TY - GEN
T1 - Versioned Analysis of Software Quality Indicators and Self-admitted Technical Debt in Ethereum Smart Contracts with Ethstractor
AU - Hassan, Khalid
AU - Moradi, Saeed
AU - Chowdhury, Shaiful
AU - Rouhani, Sara
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - The rise of decentralized applications (dApps) has made smart contracts imperative components of blockchain technology. As many smart contracts process financial transactions, their security is paramount. Moreover, the immutability of blockchains makes vulnerabilities in smart contracts particularly challenging because it requires deploying a new version of the contract at a different address, incurring substantial fees paid in Ether. This paper proposes Ethstractor, the first smart contract collection tool for gathering a dataset of versioned smart contracts. The collected dataset is then used to evaluate the reliability of code metrics as indicators of vulnerabilities in smart contracts. Our findings indicate that code metrics are ineffective in signalling the presence of vulnerabilities. Furthermore, we investigate whether vulnerabilities in newer versions of smart contracts are mitigated and identify that the number of vulner-abilities remains consistent over time. Finally, we examine the removal of self-admitted technical debt in contracts and uncover that most of the introduced debt has never been subsequently removed.
AB - The rise of decentralized applications (dApps) has made smart contracts imperative components of blockchain technology. As many smart contracts process financial transactions, their security is paramount. Moreover, the immutability of blockchains makes vulnerabilities in smart contracts particularly challenging because it requires deploying a new version of the contract at a different address, incurring substantial fees paid in Ether. This paper proposes Ethstractor, the first smart contract collection tool for gathering a dataset of versioned smart contracts. The collected dataset is then used to evaluate the reliability of code metrics as indicators of vulnerabilities in smart contracts. Our findings indicate that code metrics are ineffective in signalling the presence of vulnerabilities. Furthermore, we investigate whether vulnerabilities in newer versions of smart contracts are mitigated and identify that the number of vulner-abilities remains consistent over time. Finally, we examine the removal of self-admitted technical debt in contracts and uncover that most of the introduced debt has never been subsequently removed.
KW - blockchain
KW - code metrics
KW - ethereum
KW - maintenance
KW - self-admitted technical debt
KW - smart contracts
KW - versioned smart contracts
UR - https://www.scopus.com/pages/publications/85205567211
U2 - 10.1109/Blockchain62396.2024.00075
DO - 10.1109/Blockchain62396.2024.00075
M3 - Contribution to conference proceedings
AN - SCOPUS:85205567211
T3 - Proceedings - 2024 IEEE International Conference on Blockchain, Blockchain 2024
SP - 512
EP - 519
BT - Proceedings - 2024 IEEE International Conference on Blockchain, Blockchain 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 7th IEEE International Conference on Blockchain, Blockchain 2024
Y2 - 19 August 2024 through 22 August 2024
ER -