1

An Overview on Smart Contracts: Challenges,Advances and Platforms

Zibin Zheng,Shaoan Xie, Hong-Ning Dai, Weili Chen, Xiangping Chen, Jian Weng, Muhammad Imran

Abstract—Smart contract technology is reshaping conventionalindustry and business processes. Being embedded in blockchains,smart contracts enable the contractual terms of an agreementto be enforced automatically without the intervention of atrusted third party. As a result, smart contracts can cut downadministration and save services costs, improve the efficiencyof business processes and reduce the risks. Although smartcontracts are promising to drive the new wave of innovationin business processes, there are a number of challenges to betackled. This paper presents a survey on smart contracts. We firstintroduce blockchains and smart contracts. We then present thechallenges in smart contracts as well as recent technical advances.We also compare typical smart contract platforms and give acategorization of smart contract applications along with somerepresentative examples.

Index Terms—Smart contract; Blockchain; Cryptocurrency;Decentralization

I. INTRODUCTION

Blockchain technology has recently fueled extensive in-terests from both academia and industry. A blockchain isa distributed software system allowing transactions to beprocessed without the necessity of a trusted third party. As aresult, business activities can be completed in an inexpensiveand quick manner. Moreover, the immutability of blockchainsalso assures the distributed trust since it is nearly impossibleto tamper any transactions stored in blockchains and all thehistorical transactions are auditable and traceable.

Blockchain technology is enabling smart contracts thatwere first proposed in 1990s by Nick Szabo [1]. In a smartcontract, contract clauses written in computer programs willbe automatically executed when predefined conditions aremet. Smart contracts consisting of transactions are essentiallystored, replicated and updated in distributed blockchains. Incontrast, conventional contracts need to be completed bya trusted third party in a centralized manner consequentlyresulting in long execution time and extra cost. The integrationof blockchain technology with smart contracts will make thedream of a “peer-to-peer market” come true.

Take a smart contract between a buyer and a supplier asan example. As shown in Figure 1, a supplier first sends aproduct catalog to a buyer through the blockchain network.This catalog that includes product descriptions (such as prop-erty, quantity, price and availability) along with shipping and

Z. Zheng, S. Xie, W. Chen, X. Chen is with School of Data and ComputerScience, Sun Yat-sen University, China.

H.-N. Dai is with Faculty of Information Technology, Macau University ofScience and Technology, Macau (email: hndai@ieee.org).

J. Weng is with Jinan University, Guangzhou, China.M. Immran is with College of Applied Computer Science, King Saud

University, Riyadh, Saudi Arabia

Supplier Buyer Carrier

4

Receivable account

Payable account

6

Payment

Contract 2

Contract 1

3

Product reception

Product transportation

1

Purchase order

ProductCatalog

2

Sales order

Payable account

Receivable account

5

Product delivery

Figure 1. An example of a smart contract between a buyer anda supplier.

payment terms is stored and distributed in the blockchain sothat a buyer can obtain the product information and verify theauthenticity and reputation of the supplier at the same time.The buyer then submits the order with the specified quantityand payment date via the blockchain. This whole procedureforms a purchase contract (i.e., Contract 1) enclosed in theblue box as shown in Figure 1. It is worth mentioning that

arX

iv:1

912.

1037

0v1

[cs

.SE

] 2

2 D

ec 2

019

2

the whole procedure is completed between the buyer and thesupplier without the intervention of a third party.

After Contract 1 is done, the supplier will search for acarrier in the blockchain to complete the shipping phase. LikeContract 1, the carrier also publishes the shipping description(such as transportation fees, source, destination, capacity andshipping time) as well as shipping conditions and terms inthe blockchain. If the supplier accepts the contract issued bythe carrier, the products will be delivered to the carrier whowill finally dispatch the products to the buyer. This wholeprocedure constructs Contract 2 (enclosed in the pink box) asshown in Figure 1 . Similarly, the whole procedure of Contract2 is also conducted without the intervention of a third party.

In addition to automatic execution of Contract 1 and Con-tract 2, the payment procedures (including the payment fromthe supplier to the carrier and that from the buyer to thesupplier) are also completed automatically. For example, oncethe buyer confirms the reception of the products, the paymentbetween the buyer and the supplier will be automaticallytriggered as the predefined condition is met. The financialsettlement from the buyer to the supplier is conducted viacrypto currencies (e.g., Bitcoin or Ether1.). In contrast toconventional transactions, the whole process is done in a peer-to-peer manner without the intervention of third parties likebanks. As a result, the turnaround time and transactional costcan be greatly saved.

In summary, smart contracts have the following advantagescompared with conventional contracts:

• Reducing risks. Due to the immutability of blockchains,smart contracts cannot be arbitrarily altered once they areissued. Moreover, all the transactions that are stored andduplicated throughout the whole distributed blockchainsystem are traceable and auditable. As a result, maliciousbehaviors like financial frauds can be greatly mitigated.

• Cutting down administration and service costs. Block-chains assure the trust of the whole system by dis-tributed consensus mechanisms without going through acentral broker or a mediator. Smart contracts stored inblockchains can be automatically triggered in a decentral-ized way. Consequently, the administration and servicescosts due to the intervention from the third party can besignificantly saved.

• Improving the efficiency of business processes. The elim-ination of the dependence on the intermediary can sig-nificantly improve the efficiency of business process.Take the aforementioned supply-chain procedure as anexample. The financial settlement will be automaticallycompleted in a peer-to-peer manner once the predefinedcondition is met (e.g., the buyer confirms the receptionof the products). As a result, the turnaround time can besignificantly reduced.

Smart contracts are boosting a broad spectrum of appli-cations ranging from industrial Internet of Things to financialservices [2], [3], [4], [5], [6], [7], [8], [9], [10], [11]. Althoughsmart contracts have great potentials to reshape conventionalbusiness procedures, there are a number of challenges to

1Commonly used acronyms in this paper are listed in Table I

Table I. Acronym Table

Terms Acronyms

Proof of Work PoW

Proof of Stake PoS

Practical Byzantine-Fault Tolerance PBFT

Low Level Virtual Machine LLVM

Convolutional Neural Network CNN

Long Short Term Memory LSTM

Ether ETH

Bitcoin BTC

Ethereum Virtual Machine EVM

Unspent Transaction Output UTXO

Internet of Things IoT

Distributed Autonomous Corporation DAC

Certificate Authority CA

Delegated Proof of Stake DPOS

WebAssembly Wasm

Border Gateway Protocol BGP

be solved. For example, even if blockchains can assure acertain anonymity of the parties of the contract, the privacyof the whole contract execution may not be preserved sinceall the transactions are globally available. Moreover, it ischallenging to ensure the correctness of smart contracts due tovulnerabilities of computer programs to the faults and failures.

There are some recent studies on smart contracts. Forexample, [12], [13], [14] present comprehensive surveys ofblockchain technology and briefly introduce smart contracts.The work of [15] provides an in-depth survey on Ethereumsmart contract programming vulnerabilities while [17] presentsa detailed survey over verification methods on smart contractlanguages. The work of [16] reports authors’ experiences inteaching smart contract programming and summarizes severaltypical types of mistakes made by students. Ref. [18] presentsan empirical analysis on smart contract platforms. Recentstudies [19], [20] also collect some literature of smart contractsand present reviews while fail to discuss the challenges in thisarea. Moreover, the work of [21] presents a brief overview ofsmart contract platforms and architectures. However, most ofexisting papers fail to identify the rising challenges and givea comprehensive survey. For example, Ethereum can be usedto conduct illegal business such as Ponzi schemes that werereported to defraud over 410,000 US dollars while few studiesaddress this issue [22]. We summarize the differences betweenthis paper and existing studies in Table II.

