Blockchains, Programming Smart Contracts, and Security Pitfalls

Part of the CSG Blockchain Team, especially Bruno Rodrigues, Eder John Scheid, and Burkhard Stiller, prepared and presented the tutorial on "Blockchains in the Age of Softwarization - Hands-on Experiences with Programming Smart Contracts and Their Security Pitfalls", which was presented on the first day of the fully virtualized IEEE/IFIP Network Operations and Management Symposium (NOMS 2020), Budapest, Hungary on Monday, April 20, 2020.

While the use of a video conferencing tool for a tutorial is sort of new, its practical parts had to be organized in a guided tour, for which all code and instructions had to be prepared beforehand and made available for download. The audience of a peak number of 21 attendees did use the code material, the explanations on the slides shared with the tool, and the oral explanations, too. The typical "look across the shoulder" of instructors to attendees' machines had to be replaced by the audio track of continued explanations and their repetitions as far as needed.

Content-wise, the Blockchain (BC) as an underlying technical platform for implementing application-specific requirements did lead to different BCs being developed, including their language and compilers – on which Smart Contracts (SC) rely on. Thus, languages still being in their infancy compared to highly consolidated programming languages, such as C or Java, all SCs being implemented within them become a vital element for all actors interacting with BC-based applications. Security considerations of such code are essential, both (a) from the viewpoint of platform-relevant BC vulnerabilities and (b) the application contract (logic) itself, which can be exploited by malicious users. Thus, this tutorial was based specifically on the Ethereum platform and Solidity contracts and demonstrated theoretically and practically main common vulnerabilities and SC development mistakes.

Eder John Scheid

News