Maintenance-related concerns for post-deployed Ethereum smart contract development: issues, techniques, and future challenges

Software development is a very broad activity that captures the entire life cycle of a software, which includes designing, programming, maintenance and so on. In this study, we focus on the maintenance-related concerns of the post-deployment of smart contracts. Smart contracts are selfexecuted programs that run on a blockchain. They cannot be modified once deployed and hence they bring unique maintenance challenges compared to conventional software. According to the definition of ISO/IEC 14764, there are four kinds of software maintenance, i.e., corrective, adaptive, perfective, and preventive maintenance. This study aims to answer (i) What kinds of issues will smart contract developers encounter for corrective, adaptive, perfective, and preventive maintenance after they are deployed to the Ethereum? (ii) What are the current maintenance-related methods used for smart contracts? To obtain the answers to these research questions, we first conducted a systematic literature review to analyze 131 smart contract related research Xin Xia is the corresponding author. Jiachi Chen Faculty of Information Technology, Monash University, Australia E-mail: jiachi.chen@Monash.edu Xin Xia Faculty of Information Technology, Monash University, Australia E-mail: xin.xia@monash.edu David Lo School of Information Systems, Singapore Management University, Singapore E-mail: davidlo@smu.edu.sg John Grundy Faculty of Information Technology, Monash University, Australia E-mail: John.Grundy@monash.edu Xiaohu Yang College of Computer Science and Technology, Zhejiang University, China E-mail: yangxh@zju.edu.cn 1 ar X iv :2 00 7. 00 28 6v 2 [ cs .S E ] 1 7 A ug 2 02 1 papers published from 2014 to 2020. Since the Ethereum ecosystem is fastgrowing, some results from previous publications might be out-of-date and there may be a gap between academia and industry. To address this, we performed an online survey of smart contract developers on Github to validate our findings and received 165 useful responses. Based on the survey feedback and literature review, we present the first empirical study on smart contract maintenance-related concerns. Our study can help smart contract developers better maintain their smart contract-based projects, and we highlight some key future research directions to improve the Ethereum ecosystem.

[1]  Jiachi Chen,et al.  Defining Smart Contract Defects on Ethereum , 2019 .

[2]  Gail C. Murphy,et al.  How does Machine Learning Change Software Development Practices? , 2021, IEEE Transactions on Software Engineering.

[3]  Walid Maalej,et al.  Bug report, feature request, or simply praise? On automatically classifying app reviews , 2015, 2015 IEEE 23rd International Requirements Engineering Conference (RE).

[4]  Gerardo Canfora,et al.  Android apps and user feedback: a dataset for software evolution and quality improvement , 2017, WAMA@ESEC/SIGSOFT FSE.

[5]  Yang Liu,et al.  VULTRON: Catching Vulnerable Smart Contracts Once and for All , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER).

[6]  Pradeep K. Tyagi The effects of appeals, anonymity, and feedback on mail survey response patterns from salespeople , 1989 .

[7]  Prateek Saxena,et al.  Finding The Greedy, Prodigal, and Suicidal Contracts at Scale , 2018, ACSAC.

[8]  Zibin Zheng,et al.  IoT Service Based on JointCloud Blockchain: The Case Study of Smart Traveling , 2018, 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE).

[9]  Yannis Smaragdakis,et al.  MadMax: surviving out-of-gas conditions in Ethereum smart contracts , 2018, Proc. ACM Program. Lang..

[10]  David Lo,et al.  Automating Change-Level Self-Admitted Technical Debt Determination , 2019, IEEE Transactions on Software Engineering.

[11]  Hong-Ning Dai,et al.  An Overview on Smart Contracts: Challenges, Advances and Platforms , 2019, Future Gener. Comput. Syst..

[12]  Xiapu Luo,et al.  Where2Change: Change request localization for app reviews , 2020 .

[13]  Bilişim Abstract Syntax Tree , 2010 .

[14]  Gernot Salzer,et al.  Mayflies, Breeders, and Busy Bees in Ethereum: Smart Contracts Over Time , 2019, Proceedings of the Third ACM Workshop on Blockchains, Cryptocurrencies and Contracts - BCC '19.

[15]  Yew-Soon Ong,et al.  Towards Safer Smart Contracts: A Sequence Learning Approach to Detecting Security Threats. , 2018 .

