Blockchains like Bitcoin have become mainstream over the last years and are featured in newspapers and prime time television. With the rise of one of these blockchains, Ethereum, smart contracts are receiving increased attention in business applications and research communities. These immutable pieces of code, living on the blockchain, allow parties to manifest contract terms in the form of program code, without having to trust each other, or the need for a trusted third party. Smart contracts are defined with the help of the programming language Solidity, a smart contract oriented language developed specifically for Ethereum. However, the peculiarities and missing experience with this new language have already lead to the loss of a substantial amount of funds, due to attacks and bugs.
We identify programming patterns for the smart contract programing language Solidity and condense them into a structured catalog that can help beginners, as well as experienced developers, write better and more secure smart contracts. Additionally, research on the usage of already existing best practices is conducted, in order to gain insight over usage patterns and the usefulness of works like this. For this task we present a method that allows the efficient investigation of pattern usage on smart contract byte code, with the help of function identifiers.
This thesis provides an overview over the blockchain technology and smart contracts, presents their problems and risks, and explains how programing patterns can be helpful to mitigate common pitfalls. We give an analysis of related work that has already been published on this topic. The main component of this thesis is a catalog of 14 patterns divided into four categories. Each of these patterns is described in great detail, including their forces, their solutions and a code example. We further describe the evaluation process to validate the patterns. Afterwards we investigate the usage of already existing patterns on the example of the Ownable contract by OpenZeppelin and the Oraclize service. It is shown that currently over 20% of new smart contracts are “ownable” and a little less than 1% use Oraclize as a data provider, which suggests that the smart contract community is willing to accept prefabricated solutions and best practices.
|Name||Type||Size||Last Modification||Last Editor|
|Volland_Final_040618.pdf||1,70 MB||03.06.2018 Versions|
|Volland_Final_040618.pptx||1,90 MB||03.06.2018 Versions|