nach oben

Empirical Software Engineering

Erschienen in:

09.09.2020

Code cloning in smart contracts: a case study on verified contracts from the Ethereum blockchain platform

verfasst von: Masanari Kondo, Gustavo A. Oliva, Zhen Ming (Jack) Jiang, Ahmed E. Hassan, Osamu Mizuno

Erschienen in: Empirical Software Engineering | Ausgabe 6/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Ethereum is a blockchain platform that hosts and executes smart contracts. Smart contracts have been used to implement cryptocurrencies and crowdfunding initiatives (ICOs). A major concern in Ethereum is the security of smart contracts. Different from traditional software development, smart contracts are immutable once deployed. Hence, vulnerabilities and bugs in smart contracts can lead to catastrophic financial loses. In order to avoid taking the risk of writing buggy code, smart contract developers are encouraged to reuse pieces of code from reputable sources (e.g., OpenZeppelin). In this paper, we study code cloning in Ethereum. Our goal is to quantify the amount of clones in Ethereum (RQ1), understand key characteristics of clone clusters (RQ2), and determine whether smart contracts contain pieces of code that are identical to those published by OpenZeppelin (RQ3). We applied Deckard, a tree-based clone detector, to all Ethereum contracts for which the source code was available. We observe that developers frequently clone contracts. In particular, 79.2% of the studied contracts are clones and we note an upward trend in the number of cloned contracts per quarter. With regards to the characteristics of clone clusters, we observe that: (i) 9 out of the top-10 largest clone clusters are token managers, (ii) most of the activity of a cluster tends to be concentrated on a few contracts, and (iii) contracts in a cluster to be created by several authors. Finally, we note that the studied contracts have different ratios of code blocks that are identical to those provided by the OpenZeppelin project. Due to the immutability of smart contracts, as well as the impossibility of reverting transactions once they are deemed final, we conclude that the aforementioned findings yield implications to the security, development, and usage of smart contracts.

Vorheriger Artikel Publish or perish, but do not forget your software artifacts

Nächster Artikel BarrierFinder: recognizing ad hoc barriers

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

https://libra.org

https://github.com/SAILResearch/suppmaterial-18-masanari-smart_contract_cloning

https://etherscan.io

https://github.com/OpenZeppelin/openzeppelin-solidity

https://etherscan.io/contractsVerified

https://github.com/federicobond/solidity-parser-antlr

https://github.com/skyhover/Deckard

https://github.com/solidityj/solidity-antlr4

https://www.cryptokitties.co

https://github.com/ConsenSys/Tokens

https://github.com/ConsenSys/Tokens/blob/master/contracts/eip20/EIP20.sol

https://github.com/OpenZeppelin/openzeppelin-contracts/issues/1716

https://github.com/OpenZeppelin/openzeppelin-contracts/issues/2006

https://semver.org

https://docs.openzeppelin.com/contracts/2.x/api-stability

https://maven.apache.org

https://www.npmjs.com

http://ethpm.com

https://eos.io

https://poa.network/

https://github.com/melonproject/oyente

A pyramid scheme contract: https://etherscan.io/address/0x09f55c2d116a5833d41ba9208216d11a7cdba4b3#code

https://www.youtube.com/channel/UCpEUyenjL908MFMCO-J_yhw

https://securify.ch

Market capitalization is the multiplication of a company’s shares by its current stock price. In the virtual coin world, a company’s share corresponds to the total value of its coin supply. As of January 07th 2020, Ethereum has a total ether supply of 109,174,249, with a market price of 143.55 USD per ether, yielding a market capitalization of 15.67 billion dollars.

https://en.wikipedia.org/wiki/Initial_public_offering

https://www.mycryptoheroes.net

https://idex.market

Example of a transaction that created a smart contract: https://etherscan.io/tx/0xebcbe706f9959c8b98a72bcd42fed545d3cf60fe3fa801186d5fef2249dac91a

There are tools to help developers flatten Solidity code. An example is truffle-flattener, available at https://www.npmjs.com/package/truffle-flattener.

https://idex.market

Baker BS (1992) A program for identifying duplicated code Computer Science and Statistics: Proceedings of the 24th Symposium on the Interface, vol 24, pp 49–57