[16]  Alex Groce,et al.  Manticore: A User-Friendly Symbolic Execution Framework for Binaries and Smart Contracts , 2019, 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[17]  William J. Knottenbelt,et al.  Towards Safer Smart Contracts: A Survey of Languages and Verification Methods , 2018, ArXiv.

[18]  Emilio Tuosto,et al.  Validation of Decentralised Smart Contracts Through Game Theory and Formal Methods , 2015, Programming Languages with Applications to Biology and Security.

[19]  Pradeep K. Tyagi The effects of appeals, anonymity, and feedback on mail survey response patterns from salespeople , 1989 .

[20]  Bo Gao,et al.  sCompile: Critical Path Identification and Analysis for Smart Contracts , 2018, ICFEM.

[21]  Mika Mäntylä,et al.  Comparing and experimenting machine learning techniques for code smell detection , 2015, Empirical Software Engineering.

[22]  Xin Xia,et al.  Why Do Smart Contracts Self-Destruct? Investigating the Selfdestruct Function on Ethereum , 2020, ACM Trans. Softw. Eng. Methodol..

[23]  Ali Dehghantanha,et al.  Smart Contract Programming Languages on Blockchains: An Empirical Evaluation of Usability and Security , 2018, ICBC.

[24]  Gordon J. Pace,et al.  Contracts over Smart Contracts: Recovering from Violations Dynamically , 2018, ISoLA.

[25]  Chao Liu,et al.  S-gram: Towards Semantic-Aware Security Auditing for Ethereum Smart Contracts , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[26]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[27]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[28]  Dave Towey,et al.  A Survey on Adaptive Random Testing , 2019, IEEE Transactions on Software Engineering.

[29]  Marko Vukolić,et al.  Rethinking Permissioned Blockchains , 2017 .

[30]  Rolf Drechsler,et al.  Advanced Formal Verification , 2004 .

[31]  Sergei Tikhomirov,et al.  SmartCheck: Static Analysis of Ethereum Smart Contracts , 2018, 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).

[32]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[33]  Massimo Di Pierro,et al.  What Is the Blockchain? , 2017, Computing in Science & Engineering.

[34]  Prateek Saxena,et al.  Exploiting the laws of order in smart contracts , 2018, ISSTA.

[35]  Thomas M. Pigoski Practical Software Maintenance: Best Practices for Managing Your Software Investment , 1996 .

[36]  Sidney Amani,et al.  Towards verifying ethereum smart contract bytecode in Isabelle/HOL , 2018, CPP.

[37]  Robert Norvill,et al.  ÆGIS: Smart Shielding of Smart Contracts , 2019, CCS.

[38]  Petar Tsankov,et al.  Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.

[39]  Barry W. Boehm,et al.  Software Defect Reduction Top 10 List , 2001, Computer.

[40]  Gordon J. Pace,et al.  Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond , 2018, RV.

[41]  Martin Pinzger,et al.  Method-level bug prediction , 2012, Proceedings of the 2012 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement.

[42]  Jun Sun,et al.  sFuzz: An Efficient Adaptive Fuzzer for Solidity Smart Contracts , 2020, 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE).

[43]  Bhabendu Kumar Mohanta,et al.  An Overview of Smart Contract and Use Cases in Blockchain Technology , 2018, 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT).

[44]  Ali Dehghantanha,et al.  Empirical Vulnerability Analysis of Automated Smart Contracts Security Testing on Blockchains , 2018, CASCON.

[45]  TonTon Hsien-De Huang,et al.  Hunting the Ethereum Smart Contract: Color-inspired Inspection of Potential Attacks , 2018, ArXiv.

[46]  Xiapu Luo,et al.  Towards Saving Money in Using Smart Contracts , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering: New Ideas and Emerging Technologies Results (ICSE-NIER).

[47]  Miryung Kim,et al.  The Emerging Role of Data Scientists on Software Development Teams , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[48]  Péter Hegedűs,et al.  Towards Analyzing the Complexity Landscape of Solidity Based Ethereum Smart Contracts , 2018, 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).

[49]  Pierre-Yves Strub,et al.  Dependent types and multi-monadic effects in F* , 2016, POPL.

[50]  Zibin Zheng,et al.  Blockchain challenges and opportunities: a survey , 2018, Int. J. Web Grid Serv..