The objective of this paper is to conduct a systematicoverview of technical challenges in smart contracts enabledby blockchain technologies. Contributions of this paper arehighlighted as following:

• Important research challenges in the life cycle of smartcontracts are identified.

• Recent advances in addressing technical challenges aresummarized.

3

Table II. Comparison with related work

Research Ethereum Otherplatforms

ProgrammingLanguages

Other technicalchallenges

Technicaladvances

Risingchallenges

Applications

[12], [13], [14] X 7 7 7 7 7 7[15], [16] X 7 X 7 7 7 7

[17] X X X 7 7 7 7[18] X X X 7 7 7 X

[19], [20], [21] X X X X X 7 XThis paper X X X X X X X

• A detailed comparison of typical smart contract platformsis made.

• Diverse smart contract applications are summarized.Organization of this paper. Section II gives a brief

introduction to blockchains and smart contracts. Section IIIthen summarizes research challenges in smart contracts as wellas recent technical advances. Section IV next compares typicalsmart contract development platforms. Section V categorizestypical smart contract applications. Finally, Section VI con-cludes the paper.

II. OVERVIEW OF BLOCKCHAIN AND SMART CONTRACT

Smart contracts are built upon blockchain technology en-suring the correct execution of the contracts. We first providea brief introduction to blockchain technology in Section II-A.We then give an overview on smart contracts in Section II-B.

A. Blockchain

A blockchain can be regarded as a public ledger, in which alltransactions cannot be falsified. Figure 2 illustrates an exampleof a blockchain. A blockchain is a continuously-growing chainof blocks. When a new block is generated, all the nodes inthe network will participate in validating the block. Once theblock is validated, it will be appended to the blockchain.

To validate the trustfulness of blocks, consensus algorithmsare developed. Consensus algorithms determine which node tostore the next block and how the new appended block to bevalidated by other nodes. Representative consensus algorithmsinclude proof of work (PoW) [23] and proof of stake (PoS)and practical byzantine-fault tolerance (PBFT) [24], [25].Consensus algorithms are usually done by users who first solvethe puzzle (i.e., PoW or PoS). These users are called miners.Each miner keeps a full copy of the blockchain. Different fromPoW and PoS, PBFT requires a multi-round voting process toreach the consensus. The distributed consensus algorithms canensure that transactions are done without the intervention ofthird parties like banks. As a result, the transaction costs canbe saved. Moreover, users transact with their virtual addressesinstead of real identities so that the privacy of users is alsopreserved.

In blockchain systems, it is possible that several nodes cansuccessfully reach the consensus (i.e., solving the puzzle) atthe same time, consequently it can cause the bisected branches.To solve the disparity, a shorted side chain is desolated asshown in Figure 2 while the longest chain is selected as thevalid chain. This mechanism is effective since the longer chainis more tolerant to malicious attacks than the shorter chain indistributed systems.

In summary, blockchain technology has the key characteris-tics of decentralization, immutable, persistency and anonymity[26], [27], [28].

B. Smart Contract

Smart contracts can be regarded as a great advance inblockchain technology [29]. In 1990s, a smart contract wasproposed as a computerized transaction protocol that executesthe contractual terms of an agreement [1]. Contractual clausesthat are embedded in smart contracts will be enforced auto-matically when a certain condition is satisfied (e.g., one partywho breaches the contract will be punished automatically).

Blockchains are enabling smart contracts. Smart contractsare essentially implemented on top of blockchains. The ap-proved contractual clauses are converted into executable com-puter programs. The logical connections between contractualclauses have also been preserved in the form of logicalflows in programs (e.g., the if-else-if statement). Theexecution of each contract statement is recorded as an im-mutable transaction stored in the blockchain. Smart contractsguarantee appropriate access control and contract enforcement.In particular, developers can assign access permission foreach function in the contract. Once any condition in a smartcontract is satisfied, the triggered statement will automaticallyexecute the corresponding function in a predictable manner.For example, Alice and Bob agree on the penalty of violatingthe contract. If Bob breaches the contract, the correspondingpenalty (as specified in the contract) will be automatically paid(deducted) from Bob’s deposit.

The whole life cycle of smart contracts consists of fourconsecutive phases as illustrated in Figure 3:

1) Creation of smart contracts. Several involved parties firstnegotiate on the obligations, rights and prohibitions oncontracts. After multiple rounds of discussions and nego-tiations, an agreement can reach. Lawyers or counselorswill help parties to draft an initial contractual agree-ment. Software engineers then convert this agreementwritten in natural languages into a smart contract writtenin computer languages including declarative languagesand logic-based rule languages [30]. Similar to thedevelopment of computer software, the procedure ofthe smart contract conversion is composed of design,implementation and validation (i.e., testing). It is worthmentioning that the creation of smart contracts is aniterative process involving with multiple rounds of ne-gotiations and iterations. Meanwhile, it is also involvedwith multiple parties, such as stakeholders, lawyers andsoftware engineers.

4

Block ii

Timestamp

Hash of block i− 1i− 1

Nonce

TX 2 TX nnTX 1

MerkleRoot

Block jj

A shorter side chain is desolated

Block j + 1j + 1

Block ii Block i+ 1i+ 1 Block mmGenesis block

Block i+ 1i+ 1

Timestamp

Hash of block ii

Nonce

TX 2 TX nnTX 1

MerkleRoot

TX 22 TX nnTX 11 …

hash(TX1)hash(TX1) hash(TX2)hash(TX2) hash(TXn)hash(TXn)

hash(TX1,TX2)hash(TX1,TX2)

MerkleRoot

hash(TXn− 1,TXn)hash(TXn− 1,TXn)

…

…

Block 1

Figure 2. A blockchain consists of a sequence of blocks, each of which contains an inverse hash pointing back to its parentblock. Meanwhile, there are a number of transactions stored inside a block.

2) Deployment of smart contracts. The validated smartcontracts can then be deployed to platforms on top ofblockchains. Contracts stored on the blockchains cannotbe modified due to the immutability of block-chains.Any emendation requires the creation of a new contract.Once smart contracts are deployed on blockchains,all the parties can access the contracts through theblockchains. Moreover, digital assets of both involvedparties in the smart contract are locked via freezing thecorresponding digital wallets [31]. For example, the cointransfers (either incoming or outgoing) on the walletsrelevant to the contract are blocked. Meanwhile, theparties can be identified by their digital wallets.

3) Execution of smart contracts. After the deploymentof smart contracts, the contractual clauses have beenmonitored and evaluated. Once the contractual con-ditions reach (e.g., product reception), the contractualprocedures (or functions) will be automatically executed.It is worth noting that a smart contract consists of anumber of declarative statements with logical connec-tions. When a condition is triggered, the correspondingstatement will be automatically executed, consequentlya transaction being executed and validated by miners inthe blockchains [32]. The committed transactions andthe updated states have been stored on the blockchainsthereafter.