Bartoletti M, Carta S, Cimoli T, Saia R (2017) Dissecting ponzi schemes on Ethereum: identification, analysis, and impact, vol abs/1703.03779. arXiv:1703.03779

Bellon S, Koschke R, Antoniol G, Krinke J, Merlo E (2007) Comparison and evaluation of clone detection tools. IEEE Trans. Softw. Eng. 33(9):577–591. https://doi.org/10.1109/TSE.2007.70725CrossRef

Bettenburg N, Shang W, Ibrahim WM, Adams B, Zou Y, Hassan AE (2012) An empirical study on inconsistent changes to code clones at the release level. Sci. Comput. Program. 77(6):760–776. https://doi.org/10.1016/j.scico.2010.11.010CrossRef

Bojanowski P, Grave E, Joulin A, Mikolov T (2017) Enriching word vectors with subword information. Transactions of the Association for Computational Linguistics 5:135–146CrossRef

Ceriani L, Verme P (2012) The origins of the gini index: extracts from variabilità e mutabilità (1912) by corrado gini. J Econ Inequal 10(3):421–443. https://doi.org/10.1007/s10888-011-9188-xCrossRef

Chen W, Zheng Z, Cui J, Ngai E, Zheng P, Zhou Y (2018) Detecting ponzi schemes on Ethereum: Towards healthier blockchain technology. In: Proceedings of the 2018 World Wide Web Conference WWW ’18. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland, pp 1409–1418, https://doi.org/10.1145/3178876.3186046, (to appear in print)

Cordy JR, Roy CK (2011) The nicad clone detector. In: Proceedings of the 2011 IEEE 19th International Conference on Program Comprehension, IEEE Computer Society ICPC, USA, pp 219–220, https://doi.org/10.1109/ICPC.2011.26, (to appear in print)

di Angelo M, Salzer G (2019) A survey of tools for analyzing Ethereum smart contracts. In: 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON), pp 69–78

Dijkstra EW (1982) On the role of scientific thought. Springer, New York, NY, pp 60–66. https://doi.org/10.1007/978-1-4612-5695-3_12

Economist T (2018) Blockchain technology may offer a way to re-decentralise the internet, The Economist Group Limited. [Online; accessed 10-August-2018]

Fröwis M, Böhme R (2017) In code we trust?. In: Data Privacy Management, Cryptocurrencies and Blockchain Technology Garcia-Alfaro, J Navarro-Arribas, G Hartenstein, H Herrera-Joancomartí, J. Springer International Publishing, Cham, pp 357–372

Gamma E, Helm R, Johnson R, Vlissides J (1995) Design patterns: Elements of reusable object-oriented software. Addison-Wesley Reading, Boston, MA, USAMATH

Gao Z, Jayasundara V, Jiang L, Xia X, Lo D, Grundy J (2019) Smartembed: A tool for clone and bug detection in smart contracts through structural code embedding. In: Proceedings of the 35th International Conference on Software Maintenance and Evolution. ICSME ’19

Göde N, Koschke R (2009) Incremental clone detection. In: Proceedings of the 2009 European Conference on Software Maintenance and Reengineering. CSMR’09. IEEE Computer Society, USA, pp 219–228, https://doi.org/10.1109/CSMR.2009.20, (to appear in print)

Grishchenko I, Maffei M, Schneidewind C (2018) Foundations and tools for the static analysis of Ethereum smart contracts. In: Computer Aided Verification Chockler, H Weissenbacher, G Springer International Publishing Cham, pp 51–78

Hassan AE (2009) Predicting faults using the complexity of code changes. In: Proceedings of the 31st International Conference on Software Engineering. ICSE ’09. IEEE Computer Society, Washington, DC, USA, pp 78–88, https://doi.org/10.1109/ICSE.2009.5070510, (to appear in print)

Hindle A, Barr ET, Su Z, Gabel M, Devanbu P (2012) On the naturalness of software. In: Proceedings of the 34th International Conference on Software Engineering. ICSE ’12. IEEE Press, Piscataway, NJ, USA, pp 837–847, http://dl.acm.org/citation.cfm?id=2337223.2337322, (to appear in print)

Horwitz J, Huang Z (2018) “CryptoKitties” clones are already popping up in China. [Online; accessed 02-December-2019]

