOCK 12347 BLOCK 12348 A  B : 2 XBT A  C : 0.2 XBT B –> C : 1 XBT A  B : 2 ETH A  Code B  Code.do() Solidity: Smart contract programming language Similar to JavaScript Announced 2014 Blockchain is a public ledger. A ledger could be seen as a logbook where information is stored and can not be reverted or deleted. (Analogy with banker that puts all daily transactions into the banks safe -> daily at the bank, 10 min at Bitcoin, 15 seconds at Ethereum) Every block contains the hash of the previous block -> that makes it impossible to alter a block without also altering every successor. Public is important because everybody is able to view and verify everything that is going on. Pros and cons, but you have to keep it in mind when designing software. Idea of Bitcoin is to store transactions of a virtual currency on the ledger. Ethereum (whole new blockchain) put the game to the next level and introduced touring complete EVM. Now its possible to store code on the blockchain. -> two different types of accounts on blockchain: Users and Code. Code = Smart Contract. Smart contracts are secure code. They are run by every participating node in the network. => You don’t have to trust any other party anymore but the network (which has proven to be quite safe) and the code. THIS IT WHERE IT GETS INTERESTING Smart contract code today is written almost exclusively in a language called Solidity. Developed in late 2014 and similar to JavaScript. Identification of Programming Patterns in Solidity © sebis

4 Motivation – Why we need Patterns for Solidity
Major Hacks: The DAO: 3.6M Ξ Parity Multisignature Wallet 2x 150k + 514k Ξ “We are in Cryptoland. […] It‘s like Australia where anything with a heartbeat will try to kill you.“ - Martin Swende (Ethereum Foundation) Smart contracts are a worthwile target 1: Patterns (after Alexander2): Finality of transactions Monetising successful attacks is straightforward Availability of contract source/byte code Describes a reoccurring problem Describes core of the solution Reusable solution to a problem What makes smart contracts special is that you only have to trust code. This is perfect if code is fine. That code is not always fine has been shown by a lot of different attacks over the last years. The DAO (June 2016): 3.6M Eth -> Hardfork Parity Multisignature Wallet (July + Nov 2017) 2x 150k + 514k Eth A lot of smaller ones: Rubixy (wrong constructor) or HackerGold (400k $ because =+ instead of +=) … Quote from Swende here … He wants to say that everyone is trying to hack. Thats because of unregulated nature of the Cryptoecosystem. But Hacks are not the problem.. They are just the consequence. Hacks must not be only bad. Every hack shows vulnerability and then it might not happen again. Lets have a look at the real problems that lead to vulnerabilities beeing exploited, where Patterns can help and reduce risks. Language is barely 3 years old. While it looks similar to JavaScript it is a new paradigm. New programmers feeling overconfident. Very high stakes as the value of Ether is rising from 8$ to >1000$ in the last year.  Attracts new attackers Blockchain is immutable. Once code is deployed it can not be fixed. In old times software was released every 6 month. Then web development and stored on servers  easy fix in a few minutes. Now it is more like old times. Needs throughout testing. Mind in porgrammers who are used to easy fixing has to change. Easy to mess up. See rubix. Which can have devastating consequences. A lot of attackers because of unregulated nature Hard to understand whats going on, especially for non developers. Imagine looking at a legal text. Hard to understand. Now that functionality in code is even more complicated. But non technicians will want to interact with it.  All in all Solidity Patterns can be helpful for developers as for every non developer user who wants to interact and therefore has to understand whats going on 1 2 C. Alexander, The Timeless Way of Building. New York: Oxford University Press, 1979 Identification of Programming Patterns in Solidity © sebis

5 Research Questions What are current challenges in smart contract development using Solidity? Are there any best practices or patterns in smart contract development with Solidity? How can the identified patterns be structured and categorized? Is there a way to measure pattern usage in Ethereum smart contracts? Are proposed patterns accepted and implemented by smart contract developers? Identification of Programming Patterns in Solidity © sebis

6 Approach Grounded Theory approach: Papers DApp Portals GitHub Blogs
Developer Chats Code Identification of Programming Patterns in Solidity © sebis