4) Completion of smart contracts. After a smart contracthas been executed, new states of all involved parties areupdated. Accordingly, the transactions during the execu-tion of the smart contracts as well as the updated statesare stored in blockchains. Meanwhile, the digital assetshave been transferred from one party to another party

(e.g., money transfer from the buyer to the supplier).Consequently, digital assets of involved parties havebeen unlocked. The smart contract then has completedthe whole life cycle.

It is worth mentioning that during deployment, executionand completion of a smart contract, a sequence of transactionshas been executed (each corresponding to a statement in thesmart contract) and stored in the blockchain. Therefore, allthese three phases need to write data to the blockchain asshown in Figure 3.

III. CHALLENGES AND ADVANCES OF SMART CONTRACT

Although a smart contract is a promising technology, thereare still a number of challenges to be tackled. We categorizethese major challenges into four types according to four phasesof the life cycle of smart contracts. Meanwhile, we also givean overview on recent advances in solving these challenges.Table III summarizes the challenges and recent advances.

A. Creation challenges

Contract creation is an important step to implement smartcontracts. Users have to code their own contracts and thendeploy them in various blockchain platforms (to be introducedin Section IV). Since blockchains are essentially immutable,blockchain-based smart contracts also cannot be modified afterbeing deployed. As a result, developers need to carefullyaddress the following problems.

1) Readability: Most of smart contracts are written inprogramming languages such as Solidity, Go, Kotlin andJava (to be described in Section IV). Then source codeswill be compiled and executed. Therefore, in different time

5

Blockchain

Block ii Block i+ 1i+ 1 Block mmGenesis block Block 1

Creation

Smart contract

1. Negotiation of multiple parties2. Design, implementation and validation of smart contract

Deployment

1. Contracts stored on blockchain 2. Freezing of digital assets of involved parties

Execution

1. Evaluation on contract clauses (conditions) 2. Auto-execute contract statements once triggered

Completion

1. State updating and digital assets allocated2. Unfreezing of digital assets

Write to blockchain

Write to blockchain

Write to blockchain

Deployment Freezing of assets Evaluation Auto-executeUnfreezing of assets

State updating

Approve

Software

engineerProgram

Negotiation

Figure 3. A life cycle of a smart contract consists of four major phases: Creation, Deployment, Execution and Completion

periods, programs have different forms of codes. How to makeprograms readable in each form remains a big challenge.

Recent advances for readability challenge

• Recover source code: It is shown in [33] that more than77% smart contracts have not released public sourcecodes, all of which are involved with over $3 billionUS dollars. Unavailability of source code makes smartcontract be opaque to the official auditors. To address thisissue, [33] proposed a reverse engineering tool (namelyErays) to analyze compiled smart contracts. This reverseengineering tool is able to convert hex encoded contractinto a human readable pseudo codes.

• Human readable code: Frantz and Nowostawski [34] pro-posed a semi-automated translation system that can con-vert human-readable contract representations into compu-tational programs. Essentially, this semi-automated trans-lation system has been implemented according to theconcept from institutional analysis [80]. In particular,institution specifications can be decomposed into differentcomponents such as attributes, deontic, aim,conditions and or else. These components arethen mapped into the corresponding blocks written inprogramming languages. For example, the attributescan be converted into structs in Solidity. Since mostof smart contract programming languages are object-oriented languages, [35] argues that declarative languagebacked by a logic programming computational modelmight be more suitable for smart contract. For example,the authors claim that Prolog (a type of logic language)does not requires compilation so it also avoids the in-spection on smart contract compilation.

• Human readable execution: Although many platformsattempt to provide smart contract developers with highlevel languages, these smart contracts will then be com-piled into other forms, e.g., bytecode in Ethereum VirtualMachine (EVM). In most of cases, two parties in thetransaction need to understand the contracts at the levelthat it has been stored and executed on blockchain.

Ref. [36] proposed an intermediate level language namedIELE to solve this challenge. IELE has a similar syntax toLow Level Virtual Machine (LLVM) [37] so as to providecompilers with high-level information during the compiletime, link time, run time, and idle time.

2) Functional issues: There are a number of functionalissues with incumbent smart contract platforms. We presentseveral representative challenges: 1) Re-entrancy means thatthe interrupted function can be safely recalled again. Ma-licious users may exploit this vulnerability to steal digitalcurrency as indicated in [81]. 2) Block randomness. Somesmart contract applications such as lotteries and betting poolsmay require randomness of generated blocks. This can beachieved by generating pseudo-random numbers in a blocktimestamp or nonce. However, some malicious miners mayfabricate some blocks to deviate from the outcome of thepseudo-random generator. In this way, attackers can controlthe probability distribution of the outcomes as shown in [82].3) Overcharging. It is shown in recent work [44] that smartcontracts can be overcharged due to the under-optimization ofsmart contracts. These overcharged patterns have the featureslike dead code, expensive operations in loops consisting ofrepeated computations.

Recent advances for functional issues

• Re-entrancy: Recently, several proposals attempt to solvesome of the above challenges. Obsidian [38] was pro-posed to address re-entrancy attacks and money leakageproblems. In particular, Obsidian exploits named states toenable consistency checking on state transitions and ver-ification so that re-entrancy vulnerability can be mended.Moreover, a data flow analytical method was proposedto prevent the illegal digital currency stealing from theleakage. Ref. [39] proposed to eliminate re-entrancyvulnerabilities by prohibiting the nesting calling amongfunctions in the contract. Liu et al. [40] proposed toperform the fuzz testing on smart contracts by iterativelygenerating random but diverse transactions to detect re-entrancy bugs.

6

Table III. Summary of challenges and advances in smart contracts

Phases Challenges Advances

Creation

• Recover source code [33]

1) Readability • Human readable code [34], [35]

• Human readable execution [36], [37]

• Re-entrancy [38], [39], [40]

2) Functional issues • Block randness [41], [42], [43]

• Overcharging [44], [45]

Deployment

• Bytecode analysis [46], [47], [48], [49], [50], [51], [52], [53]

1) Contract correctness • Source code analysis [54], [55], [56], [57]

• Machine learning based analysis [58], [59], [60]

• Graph based analysis [61], [62]

2) Dynamic control flow • Path-searching [63]

• Execution environment [64]

Execution

1) Trustworthy oracle• Third-party involved [65]

• Decentralized [66], [67]

2) Transaction-ordering dependence• Sequential execution [68]

• Predefining contract [69]

3) Execution efficiency• Execution serialization [70], [71], [72]

• Inspection of contract [73]

Completion

1) Privacy and Security• Privacy [74], [75]

• Security [76]

2) Scam• Ponzi scheme [77] [22], [78]

• Honeypot [79]

• Block randness: Blockchain is regarded as a promisingtechnology to generate public and unpredictable randomvalues. However, the random output might not be sorandom as people expect. Miners could control the blockgeneration and release the block until they find it prof-itable. To address this issue, [41] proposed to use thedelay-function to generate randomness. It means that therandom value will be only be known to others after ashort time period since its generation. In this way, theblockchain moves on and the miners could not withholdtheir blocks to profit. But delay functions are not suitablefor smart contracts as most of they require instanceverification. To this end, [42] proposed the Sloth functionto allow faster verification. Based on [42], [43] proposeda multi-round protocol to verify delay functions using arefereed delegation model. It reduces the cost of verifyingthe output from $30 to $0.4.