Jakobsson M, Juels A (1999) Proofs of work and bread pudding protocols Proceedings of the IFIP TC6/TC11 Joint Working Conference on Secure Information Networks: Communications and Multimedia Security. CMS ’99. http://dl.acm.org/citation.cfm?id=647800.757199. Kluwer, B.V., Deventer, The Netherlands, The Netherlands, pp 258–272

Jiang L, Misherghi G, Su Z, Glondu S (2007a) Deckard: Scalable and accurate tree-based detection of code clones. In: Proceedings of the 29th International Conference on Software Engineering. ICSE ’07. IEEE Computer Society, Washington, DC, USA, pp 96–105, https://doi.org/10.1109/ICSE.2007.30, (to appear in print)

Jiang L, Su Z, Chiu E (2007b) Context-based detection of clone-related bugs. In: Proceedings of the the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on The Foundations of Software Engineering. ESEC-FSE ’07. ACM, New York, NY, USA, pp 55–64, https://doi.org/10.1145/1287624.1287634, (to appear in print)

Juergens E, Deissenboeck F, Hummel B, Wagner S (2009) Do code clones matter?. In: Proceedings of the 31st International Conference on Software Engineering. ICSE ’09. IEEE Computer Society, Washington, DC, USA, pp 485–495, https://doi.org/10.1109/ICSE.2009.5070547, (to appear in print)

Kalra S, Goel S, Dhawan M, Sharma S (2018) ZEUS: analyzing safety of smart contracts. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, February 18-21, 2018. NDSS ’18. The Internet Society

Kaminska I (2017) It’s not just a Ponzi, it’s a ‘smart’ Ponzi. [Online; accessed 26-August-2018]

Kamiya T, Kusumoto S, Inoue K (July 2002) Ccfinder: A multilinguistic token-based code clone detection system for large scale source code. IEEE Trans. Softw. Eng. 28(7):654–670. https://doi.org/10.1109/TSE.2002.1019480CrossRef

Kapser CJ, Godfrey MW (2008) “cloning considered harmful” considered harmful: patterns of cloning in software. Empir Softw Eng 13(6):645. https://doi.org/10.1007/s10664-008-9076-6CrossRef

Kim M, Sazawal V, Notkin D, Murphy G (2005) An empirical study of code clone genealogies. In: Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering. ESEC/FSE-13. ACM, New York, NY, USA, pp 187–196, https://doi.org/10.1145/1081706.1081737, (to appear in print)

Koschke R Mens T, Demeyer S (eds) (2008) Identifying and removing software clones, 1st edn. Springer

Liu H, Yang Z, Jiang Y, Zhao W, Sun J (2019) Enabling clone detection for Ethereum via smart contract birthmarks. In: Proceedings of the 27th International Conference on Program Comprehension. ICPC ’19. IEEE Press, Piscataway, NJ, USA, pp 105–115, https://doi.org/10.1109/ICPC.2019.00024, (to appear in print)

Liu H, Yang Z, Liu C, Jiang Y, Zhao W, Sun J (2018) Eclone: Detect semantic clones in Ethereum via symbolic transaction sketch. In: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. ESEC/FSE 2018. ACM, New York, NY, USA, pp 900–903, https://doi.org/10.1145/3236024.3264596, (to appear in print)

Lopes CV, Maj P, Martins P, Saini V, Yang D, Zitny J, Sajnani H, Vitek J (October 2017) Déjàvu: A map of code duplicates on github. Proc. ACM Program. Lang. 1(OOPSLA):84:1–84:28. https://doi.org/10.1145/3133908CrossRef

Luu L, Chu D-H, Olickel H, Saxena P, Hobor A (2016) Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. CCS ’16. ACM, New York, NY, USA, pp 254–269, https://doi.org/10.1145/2976749.2978309, (to appear in print)

Mockus A (2007) Large-scale code reuse in open source software. In: Proceedings of the First International Workshop on Emerging Trends in FLOSS Research and Development. FLOSS ’07. IEEE Computer Society, Washington, DC, USA, pp 7–, https://doi.org/10.1109/FLOSS.2007.10, (to appear in print)

Popper N (2017) Understanding Ethereum, Bitcoin’s Virtual Cousin, The New York Times. [Online; accessed 10-August-2018]

Romano J, Kromrey JD, Coraggio J, Skowronek J (2006) Appropriate statistics for ordinal level data: Should we really be using t-test and Cohen’sd for evaluating group differences on the NSSE and other surveys?. In: Annual meeting of the Florida Association of Institutional Research, pp 1–3

