“Smart Contract Security: A Practitioners’ Perspective”
Z. Wan, X. Xia, D. Lo, J. Chen, X. Luo and X. Yang, “Smart Contract Security: A Practitioners’ Perspective,” 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE) , 2021, pp. 1410-1422, doi: 10.1109/ICSE43902.2021.00127.
Content type tag (summary, discussion)
Security & Auditing
solidity, smart contract auditing, auditing, security, smart contract security, ethereum
Description of why this would be an interesting post
To date, not much research has been done into current best practices of smart contract security auditing across the major firms such as Trail of Bits, Consensys Diligence, and Quantstamp. As for education of aspiring devs, there are CTF exercises like CaptureTheEther and Ethernauts, but these are not up to date on the latest attacks. This paper summarizes qualitative and quantitative analysis of current practices for smart contract security auditing, including “13 interviewees and 156 survey respondents from 35 countries across six continents”. It amalgamates all of their findings in one paper. Summarizing it for SCRF would be a step towards democratizing and demystifying smart contract security auditing practices and taking a temperature of current practitioner’s methods of protecting smart contracts from attacks.
Links to background reading (0 to 3 items)
M. Alharby and A. Van Moorsel, “Blockchain-based smart contracts: A systematic mapping study”, arXiv preprint arXiv:1710.06372 , 2017. (Google Scholar)
H. Assal and S. Chiasson, “Security in the software development lifecycle”, Proceedings of the 14th Symposium on Usable Privacy and Security (SOUPS ’18) , pp. 281-296, 2018.
Ethereum smart contract security best practices, February 2018, [online] Available: https: //consensys.github.io/smart-contract-best-practices.