[51]  Stefano Bistarelli,et al.  Analysis of Ethereum Smart Contracts and Opcodes , 2019, AINA.

[52]  A. T. Tai,et al.  On-board maintenance for long-life systems , 1998, Proceedings. 1998 IEEE Workshop on Application-Specific Software Engineering and Technology. ASSET-98 (Cat. No.98EX183).

[53]  Christian Rossow,et al.  teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts , 2018, USENIX Security Symposium.

[54]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[55]  Haoran Wu,et al.  Mutation Testing for Ethereum Smart Contract , 2019, ArXiv.

[56]  D. Weiss,et al.  The Impact of Anonymity on Responses to Sensitive Questions , 2000 .

[57]  Zhong Chen,et al.  ReGuard: Finding Reentrancy Bugs in Smart Contracts , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion).

[58]  Fan Zhang,et al.  Town Crier: An Authenticated Data Feed for Smart Contracts , 2016, CCS.

[59]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[60]  Mauricio A. Saca Refactoring improving the design of existing code , 2017, 2017 IEEE 37th Central America and Panama Convention (CONCAPAN XXXVII).

[61]  Massimo Bartoletti,et al.  Financial Cryptography and Data Security , 2017, Lecture Notes in Computer Science.

[62]  Barry W. Boehm,et al.  A spiral model of software development and enhancement , 1986, Computer.

[63]  Elaine Shi,et al.  Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab , 2016, Financial Cryptography Workshops.

[64]  Sourav Sengupta,et al.  Towards Safer Smart Contracts: A Sequence Learning Approach to Detecting Vulnerabilities , 2018, ArXiv.

[65]  Vincent Gramoli,et al.  Vandal: A Scalable Security Analysis Framework for Smart Contracts , 2018, ArXiv.

[66]  Richard E. Fairley,et al.  Guide to the Software Engineering Body of Knowledge (SWEBOK(R)): Version 3.0 , 2014 .

[67]  Yannis Smaragdakis,et al.  Gigahorse: Thorough, Declarative Decompilation of Smart Contracts , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).

[68]  Sophia Drossopoulou,et al.  Writing safe smart contracts in Flint , 2018, Programming.

[69]  Péter Hegedüs Towards Analyzing the Complexity Landscape of Solidity Based Ethereum Smart Contracts , 2018, 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB).

[70]  Anindya Iqbal,et al.  Understanding the software development practices of blockchain projects: a survey , 2018, ESEM.

[71]  Shang Gao,et al.  Smart contract applications within blockchain technology: A systematic mapping study , 2018, Telematics Informatics.

[72]  Juan Carlos De Martin,et al.  Blockchain for the Internet of Things: A systematic literature review , 2016, 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA).

[73]  Tobias Nipkow,et al.  Isabelle/HOL , 2002, Lecture Notes in Computer Science.

[74]  Mathis Steichen,et al.  The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts , 2019, USENIX Security Symposium.

[75]  Xiapu Luo,et al.  TokenScope: Automatically Detecting Inconsistent Behaviors of Cryptocurrency Tokens in Ethereum , 2019, CCS.

[76]  Radu State,et al.  Osiris: Hunting for Integer Bugs in Ethereum Smart Contracts , 2018, ACSAC.

[77]  Zibin Zheng,et al.  Detecting Ponzi Schemes on Ethereum: Towards Healthier Blockchain Technology , 2018, WWW.

[78]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[79]  Anindya Iqbal,et al.  Understanding the motivations, challenges and needs of Blockchain software developers: a survey , 2018, Empirical Software Engineering.

[80]  David Lo,et al.  Perceptions, Expectations, and Challenges in Defect Prediction , 2020, IEEE Transactions on Software Engineering.

[81]  Shari Lawrence Pfleeger,et al.  Personal Opinion Surveys , 2008, Guide to Advanced Empirical Software Engineering.

[82]  Xinming Wang,et al.  ContractGuard: Defend Ethereum Smart Contracts with Embedded Intrusion Detection , 2019, IEEE Transactions on Services Computing.

[83]  Lei Wu,et al.  Characterizing Code Clones in the Ethereum Smart Contract Ecosystem , 2019, Financial Cryptography.

[84]  Dmitry Efanov,et al.  The All-Pervasiveness of the Blockchain Technology , 2017, BICA.