Roos P (2015) Fast and precise statistical code completion. In: Proceedings of the 37th International Conference on Software Engineering - Volume 2. ICSE ’15. http://dl.acm.org/citation.cfm?id=2819009.2819158. IEEE Press, Piscataway, NJ, USA, pp 757–759

Roy CK, Cordy JR, Koschke R (May 2009) Comparison and evaluation of code clone detection techniques and tools: A qualitative approach. Sci. Comput. Program. 74(7):470–495. https://doi.org/10.1016/j.scico.2009.02.007MathSciNetCrossRefMATH

Roy CK, Cordy JR (2007) A survey on software clone detection research Technical Report, School of Computing - Queen’s University

Sajnani H, Saini V, Svajlenko J, Roy CK, Lopes CV (2016) Sourcerercc: Scaling code clone detection to big-code. In: Proceedings of the 38th International Conference on Software Engineering. ICSE ’16. Association for Computing Machinery, New York, NY, USA, pp 1157–1168, https://doi.org/10.1145/2884781.2884877, (to appear in print)

Shannon CE, Weaver W (1963) A mathematical theory of communication. University of Illinois Press, Champaign, IL, USAMATH

Sheneamer A, Kalita J (2016) A survey of software clone detection techniques. International Journal of Computer Applications 137(10):1–21. Published by Foundation of Computer Science (FCS), NY, USACrossRef

Skvorc B (2018) 15 Alternatives to CryptoKitties You Had No Idea Existed. [Online; accessed 02-December-2019]

Swan M (2015) Blockchain: Blueprint for a new economy 1 O’Reilly Media, Inc.

Szabo N (1994) Smart Contracts. [Online; accessed 26-August-2018]

Tikhomirov S, Voskresenskaya E, Ivanitskiy I, Takhaviev R, Marchenko E, Alexandrov Y (2018) Smartcheck: Static analysis of Ethereum smart contracts. In: Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. WETSEB ’18. ACM, New York, NY, USA, pp 9–16, https://doi.org/10.1145/3194113.3194115, (to appear in print)

Ukkonen E (1992) Approximate string-matching with q-grams and maximal matches. Theor Comput Sci 92(1):191–211. http://www.sciencedirect.com/science/article/pii/0304397592901434MathSciNetCrossRef

Wahler V, Seipel D, Gudenberg JW, Fischer G (2004) Clone detection in source code by frequent itemset techniques. In: Proceedings of the Source Code Analysis and Manipulation, Fourth IEEE International Workshop. SCAM ’04. IEEE Computer Society, Washington, DC, USA, pp 128–135, https://doi.org/10.1109/SCAM.2004.5, (to appear in print)

Wood G (2017) Ethereum: A Secure Decentralised Generalised Transaction Ledger - EIP-150 Revision. [Online; accessed 10-August-2018]

Zheng P, Zheng Z, Luo X, Chen X, Liu X (2018) A detailed and real-time performance monitoring framework for blockchain systems. In: Proceedings of the 40th International Conference on Software Engineering: Software Engineering in Practice. ICSE-SEIP ’18. ACM, New York, NY, USA, pp 134–143, https://doi.org/10.1145/3183519.3183546, (to appear in print)

Titel: Code cloning in smart contracts: a case study on verified contracts from the Ethereum blockchain platform
verfasst von: Masanari Kondo
Gustavo A. Oliva
Zhen Ming (Jack) Jiang
Ahmed E. Hassan
Osamu Mizuno
Publikationsdatum: 09.09.2020
Verlag: Springer US
Erschienen in: Empirical Software Engineering / Ausgabe 6/2020
Print ISSN: 1382-3256
Elektronische ISSN: 1573-7616
DOI: https://doi.org/10.1007/s10664-020-09852-5

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 6/2020

On the need of preserving order of data when validating within-project defect classifiers

Preface to the empirical software engineering special issue on selected papers from RE’19

Pandemic programming

CROKAGE: effective solution recommendation for programming tasks by leveraging crowd knowledge

Correction to: On the need of preserving order of data when validating within-project defect classifiers

Correction to: Software engineering whispers: The effect of textual vs. graphical software design descriptions on software design communication

Premium Partner