7 14 Identified Patterns in 4 Categories
Guard Check State Machine Oracle Randomness Access Restriction Check Effects Interactions Secure Ether Transfer Pull over Push Emergency Stop Proxy Delegate Eternal Storage String Equality Comparison Tight Variable Packing Memory Array Building Behavioral Modified Gang of Four3 Taxonomy: Intent Motivation Applicability Participants & Collaborations Implementation Sample Code (Gas Analysis) Consequences Known Uses Security Upgradeability Economic 3 Gamma et al.: Design Patterns Elements of Reusable Object-Oriented Software Identification of Programming Patterns in Solidity © sebis

8 Pattern Example – State Machine
Identification of Programming Patterns in Solidity © sebis

9 Investigation of Pattern Usage - Approach
for each block in geth.blockchain transactions[] = block.getTransactions() for each transaction in transactions if transaction.to == null elasticsearch.post(transaction.code, transaction.timestamp) Pseudocode Number of distinct deployed smart contracts on Ethereum Data cleanup Duplicates removed Identification of Programming Patterns in Solidity © sebis

10 Investigation of Ownable contract with Function Identifiers
Problem: Smart contracts are stored in bytecode on the blockchain Bytecode f fdde d ea7b b ddd b872dd146101b ce de eaaf86b a a ba5097f2fde38b da5cb5b e d89b d578063a9059cbb cae9ca b d4ee1d dc39d06d a578063dd62ed3e1461 f fdde d ea7b b ddd b872dd146101b ce de eaaf86b a a ba5097f2fde38b da5cb5b e d89b d578063a9059cbb cae9ca b d4ee1d dc39d06d a578063dd62ed3e1461 Solidity Source Code contract Ownable { .. function transferOwnership(address newOwner) public onlyOwner { require(newOwner != address(0)); emit OwnershipTransferred(owner, newOwner); owner = newOwner; } Function Identifier keccak256(‘‘transferOwnership(address)‘‘) = 0xf2fde38b c661fc723d5289b90272a3e580e3187d1d7ef788506c557 keccak256(‘‘transferOwnership(address)‘‘) = 0xf2fde38b c661fc723d5289b90272a3e580e3187d1d7ef788506c557 Identification of Programming Patterns in Solidity © sebis

11 Usage Results of Ownable Contract
Absolute occurences: Steady increase in implementations Not meaningful on its own Relative frequency: Increasing usage Doubled usage from 10% to over 20% in only two months >20% of contracts Identification of Programming Patterns in Solidity © sebis

12 Pattern Usage Investigation
Conclusion Pattern Catalog Developed a structure to present patterns in the context of smart contracts in Solidity Identified four categories of patterns Identified 14 patterns and assigned them to their respective category Pattern Usage Investigation Developed a method to investigate pattern usage on contract byte code with the help of function identifiers Ownable is used in >20% of distinct deployed smart contracts Smart contract developers are in principle willing to use patterns presented to them Identification of Programming Patterns in Solidity © sebis

13 Franz Volland 17135

14 Evaluation of Patterns in 4 Parts
Literature Testing Community Experts Patterns already validated by original author and peer review Static testing: code review and with the online compiler Remix Dynamic testing: Ropsten test net Patterns were made public and members of developer communities were asked for feedback Little success Shepherding by a blockchain expert Iterative process to improve pattern and eliminate errors Identification of Programming Patterns in Solidity © sebis

15 Usage Results of Oraclize Contract
Absolute occurences: Peaks in the beginning and end of oberservation period Not meaningful on its own Relative frequency: High usage in the beginning  internal testing Usage reaches steady level at little under 1% Identification of Programming Patterns in Solidity © sebis

16 Additional Attacks and Blunders
Identification of Programming Patterns in Solidity © sebis

17 Patterns included in Solidity Documentation
Identification of Programming Patterns in Solidity © sebis

18 Programming Language Comparison
Feature Java Solidity Haskell Programming Paradigm Object-oriented Contract-oriented Functional Concurrency? Multi-threading Serial execution Polymorphism? Through overloading Through interfaces Parametric & Ad-hoc Static/Dynamic Typing? Statically-typed Strong/Weak Typing? Strong Higher-order Functions? With Lambda expressions (Java8) Not supported Supported Inheritance? Interfaces? Type classes, similar Type inference? Loops? Switches? Via Case-expression If-Else? Identification of Programming Patterns in Solidity © sebis

Download ppt "Final Presentation Master’s Thesis: Identification of Programming Patterns in Solidity Franz Volland, 04th June 2018, Scientific advisor: Ulrich Gallersdörfer."

