Research Summary Idea: Smart Contract Security- A Practitioner's Perspective(2021)

Paper / Discussion Title

“Smart Contract Security: A Practitioners’ Perspective”

Z. Wan, X. Xia, D. Lo, J. Chen, X. Luo and X. Yang, “Smart Contract Security: A Practitioners’ Perspective,” 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE) , 2021, pp. 1410-1422, doi: 10.1109/ICSE43902.2021.00127.

  • Link to source
    Smart Contract Security: A Practitioners' Perspective | IEEE Conference Publication | IEEE Xplore

  • Content type tag (summary, discussion)
    Summary

  • Category
    Security & Auditing

  • Proposed tags
    solidity, smart contract auditing, auditing, security, smart contract security, ethereum

  • Description of why this would be an interesting post
    To date, not much research has been done into current best practices of smart contract security auditing across the major firms such as Trail of Bits, Consensys Diligence, and Quantstamp. As for education of aspiring devs, there are CTF exercises like CaptureTheEther and Ethernauts, but these are not up to date on the latest attacks. This paper summarizes qualitative and quantitative analysis of current practices for smart contract security auditing, including “13 interviewees and 156 survey respondents from 35 countries across six continents”. It amalgamates all of their findings in one paper. Summarizing it for SCRF would be a step towards democratizing and demystifying smart contract security auditing practices and taking a temperature of current practitioner’s methods of protecting smart contracts from attacks.

  • Links to background reading (0 to 3 items)
    M. Alharby and A. Van Moorsel, “Blockchain-based smart contracts: A systematic mapping study”, arXiv preprint arXiv:1710.06372 , 2017. (Google Scholar)

H. Assal and S. Chiasson, “Security in the software development lifecycle”, Proceedings of the 14th Symposium on Usable Privacy and Security (SOUPS ’18) , pp. 281-296, 2018.
(Google Scholar)

Ethereum smart contract security best practices, February 2018, [online] Available: https: //consensys.github.io/smart-contract-best-practices.

2 Likes

@maxgrok - Thank you so much for posting this. The SCRF research team has discussed your idea, and we agree it would make an excellent summary. We would like to offer you a summary grant to compensate you for the time it will take to write it. If you send me a DM, I’d be happy to get the process started. For more information about the grants program in general please see: docs/grants_general_contributors.md at main · smartcontractresearchforum/docs · GitHub

1 Like