• Overcharging: Besides from caring the efficiency of theirprograms, developers of smart contract also need to payattention to their execution costs. Ref. [44] reportedthat over 90% of real smart contracts suffer from gas-costly patterns in Ethereum. Chen et al. [45] proposedGasReducer, a tool used to detect gas-costly patterns.GasReducer can replace under-optimized bytecode withefficient bytecode.

B. Deployment challenges

After creation, smart contracts will be deployed onblockchain platforms. But smart contracts need to be checkedcarefully to avoid potential bugs. Furthermore, smart contractdevelopers need to be aware of the contract’s interactionpatterns to mitigate potential losses due to the malicious be-haviors (such as frauds and attacks [83]). We next describe thechallenges as well as advances in smart contract deployment.

1) Contract correctness: Once smart contracts have beendeployed on blockchains, it is nearly impossible to make anyrevisions. Therefore, it is of vital importance to evaluate thecorrectness of smart contracts before the formal deployment.However, it is challenging to verify the correctness of smartcontracts due to the complexity of modelling smart contracts.

Recent advances for contract correctness

• Bytecode analysis: Bytecode level analysis only requiresthe compiled bytecodes of smart contracts, which aremuch easier to obtain. How to utilize these bytecodeto detect security threats has become a hot researchtopic. In particular, OYENTE was proposed in [46] toidentify potential security bugs including mishandledexceptions and timestamp-dependent problems. Based onthe control graph generated by OYENTE, [47] producesthe rule-based representations for high level bytecodeanalysis. Meanwhile, Knecht and Stiller [48] proposeda smart contract deployment and management platform

7

(SmartDEMAP) to address the trust problem during thecontract development and deployment. Moreover, othercode quality control tools such as automated bug-finderscan also be equipped with SmartDEMAP. In this manner,smart contracts can be deployed only after the trustfulconditions are fulfilled. Ref. [49] proposed MadMax topredict gas-focus vulnerabilities in Ethereum smart con-tracts. The combination of control-flow-analysis-baseddecompiler and declarative program-structure queries en-ables the method detecting the vulnerabilities in highprecision. Meanwhile [84] symbolically analyzed thecontract dependency graph to extract precise semanticinformation from the code. Then, it checks complianceand violation patterns that capture sufficient conditionsto prove if a property holds or not. Furthermore, [50]proposed a method to search for certain critical paths inthe control flow graph of a smart contract and identifypaths that may lead to a critical instruction, where thearguments of instructions can be controlled by an attacker.Ref. [51] proposed Vandal, a tool which firstly convertslow level bytecode into register transfer language thatwas then translated into logic semantic relations. Inaddition, [52] proposed Gigahorse, a tool which is able todecompile smart contract bytecode to high level 3-addresscode representation. The new intermediate representationof smart contracts makes the implicit data and controlflow dependencies of the EVM bytecode be explicit.Amani et al. [53] reconstructed bytecode sequences intoblocks of straight-line code and created a program logicto identify the security vulnerability of the contract.

• Source code analysis: Compared with bytecode levelanalysis, source code analysis requires the availabilityof smart contract source codes. Although the sourcecode analysis contains more information, it also requireshighly-precise analysis. There are a number of studieson source code analysis of smart contracts. In particu-lar, a formal verification method was proposed in [54]to analyze and verify both the runtime safety and thefunctional correctness of smart contracts (e.g., Ethereumcontracts). This method first translates smart contractsinto codes written in F* [55], which is a functionalprogramming language mainly used for program verifi-cation. This translation can be used to detect abnormalpatterns like stack overflow (i.e., exceeding the stacklimit). Meanwhile, [56] proposed Zeus to verify thecorrectness of smart contracts. Zeus firstly translates thecontracts and policy specification into low-level interme-diate representation and feeds the encoded representationinto constrained horn clauses [57] to ascertain the safetyof the smart contract.

• Machine learning based analysis: Recently, machinelearning-based methods have been proposed to obtain abetter representation for detecting vulnerabilities in smartcontracts. In particular, [58] proposed a novel semantic-aware security auditing technique called the S-gramscheme for Ethereum. The S-gram scheme that com-bines the N -gram language modeling and static semanticlabeling can be used to predict potential vulnerabilities

by identifying irregular token sequences and optimizeexisting in-depth analyzers. Meanwhile, the work of [59]translates the bytecode of smart contract into RGB colorthat was transformed into images. The images were fedinto a convolutional neural network (CNN) to extractmore meaningful features. Moreover, [60] applied LongShort Term Memory (LSTM) to analyze the securitythreats of smart contracts at an opcode level.

2) Dynamic Control flow: Despite the fact that the deployedsmart contracts are immutable, the control flow of smart con-tracts is not guaranteed to be immutable. In particular, a smartcontract can interact with other contracts (e.g., transferringfunds to the contract or creating a new contract). The controlflow of smart contract needs to be designed carefully whendeveloping the contract. The interaction of smart contractscan result in an increased number of interconnected contractsover time. Therefore, how to predict the contract behavioursbecomes challenging. In addition, most of existing methodspay attention to the detection of potential dynamic controlflow problems in programs while the reliability of the ex-ecution environment is not always ensured. Therefore, it isalso significant to check whether the execution environment isreliable.

Recent advances for dynamic control flow

• Graph based analysis: Charlier et al. [61] proposed amulti-dimensional approach to predict interactions amongsmart contracts. In particular, this approach integratesstochastic processes and tensors to reproduce existinginteractions, consequently predicting future contract inter-actions. Furthermore, the work in [62] presents a heuristicindicator of control flow immutability. In particular, thisapproach was evaluated on a call graph of all smartcontracts on Ethereum. Through analyzing the call graph,it is shown that two smart contracts (out of five) requirea trust in at least one third party.

• Path-searching: Nikolic et al. [63] proposed a methodnamely MAIAN to detect vulnerabilities across a longsequence of invocations of a contract. MAIAN employsinter-procedural symbolic analysis and concrete validatorfor exhibiting real exploits. It searches the spaces ofall execution paths in a trace with depth-first search(DFS) and checks whether the contract triggers propertyviolation. Different from above graph-based methods,MAIAN is designed to identify either locking fundsindefinitely, leakage to arbitrary users or being killedby anyone. Therefore, it does not need to model theinteractions among smart contracts.

• Execution environment: EVMFuzz [64] was proposedto detect vulnerabilities of the execution environmentof smart contract. EVMFuzz continuously generate seedcontracts for different EVM executions, so as to find asmany inconsistencies among execution results as possi-ble. This method can eventually discover vulnerabilitieswith cross-referencing outputs.

8

C. Execution challenges

Execution phase is crucial to smart contracts as it determinesthe final state of smart contracts. There are a number of issuesto be addressed during the execution of smart contracts.

1) Trustworthy oracle: Smart contracts cannot work with-out real-world information. For example, an Eurobet (i.e., asoccer betting smart contract) needs to know the result ofEuropean Cup. However, a smart contract is designed to runin a sandbox isolating from the outside network. In a smartcontract, an oracle plays a role of an agent who finds andverifies real-world occurrences and forwards this informationto the smart contract. Thus, how to determine a trustworthyoracle becomes a challenge.