Similar presentations

Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.

Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.
George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.

George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.
Design Patterns Part IV (TIC++V2:C10) Yingcai Xiao 10/01/08.

Design Patterns Part IV (TIC++V2:C10) Yingcai Xiao 10/01/08.
Proxy Design Pattern Source: Design Patterns – Elements of Reusable Object- Oriented Software; Gamma, et. al.

Proxy Design Pattern Source: Design Patterns – Elements of Reusable Object- Oriented Software; Gamma, et. al.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.

Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
Design Patterns Trends and Case Study John Hurst June 2005.

Design Patterns Trends and Case Study John Hurst June 2005.
M1G413283 Introduction to Programming 2 4. Enhancing a class:Room.

M1G Introduction to Programming 2 4. Enhancing a class:Room.
January 12, 2009 1 Introduction to Design Patterns Tim Burke References: –Gamma, Erich, et. al. (AKA, The Gang of Four). Design Patterns: Elements of Reusable.

January 12, Introduction to Design Patterns Tim Burke References: –Gamma, Erich, et. al. (AKA, The Gang of Four). Design Patterns: Elements of Reusable.
Netprog: Java Intro1 Crash Course in Java. Netprog: Java Intro2 Why Java? Network Programming in Java is very different than in C/C++ –much more language.

Netprog: Java Intro1 Crash Course in Java. Netprog: Java Intro2 Why Java? Network Programming in Java is very different than in C/C++ –much more language.
C# EMILEE KING. HISTORY OF C# In the late 1990’s Microsoft recognized the need to be able to develop applications that can run on multiple operating system.

C# EMILEE KING. HISTORY OF C# In the late 1990’s Microsoft recognized the need to be able to develop applications that can run on multiple operating system.
CSE 432: Design Patterns Introduction What’s a Pattern? What’s an Idiom? According to Alexander, a pattern: –Describes a recurring problem –Describes the.

CSE 432: Design Patterns Introduction What’s a Pattern? What’s an Idiom? According to Alexander, a pattern: –Describes a recurring problem –Describes the.
Java Basics 9-5-2002. Opening Discussion zWhat did we talk about last class? zWhat are the basic constructs in the programming languages you are familiar.

Java Basics Opening Discussion zWhat did we talk about last class? zWhat are the basic constructs in the programming languages you are familiar.
Class Relationships Lecture Oo08 Polymorphism. References n Booch, et al, The Unified Modeling Language User Guide, Chapt 10 p.125 n Fowler & Scott, UML.

Class Relationships Lecture Oo08 Polymorphism. References n Booch, et al, The Unified Modeling Language User Guide, Chapt 10 p.125 n Fowler & Scott, UML.
Maninda Edirisooriya. Introduction Extension for Google Chrome. Privacy protection system for online chat. Encrypts chat text using 128 bit AES. Decrypts.

Maninda Edirisooriya. Introduction Extension for Google Chrome. Privacy protection system for online chat. Encrypts chat text using 128 bit AES. Decrypts.
11 Making Decisions in a Program Session 2.3. Session Overview  Introduce the idea of an algorithm  Show how a program can make logical decisions based.

11 Making Decisions in a Program Session 2.3. Session Overview  Introduce the idea of an algorithm  Show how a program can make logical decisions based.
Fundamental of Java Programming (630002) Unit – 1 Introduction to Java.

Fundamental of Java Programming (630002) Unit – 1 Introduction to Java.
Memory Management.

Memory Management.
The Post Windows Operating System

The Post Windows Operating System
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Design Patterns: MORE Examples

Design Patterns: MORE Examples

Similar presentations

Ads by Google