Page 1
Chair of Software Engineering for Business Information Systems (sebis)
Faculty of InformaticsTechnische Universität Münchenwwwmatthes.in.tum.de
Kickoff Presentation Master’s Thesis:
Identification of Programming Patterns in SolidityFranz Volland, 29th January 2018, Scientific advisor: Ulrich Gallersdörfer
Page 2
Agenda
© sebis29.01.2018 Identif ication of Programming Patterns in Solidity 2
From Blockchain to Solidity – A Short Introduction
Motivation
Research Questions
Approach & Methods
Possible Pattern Categories
Thesis Plan
1
2
3
4
5
6
Page 3
From Blockchain to Solidity - A Short Introduction
© sebis29.01.2018 Identif ication of Programming Patterns in Solidity 3
BLOCK 12345
BLOCK 12346
TIME: 13577821
PREV. HASH: 98A3B821A7
<TRANSACTIONS>
BLOCK 12347BLOCK 12344 BLOCK 12348
A B : 2Ƀ
A C : 0.2Ƀ
B –> C : 1Ƀ
A B : 2Ξ
A Code
B Code.do()
Solidity:
• Smart contract
programming
language
• Similar to JavaScript
• Announced 2014
Page 4
Motivation – Why we need Patterns for Solidity
© sebis29.01.2018 Identif ication of Programming Patterns in Solidity 4
Major Hacks:
• The DAO: 3.6M Ξ (~3.6 billion $)
• Parity Multisignature Wallet 2x 150k + 514k Ξ (~0.66 billion $)
“We are in Cryptoland. […] It‘s like Australia
where anything with a heartbeat will try to kill you.“- Martin Swende (Ethereum Foundation)
• A lot of attackers • High stakes
• Language is new for everyone • Non trivial to understand
• Easy to mess up • No chance to easily fix mistakes
Solidity Patterns useful for:
Developers AND Users
Current Problems:
Page 5
Motivation – Example Exploit: Reentrancy
© sebis29.01.2018 Identif ication of Programming Patterns in Solidity 5
Total Balance: 1000Ξ
userBalances[User]: 100Ξ
withdrawBalance
User Contract
100Ξ
withdrawBalance
100Ξ
withdrawBalance
100Ξ
…
Evil Contract Contract
+100Ξ Total Balance: 900Ξ
userBalances[User]: 0Ξ+1000Ξ Total Balance: 0Ξ
userBalances[User]: 100Ξ
Page 6
Research Questions
© sebis29.01.2018 Identif ication of Programming Patterns in Solidity 6
What is the current state of software engineering in Solidity?
What is the process of designing and implementing smart contracts on the Ethereum blockchain?
What are current challenges in smart contract development using Solidity?
Are there any best practices or patterns in smart contract development and how can they be categorized?
Page 7
Approach & Methods
© sebis29.01.2018 Identif ication of Programming Patterns in Solidity 7
Research on:
• Papers
• DApp Portals
• ICO Portals
• GitHub
• Blogs
• Code
Modified Gang of Four1Taxonomy:
1. Intent
2. Also Known As
3. Motivation
4. Applicability
5. Structure
6. Participants
7. Collaboration
8. Consequences
9. Implementation
10. Sample Code
11. Known Uses
12. Related Patterns
1 Gamma et al.: Design Patterns: Elements of Reusable Object-Oriented Software
Page 8
Possible Pattern Categories
© sebis29.01.2018 Identif ication of Programming Patterns in Solidity 8
• Access Restriction
• Pull over Push
• Checks-Effects-
Interaction
• Secure Transfer
Security
• Upgrading Contracts
• Functionality into
Libraries
Maintainability
• Voting
• Randomness
• Crowdfunding
• Oracle
• Function Scheduling• Auction
• Bounty
Utility
• State Machine
• String Compare
• Pause
• Assertion
• Suiciding
Administration
• Packing Structs
• Memory Array Building
Economic
Page 9
Thesis Plan
© sebis29.01.2018 Identif ication of Programming Patterns in Solidity 9
December January February March April May
Literature /
Research
Concept Creation
Evaluation
Writing
Information
Assembly
June
Registration Date Kickoff Presentation
Page 10
Technische Universität MünchenFaculty of Informatics
Chair of Software Engineering for Business
Information Systems
Boltzmannstraße 385748 Garching bei München
Tel +49.89.289.
wwwmatthes.in.tum.de
Franz Volland
17135
[email protected]
Page 11
Patterns included in Solidity Documentation
© sebis29.01.2018 Identif ication of Programming Patterns in Solidity 11
Page 12
Additional Attacks and Blunders
© sebis29.01.2018 Identif ication of Programming Patterns in Solidity 12
Page 13
Programming Language Comparison
Feature Java Solidity Haskell
Programming Paradigm Object-oriented Contract-oriented Functional
Concurrency? Multi-threading Serial execution Multi-threading
Polymorphism? Through overloading Through interfaces Parametric & Ad-hoc
Static/Dynamic Typing? Statically-typed Statically-typed Statically-typed
Strong/Weak Typing? Strong Strong Strong
Higher-order Functions? With Lambda expressions (Java8) Not supported Supported
Inheritance? Supported Supported Not supported
Interfaces? Supported Supported Type classes, similar
Type inference? With Lambda expressions (Java8) Supported Supported
Loops? Supported Supported Not supported
Switches? Supported Not supported Via Case-expression
If-Else? Supported Supported Supported
© sebis29.01.2018 Identif ication of Programming Patterns in Solidity 13