Recent advances for trustworthy oracle

• Third-party involved: Town Crier (TC) [65] was proposedto address this challenge. In particular, TC scrapes datafrom reliable web sites and feeds those data to smartcontracts. TC feeds the data in the form of datagramthat is accompanied with the specific data-source website and a concrete time frame. Meanwhile, TC executesits core functionality in a Software Guard Extension(SGE) enclave that protects TC from attacks of maliciousbehaviors.

• Decentralized: Ref. [66] proposed a decentralized oraclenamed ASTRAEA, which is based on a voting gameamong stake-holders. In particular, voters place a rea-sonable amount of stakes to vote the random propositionselected from the system. Once the weighted sum of votesmatches the vote from a voter, the voter will be rewarded,otherwise, the voter will be penalized. Meanwhile, [67]proposed a smart contract based solution for selectingtrustworthy oracles. A reputation contract is used torecord each oracle-service-provider’s reputation accord-ing to its previous performance. Then an aggregatingcontract will calculate the final results of a query fromusers and finalize the result.

2) Transaction-ordering dependence: Users send transac-tions to invoke functions in a smart contract while miners packthe transactions into blocks. However, the order of transactionsis not deterministic due to the uncertainty of the bisectedblockchain branches [26]. This uncertainty can cause incon-sistency of order-dependent transactions. For example, thereis a contract containing variant x. Alice sends a transactionto increase x by 1 while Bob sends a transaction to multiplyx by 10. Due to uncertainty of the transaction order, the finaloutcomes on variant x can either be x + 1 or x × 10. It isworth mentioning that this inconsistency has been well solvedin conventional database management systems (DBMS) [85]while it is challenging to solve it in smart contracts as far aswe know.

Recent advances for transaction-ordering dependence

• Sequential execution: Ref. [68] introduced a design pat-tern of smart contract-transaction counter. Transactioncounter expects a transition number in each function asa parameter and ensures the number be increased byone after each function execution. Through analyzing the

transition number, the inconsistency problem is solved.• Predefining contract: To avoid such anomaly, [69]

proposed to write smart contracts instead of trans-actions. For example, if Alice wants to increasethe value of x after Bob’s operation, she writes aIncreaseIfMultiplied() function, which avoidsthe situation where Alice’s operation executes prior toBob’s.

3) Execution Efficiency: Smart contracts are serially exe-cuted by miners. In other words, a miner will not executeanother contract until the current contract is completed. Theexecution serialization essentially limits the system perfor-mance. However, it is challenging to execute smart contractsconcurrently due to the shared data between multiple smartcontracts. In the meantime, how to inspect the contract datawithout prescribed interface is also important to improving thesmart contract execution efficiency as it removes the need toredeploy a new contract.Recent advances for execution efficiency

• Execution serialization: To fill this gap, Dickerson etal. [70] proposed an approach based on Software Trans-actional Memory to allow miners or validators to executecontracts in parallel. The main idea of this approach is totreat each invocation of a smart contract as a speculativeatomic action. In this way, conflicts happened during theparallel executions can be rolled back easily. Furthermore,the work in [71] investigated smart contracts in a concur-rent perspective. In particular, concurrency issues suchas atomicity, interference, synchronization, and resourceownership have been well studied in this paper. Ref.[72] proposed to use optimistic Software TransactionalMemory Systems to help improve the execution efficiencyof smart contracts. While executing contract transactionsconcurrently using multi-threading, the miner also storesa block graph of transactions into the block. Then thevalidators re-execute the smart contract concurrently withthe given block graph. If the result is consistent, the blockwill be appended into the blockchain.

• Inspection of contract: After deployment, the contractcontent cannot be modified. What can developers doif they are asked to observe some values that are notdescribed in their initial requirements? A straightforwardsolution is to amend the smart contract and re-deployit. However, the redeployment of smart contracts maycause additional costs. Ref. [73] proposed to exploitthe memory layout reification to decompile the binarystructure of a compiled contract. Meanwhile, the work of[73] proposed the decompilation capabilities encapsulatedin mirrors [86], through which the method can introspectthe current state of a smart contract instance withoutredeploying it.

D. Completion challenges

After the execution of smart contract, the modification tothe states in the system will be packed as a transaction andbroadcasted to each node. However, the proliferation of smartcontracts brings additional concerns.

9

1) Privacy and Security: Most current smart contract andblockchain platforms lack of privacy-preserving mechanisms,especially for transactional privacy. In particular, the transac-tion records (i.e., the sequence of operations) are disseminatedthroughout the whole blockchain networks. Consequently, allthe transactions are visible to everyone in the networks. Al-though some blockchain systems utilize pseudonymous publickeys to improve the anonymity of the transactions, mosttransaction data (such as balances) are still publicly visible.As shown in [87], it is possible to obtain useful informationfrom the transaction data based on the transactional graphanalysis. smart contract systems also have their inherentsoftware vulnerabilities, which are susceptible to maliciousattacks. In addition, smart contracts run on top of blockchainsystems which are also suffering from system vulnerability.For example, it is reported in [88] that attackers exploitedBorder Gateway Protocol (BGP) routing scheme to interceptmessages in blockchains. It can cause high delay of messagebroadcasting and also hijack the traffic of a subset of nodes,thereby stealing digital currency.

Recent advances for privacy and security

• Privacy: To address the privacy concerns of smart con-tracts, Kosba et al. [74] proposed Hawk - a decentral-ized smart contract system to establish privacy-preservedsmart contracts. In particular, the Hawk compiler willcompile a contract into a cryptographic protocol auto-matically. The compiled Hawk program contains twomajor parts: a private portion used to execute the majorfunction and a public portion used to protect users. Hawkwill encrypt the transaction information (e.g., transactionbalance) and verify the correctness of transactions viausing zero-knowledge proofs (i.e., without viewing thecontent of the transactions). The anonymity of the partiesin smart contracts can be ensured while the secrecy ofcontract execution may not be fulfilled. Enigma [75]offers a solution to the secrecy of smart contract ex-ecution. Advanced cartographic algorithms are used inEnigma to support zero-knowledge proofs. Moreover,Enigma distributes blockchain data in different nodesunlike traditional blockchain redundant schemes (i.e.,every node saves a copy of all transactions).

• Security: There are some efforts in solving the securityconcerns. For example, the recent work of [76] pro-poses a secure relaying-network for blockchains, namelySABRE. In particular, SABRE adjusts the inter-domainrouting policies for BGP routing scheme. It can protectthe link between clients and relays via placing relaysappropriately. Meanwhile, SABRE also adopts the co-design of hardware and software via software definednetworking (SDN) to reduce the traffic burden at re-lays. Experimental results demonstrate the effectivenessagainst BGP routing attacks.

2) Scams: As a new technology, blockchain and smart con-tracts are vulnerable to malicious attacks initiated by scams.The detection of scams is of great importance especiallyfor contract users since it enables them to terminate their

contract Multiplicator {...function multiplicate(address receiver)

payable {

if (msg.value >= this.balance){receiver.transfer(this.balance+msg.value);}

}

Figure 4. Example of smart contract honeypot [79]

investments at an early phase to avoid the unnecessary loss.Recent advances for readability challenge

• Ponzi scheme: Ponzi scheme is a classical fraud whichpromises high return rates with little risk to investors.It pays the older investors with new investors’ funds.But if there is no enough circulating money, the schemeunravels those posteriors who consequently lose theirmoney. The recent work of [77] conducted a systematicstudy over the Ponzi schemes on Ethereum. In particular,16,082,269 transactions were collected from July, 2015to May, 2017. It was found that 17,777 transactions wererelated to Ponzi schemes, which had already collectedover 410,000 US dollars within only two years. Chenet al. [22] proposed a method to extract features fromboth accounts and the operation codes to identify Ponzischemes on Ethereum. Meanwhile, the work of [78]proposed a novel approach to detect and quantify Ponzischemes on Bitcoin. In particular, to address the difficultyof identifying Ponzi schemes as they often use multipleaddresses, a clustering method [78] was proposed toidentify the addresses. They found that 19 out of 32 Ponzischemes use more than one addresses.

