Requirements for the development of smart contracts and an overview of smart contract vulnerabilities at the Solidity code level on the Ethereum platform

Abstract

The article is devoted to the consideration of automated decentralized programs on the blockchain, which are a modern tool for processing transactions without the help of a trusted third party. The purpose of the study is to generalize and systematize information on the requirements for smart contracts, as well as review the vulnerabilities of smart contracts at the Solidity code level. The blockchain architecture was studied and the advantages of smart contracts compared to conventional contracts were determined, namely: risk reduction, reduction of administration and maintenance costs, and improvement of business process efficiency. A thorough analysis of current literature has been carried out and the current problems faced by users and developers of smart contracts have been identified. It is noted that the process of developing smart contracts is not sufficiently standardized and it is advisable to create a system of recommended requirements for smart contracts used in various subject areas. The requirements for smart contracts have been collected and analyzed for areas related to healthcare, education, business, project management, data analysis, software development, trading, logistics, and jurisprudence. It is determined that the mandatory requirements for all these subject areas are security, process transparency, determination of conditions and criteria for success, and automation of work. The rest of the requirements are analyzed and the concepts of the measure of coincidence and uniqueness of requirements for a particular subject area based on the corresponding functions are introduced. The coincidence and uniqueness measures were calculated for the considered subject areas. The proposed measures will allow in the future to obtain a quantitative assessment of templates for gathering requirements for programs, taking into account the used subject area. The article reviews and systematizes the types of vulnerabilities of smart contracts at the level of Solidity code on the Ethereum platform. The best practices to avoid such vulnerabilities and possible examples of their exploitation by attackers are identified. It has been shown that increasing the reliability of smart contracts will help increase trust in the blockchain among users.