[85]  Lingxiao Jiang,et al.  Checking Smart Contracts With Structural Code Embedding , 2020, IEEE Transactions on Software Engineering.

[86]  Tullio Vardanega,et al.  The Scalability Challenge of Ethereum: An Initial Quantitative Analysis , 2019, 2019 IEEE International Conference on Service-Oriented System Engineering (SOSE).

[87]  Jason Teutsch,et al.  Smart Contracts Make Bitcoin Mining Pools Vulnerable , 2017, Financial Cryptography Workshops.

[88]  Ghassan O. Karame,et al.  Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks , 2018, NDSS.

[89]  Jun Sun,et al.  Security Assurance for Smart Contract , 2018, 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[90]  Yi Zhang,et al.  A formal verification tool for Ethereum VM bytecode , 2018, ESEC/SIGSOFT FSE.

[91]  Sukrit Kalra,et al.  ZEUS: Analyzing Safety of Smart Contracts , 2018, NDSS.

[92]  Rainer Böhme,et al.  In Code We Trust? - Measuring the Control Flow Immutability of All Smart Contracts Deployed on Ethereum , 2017, DPM/CBT@ESORICS.

[93]  Ye Liu,et al.  ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[94]  Aron Laszka,et al.  Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach , 2017, Financial Cryptography.

[95]  Yang Feng,et al.  Smart Contract Development: Challenges and Opportunities , 2021, IEEE Transactions on Software Engineering.

[96]  Zeli Wang,et al.  FSFC: An input filter-based secure framework for smart contract , 2020, J. Netw. Comput. Appl..

[97]  Sergio Segura,et al.  A Survey on Metamorphic Testing , 2016, IEEE Transactions on Software Engineering.

[98]  Latifur Khan,et al.  Smart Contract Defense through Bytecode Rewriting , 2019, 2019 IEEE International Conference on Blockchain (Blockchain).

[99]  Zibin Zheng,et al.  Exploiting Blockchain Data to Detect Smart Ponzi Schemes on Ethereum , 2019, IEEE Access.

[100]  Pearl Brereton,et al.  Performing systematic literature reviews in software engineering , 2006, ICSE.

[101]  Yi Zhang,et al.  KEVM: A Complete Formal Semantics of the Ethereum Virtual Machine , 2018, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[102]  Haoran Wu,et al.  MuSC: A Tool for Mutation Testing of Ethereum Smart Contract , 2019, 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[103]  Peng Jiang,et al.  A Survey on the Security of Blockchain Systems , 2017, Future Gener. Comput. Syst..

[104]  Jia-Guang Sun,et al.  EVMFuzz: Differential Fuzz Testing of Ethereum Virtual Machine , 2019, Journal of Software: Evolution and Process.

[105]  Ari Juels,et al.  Setting Standards for Altering and Undoing Smart Contracts , 2016, RuleML.

[106]  Radu State,et al.  Automated Labeling of Unknown Contracts in Ethereum , 2017, 2017 26th International Conference on Computer Communication and Networks (ICCCN).

[107]  Massimo Bartoletti,et al.  Dissecting Ponzi schemes on Ethereum: identification, analysis, and impact , 2017, Future Gener. Comput. Syst..

[108]  Alex Norta,et al.  The State of the Art for Blockchain-Enabled Smart-Contract Applications in the Organization , 2018, 2018 Ivannikov Ispras Open Conference (ISPRAS).

[109]  Manuel Díaz,et al.  On blockchain and its integration with IoT. Challenges and opportunities , 2018, Future Gener. Comput. Syst..

[110]  Sven Peldszus,et al.  Maintenance of Long-Living Smart Contracts , 2020, Software Engineering.

[111]  H. D. Rombach,et al.  Foundations of Empirical Software Engineering: The Legacy of Victor R. Basili , 2010 .

[112]  Xiapu Luo,et al.  GasChecker: Scalable Analysis for Discovering Gas-Inefficient Smart Contracts , 2020, IEEE Transactions on Emerging Topics in Computing.

[113]  Rui Abreu,et al.  Empirical Review of Automated Analysis Tools on 47,587 Ethereum Smart Contracts , 2020, 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE).

[114]  Alan Mislove,et al.  Analyzing Ethereum's Contract Topology , 2018, Internet Measurement Conference.