• Honeypot: Smart contract Honeypot implies that thevulnerable-looking contracts contain hidden traps. TakeFigure 4 as an example. At the first glance, a naiveuser may believe that the contract will automaticallyreturn the total amount of current balance plus extramoney after he or she sends the money to this contract.However, the balance will increase prior to the functionexecution and the condition of if (msg.value >=this.balance) will never be satisfied. The work of[79] developed a taxonomy of honeypot techniques anduse symbolic execution and heuristics to detect honeypotsin smart contracts. In addition, [79] found that the honey-pot contracts have made over $90,000 profit for creators.

IV. SMART CONTRACT DEVELOPMENT PLATFORMS

Recently, smart contracts have been developed on block-chain-based platforms. These platforms provide developerswith simple interfaces to build smart contract applications.Among a number of incumbent blockchain platforms, many ofthem can support smart contracts. In this paper, we introduce5 most representative smart contract platforms: Ethereum [89],Hyperledger Fabric [90], Corda [91], Stellar [92], Rootstock

10

[93] in Section IV-A. We choose them mainly due the popular-ity in developing community and technical maturity as impliedin [94]. We next summarize the common features of them inSection IV-B. Finally, we give an example of developing asmart contract in Section IV-C.

A. Representative platforms

1) Ethereum: Ethereum is a decentralized platform thatcan execute smart contracts. In contrast to Bitcoin’s Turing-incomplete script system, Ethereum has developed Turing-complete languages such as Solidity2, Serpent3, Low-levelLisp-like Language (LLL)4 and Mutan5 to support general userapplications beyond cyptocurrency applications. Ethereumcompiles smart contracts written by Solidity, Serpent, LLLand Mutan into machine codes, which will then be loaded toEVM and run. Meanwhile, Ethereum adopts the account-baseddata model, in which each participant is identified by its digitalwallet.

Similar to Bitcoin, Ethereum adopts PoW as the consensusalgorithm, which is also computational intensive. To com-pensate the cost of solving puzzles done by miners, Ether(ETH) instead of coins (BTC) in Bitcoin is used. Essentially,gas serves as an internal price for executing a transaction toovercome the unstable value of ETH. Informally, the total costof a transaction can be calculated by gas limit × gas price,where gas limit denotes the maximum amount of gas to beused to generate a block and gas price is the cost of a unitof gas (in ETH). Users can pay different amounts of gas tolet their transactions be confirmed earlier or later (i.e., largeamount of gas resulting in the fast confirmation). Since PoW iscomputationally intensive, it can waste a number of electricityfor meaningless block mining tasks. It is expected if the miningprocess is used for meaningful events, such as help solvingmathematical puzzles and conducting machine learning tasks.

2) Hyperledger Fabric: Hyperledger Fabric is also a dis-tributed ledger platform for running smart contracts [90].Different from Ethereum who runs smart contacts in virtualmachines (i.e., EVM), Hyperledger adopts Docker containerto execute the code. In contrast to virtual machines (VMs),containers can support smart contract applications with loweroverhead while sacrificing the isolation (i.e., applications inone container are running on top of one operating system).Instead of developing smart contract languages of Etherum,Fabric supports conventional high-level programming lan-guages such as Java and Go (aka Golang). Similarly, Fabric isalso Turing complete. Fabric adopts key-value pair as the datamodel.

As Fabric is designed to support general enterprise applica-tions, the Fabric blockchain-network is permissioned (privateor consortium). Users have to be authorized to join the networkby certificate authorities (CAs). Since there are different rolesin the network, multiple types of CAs coexist. For instance, theenrollment certificate authority (ECA) allows users to register

2https://solidity.readthedocs.io/en/develop/3https://github.com/ethereum/wiki/wiki/Serpent4https://lll-docs.readthedocs.io/en/latest/lll introduction.html5https://github.com/ethereum/go-ethereum/wiki

with blockchains. Once the user has registered, he/she hasto request transaction certificates from transaction certificateauthority (TCA). The consensus can be easily reached withinthe permissioned blockchain-network. Fabric exploits PBFTwhich requires the multi-round voting among authenticatedusers. PBFT relies on multi-round communications amongnodes, which can cause time delay. More efficient consensusalgorithms should be developed to resolve this problem.

3) Corda: In contrast to diverse applications of Ethereum,Corda [91] is specialized for digital-currency applications.It serves as a distributed-ledger platform for saving andprocessing historical digital-asset records. Corda adopts high-level programming languages such as Java and Kotlin6, whichare running on top of Java Virtual Machine (JVM). Mean-while, Corda is Turing incomplete to support the verifiability.Moreover, the data model in Corda is the transaction-basedmodel.

Corda typically supports private platforms, in which en-terprises establish an authored network to exchange digital-assets in the private manner. In private blockchain platforms,the consensus can easily reach. Corda adopts Raft [95] as theconsensus algorithm. The consensus in Raft can be achievedby selecting a leader, log replication and safety assurance.Instead of globally broadcasting in blockchains, Corda uses thepoint-to-point messaging mechanism. Users have to specifythe message receivers and the detailed information to be sent.

4) Stellar: Similar to Corda, Stellar [92] is a specializedplatform for digital-currency applications. Compared withEthereum, Stellar is simpler and more accessible. Meanwhile,Stellar can support a diversity of languages such as Python,JavaScript, Golang and PHP. However, Stellar contracts are notTuring complete. Similar to Fabric, Stellar executes programcodes on top of Docker containers, consequently reducing theoverhead. For example, the execution cost of one transac-tion at Stellar is only ∼$0.0000002, which can almost beignored. Moreover, the execution time for one transactionin Stellar is about 5 seconds on average in contrast to 3.5minutes in Ethereum. Therefore, Stellar is an ideal platformfor digital-currency applications. Like Ethereum, Stellar adoptsthe account-based model as the data model. Stellar developedits own consensus algorithm - Stellar Consensus Protocol(SCP) [92]. Since Stellar is permissioned, the consensus canbe easily reached via SCP.

5) Rootstock: Rootstock (RSK) [93] runs on top of Bitcoinwhile supporting faster execution of transactions. For example,RSK can confirm the executed transaction within 20 seconds.Meanwhile, RSK is compatible with Ethereum (e.g., adoptingSolidity to implement contracts). RSK contracts are alsoTuring complete7. Furthermore, RSK developed its own virtualmachines to run smart contracts. The data model of RSK isalso account-based while RSK is a public blockchain system.RSK developed its consensus scheme based on PoW whileit adopts lightweight implementation consequently reducingthe overhead. Like Corda and Stellar, RSK was proposed tomainly support digital-currency applications. RSK has a merit,

6https://kotlinlang.org/7Bitcoin is not Turing complete while Rootstock is Turing complete.

11

Table IV. Comparison of Smart Contract Platforms

Ethereum Fabric Corda Stellar Rootstock EOS

Executionenvironment

EVM Docker JVM Docker VM WebAssembly

Language Solidity, Serpent,LLL, Mutan

Java, Golang Java, Kotlin Python, JavaScript,Golang and PHP,etc.

Solidity C++

Turing Completeness Turing complete Turing complete Turing incomplete Turing incomplete Turing complete Turing complete

Data model Account-based Key-value pair Transaction-based Account-based Account-based Account-based

Consensus PoW PBFT Raft Stellar ConsensusProtocol (SCP)

PoW BFT-DPOS

Permission Public Private Private Consortium Public Public

Application General General Digital currency Digital currency Digital currency General

i.e., much safer than those systems independent of blockchainssince it runs on top of Bitcoin. However, it can cause extraburden on Bitcoin blockchain. How to resolve this problem iscrucial to RSK.

6) EOS: EOS [96] is designed to enable the scalability ofdecentralized applications. Instead of using one type of con-sensus algorithms only, EOS combines Byzantine Fault Toler-ance (BFT) and Delegated Proof of Stake (DPOS), therebyobtaining the advantages of both consensus algorithms. Ateach round, delegates (i.e., block producers) will be selectedby stake holders to produce a new block and BFT will proceedamong those selected delegates to make the block irreversible.Similar to Bitcoin, EOS is also account-based but it alsoallows all accounts to be referenced by human readable names.Instead of customizing a virtual machine for code executionlike Ethereum, EOS chooses to use WebAssembly (Wasm) sothat it is possible to write a smart contract in various languagesas long as it can be compiled into Wasm (e.g., EOS supportsC++).

B. Comparison of Smart Contract PlatformsTable IV compares Ethereum, Fabric, Corda, Stella, Root-

stock (RSK) and EOS from the following aspects such asexecution environment, supporting language, Turing com-pleteness, data model, consensus protocols, permission andapplication. We next summarize the main characteristics ofthese representative smart contract platforms as follows.

• Execution Environment. Contracts in Ethereum are ex-ecuted in EVM. Similarly, Corda and Rootstock adoptJVM and RSK virtual machines, respectively. In contrast,Fabric and Stellar run smart contracts on top of Dockercontainers, consequently reducing the overhead whilesacrificing the isolation of applications. EOS chooses touse Wasm to support more smart contract languages.

• Supported Languages. Ethereum supports Solidity, Ser-pent and Mutan, which are specially designed forEthereum. Fabric currently supports Java and Golangwhile Corda adopts Java and Kotlin. Stellar can support adiversity of languages such as Python, Javascript, Golangand PHP. To be compatible with Ethereum, RSK adoptsSolidity as the contract language while EOS currentlyonly supports C++.

• Turing completeness. Smart contracts on Ethereum, EOS,Fabric and RSK are all Turing complete while Corda andStellar are Turing incomplete. Turing-complete contractsare typically more expressive than Turing-incompletecontracts. However, the Turing completeness also bringsthe potential software bugs being susceptible to maliciousattacks (as illustrated in Section III).

• Data Model. Corda adopts the unspent transaction output(UTXO) model as Bitcoin does. In UTXO model, eachpayment has to specify the previous unspent transactionas the input. Then the specified transaction becomesspent. The changes will be made on new unspent trans-actions. Ethereum, Stellar, EOS and RSK adopt account-based model, in which the balance of an address isrecorded directly instead of calculating all the unspenttransaction amounts. Fabric exploits key-value model, inwhich data is represented in key-value pairs stored inblockchains.

• Consensus Algorithms. Ethereum and RSK adopt PoW,in which the validation of the trustfulness of a blockis equivalent to the solution of a computationally diffi-cult problem (i.e., a puzzle). PoW consensus algorithmsare typically computational-intensive. Fabric chooses toPBFT consensus algorithm [24], in which several roundsof voting among authenticated nodes are taken to reachthe consensus. Therefore, PBFT is network-intensive.In contrast, Corda adopts a simple consensus algorithmnamely Raft to achieve the consensus between differentsectors at the level of individual deals instead of a globalsystem. Similarly, Stellar develops a simply consensusalgorithm named SCP to reach the consensus. EOS usesthe combination of BFT and DPOS.

• Permission. Ethereum, EOS and RSK are public(i.e.permissionless) smart contract platforms and eachuser can arbitrarily join the network while Corda andHyperledger are private platforms only allowing authen-ticated users to access. Stellar sitting between public andprivate blockchains is a consortium blockchain acrossdifferent enterprise sectors (or organizations).

• Applications of smart contract. Unlike Corda, Stellar andRSK only support digital-currency while Ethereum andFabric cater for a wider diversity of applications ranging

12

Smart contract Development1

2 The node broadcasts the

transaction to the P2P network

The P2P network validates

the transcaction 3

4The validated transaction is

then appended to other

transactions to form a block

newly added

Virtual Machine (or Docker container)

Block i+ 1i+ 1

Timestamp

Hash of block ii

Nonce

TX 2 TX nnTX 1

MerkleRoot

Address

Smart-contract Code

Compiler

01001000 01100101 01101100

01101100 01101111 00101100

00100000 01010011 01101101

01100001 01110010 01110100

00100000 01000011 01101111

01101110 01110100 01110010

01100001 01100011 01110100

Machine Code(Bytecode)

0

Hardware

Host OS

Smart-contract Client

Deployment

Interaction via

transactions

Money Transfer

Alice Bob

Figure 5. Workflow of a smart contract

from digital currency, digital-asset management, capitalinvestment, public sector to sharing economy. In thefuture, Corda, EOS, Stellar and RSK and their derivativesmay support more general applications.

C. Example of developing a smart contract

We next show how to develop and deploy a smart contract.Take a contract of money transfer between Alice and Bob asan example as shown in Figure 5. After several rounds ofnegotiations, the agreement between Alice and Bob reaches.Then the agreement is implemented by a smart contractlanguage (e.g., Solidity in Ethereum and Golang in Fabric).The smart contract code is next compiled via a compiler (e.g.,solc for Solidity), which generates machine code (or bytecode)running on top of either virtual machines (e.g., EVM, JVM) orDocker containers at a smart contract client. The smart contractclient is essentially connected through a peer-to-peer network.After the smart contract is deployed across the blockchainnetwork, a unique contract address is returned to the client tosupport the future interactions. Thereafter, users can interactwith the blockchain network via executing transactions in thesmart contract (e.g., deducting the specified amount of moneyfrom Alice’s digital wallet and increasing the corresponding

// mortal.solpragma solidity ˆ0.4.0;contract mortal {

/* Define variable owner of the type address*/

address owner;/* This function is executed at

initialization */constructor() internal { owner =

msg.sender; }/* Function to send 500 wei to receiver’s

address; 10ˆ18 wei=1 ether; */function fundtransfer(address receiver)

public { if (msg.sender == owner){receiver.transfer(500);} }

}

Figure 6. Example of smart contract written in Solidity inEthereum

amount of money in Bob’s wallet). It is worth mentioning thateach transaction needs to be validated across the blockchainnetwork via the consensus algorithms as shown in Figure5. The validated transaction is then appended to the list oftransactions. Since every node has a copy of the updatedblockchain, it is difficulty to falsify the blockchain data.

Coding Sample. The syntax of Solidity is similar toJavaScript and it also supports inheritance and user-definedtypes. Figure 6 shows an example of a smart contract writtenin Solidity.

V. APPLICATIONS OF SMART CONTRACT

Smart contracts have a broad spectrum of applications rang-ing from Internet of Things to sharing economy. In particular,we roughly categorize major smart contract applications intosix types as shown in Figure 7. We next describe them indetails.

A. Internet of ThingsInternet of things (IoT) that is one of the most promising

technologies can support numerous applications includingsupply chain management, inventory control systems, retailers,access control, libraries, e-health systems, industrial Internet[97], [98], [99]. The main initiative of IoT is to integrate“smart” objects (i.e., “things”) into the Internet and to providevarious services to users [100]. IoT has been proposed toautomate various business transactions in an implicit way.

With the integration with smart contracts, the potentialsof IoT can be unleashed. Take industrial manufacturing asan example. Most current manufacturers maintain their IoTecosystems in a centralized manner. For instance, firmwareupdates can only be obtained at the central server manuallyby various IoT devices through querying from devices tothe server. Smart contracts offer an automatic solution tothis problem [101]. Manufacturers can place firmware updatehashes on smart contracts deployed on blockchains distributedthroughout the whole network. Devices can then obtain thefirmware hashes from smart contracts automatically. In thisway, resources are greatly saved.

Smart contracts can also bring benefits to IoT e-businessmodel. For example, the traditional e-business model oftenrequires a third party serving as an agent to complete the pay-ment. However, this centralized payment is costly and cannot

13

Internet of Things

sensor

Data provenance

Sharing economy

Finance

Public sector

Distributed System

Security

Smart Contract

Blockchain

Figure 7. Smart contract applications

fully utilize advantages of IoT. In [4], Distributed autonomousCorporations (DACs) were proposed to automate transactions,in which there are no traditional roles like governments orcompanies involved with the payment. Being implemented bysmart contracts, DACs can work automatically without humanintervention. Moreover, smart contracts can also help to speedup conventional supply chains. For example, the marriage ofsupply chains with smart contracts can automate contractualrights and obligations during the payment and the delivery ofgoods while all the parties in the whole process are trustful.

B. Distributed system security

Smart contracts can bring benefits in improving the securityof distributed systems. Distributed Denial-of-Service (DDoS)attacks are one of major security threats in computer networks.Attackers flood the targeted machine with superfluous requeststo overload systems, consequently interrupting or suspendingInternet services [102]. Recently, a collaborative mechanismwas proposed to mitigate DDoS attacks [103]. Comparedwith traditional solutions, this scheme that is based on smartcontracts can tackle the attacks in a fully decentralized manner.In particular, once a server is attacked, the IP addresses ofattackers will be automatically stored in a smart contract. Inthis manner, other nodes will be informed of the addresses ofattackers. Furthermore, other security polices will be imme-diately enforced, e.g., filtering the traffic from the malicioususers.

Cloud computing is a promising technology to offer aubiquitous access of a shared pool of computing and stor-age resources to users [104]. Generally, users can purchasecloud services from trustful cloud service providers (CSPs).However, how to verify the trustfulness of CSPs becomes achallenge since CSPs often collude with each other to earnmore profits. Dong et al. [105] proposed a solution basedon game theory and smart contracts. The main idea of thisapproach is to let a client ask two cloud servers to computethe same task. During this process, smart contracts are usedto stimulate tension, betrayal and distrust between the clouds.In this way, users can easily determine the rational clouds thatwill not collude and cheat. Experiments based on the contractswritten in Solidity on the official Ethereum network were alsoconducted to verify the effectiveness of this proposal.

Moreover, brokers are typically used in cloud comput-ing. Users’ requests are checked by a broker to matchwith providers’ services. However, both users and serviceproviders must trust the broker. Once the broker is hijackedor compromised, both the parties become untrustful. Recently,Scoca et al. [9] proposed to use smart contracts to avoidthe usage of brokers. The main idea of their approach is touse distributed Service-Level-Agreements for Clouds (dSLAC)[106] to specify the needs via smart contracts. Meanwhile, autility function that evaluates the agreements according to bothparties’ preferences was proposed to solve the mismatchingproblem.

14

C. Finance

Smart contracts can potentially reduce financial risks, cutdown administration and service costs and improve the effi-ciency of financial services. We next explain the benefits ofsmart contracts in the following typical financial services.

• Capital markets and investment banking. The traditionalcapital markets have suffered from the long settlementcycles. Smart contracts can significantly shorten the set-tlement period from 20 days or more to 6 to 10 daysconsequently increasing attractiveness to customers. Asa result, it is predicted in [107] that it can bring 5% to6% demand growth in the future and lead to additionalincome.

• Commercial and retail banking. In additional to capi-tal markets, the adoption of smart contracts can alsobring benefits to the mortgage loan industry [108]. Con-ventional mortgage loans are typically complicated inthe origination, funding and servicing processes, conse-quently causing extra costs and delays. Smart contractscan potentially reduce the costs and the delays throughautomating the mortgage processes with the digitizationof legal documents in blockchains.

• Insurance. The application of smart contracts in the insur-ance industry can also reduce the processing overheadsand save the costs especially in claim handling [109].Take the motor insurance as an example. There aremultiple parties in a motor insurance: insurer, customers,garages, transport providers and hospitals [110]. Smartcontracts can automate the settlement of claims by shar-ing legal documents in the distributed ledger consequentlyimproving the efficiency, reducing the claim processingtime and saving costs. For another example, the insurancegaint AXA has launched its insurance for flight delaybased on Ethereum smart contracts. Passengers whopurchase flight insurances will automatically sign a smartcontract, which connects to the global air traffic database.If the system notices a flight delay of over two hours,it will trigger a function in the smart contract, therebypassengers being paid immediately.

D. Data provenance

In addition to financial services, smart contracts can alsobe used to ensure information quality in scientific researchand public health. It is reported in [111] that fabrication orfalsification of data in clinical trials have occurred frequentlyin recent years. For another example, one paper publishedin Nature in 2009 was reported to contain fraud data con-ducted by Haruko Obokata [112]. The fabricated data caneither mislead the ongoing research directions or hamper therecovery of patients. Consequently, it can seriously underminethe scientific and public trust.

Data provenance has been subsequently proposed to mit-igate this problem. The main idea of data provenance is tostore the meta-data information of data origin, derivation andtransformation. However, there are a number of challengesin enforcing data provenance. For example, most provenancelogging tools such as Progger [113] and Trusted Platform

Illegal

file

Original

file

Blockchain

Compare

OffenderUser database

Get

Decode

Illegal file

Decode process

Acquire

Buyer address &

commodity ID

Punish

Law enforcement officers

Figure 8. Smart contract to protect intellectual property

Module (TPM) [114] store data activities along with privacy-sensitive information (e.g., user ID, accessing time and userroles). How to preserve the privacy information is a chal-lenge. Ramachandran and Kantarcioglu [115] proposed a dataprovenance system based on smart contracts and blockchains.Researchers can submit their encrypted data to this system.When there are any data changes, smart contracts will beinvoked to track the transformations made to the data. In thismanner, any malicious falsifications of data can be captured.

In addition, Liang et al. [116] proposed ProvChain to collectand verify cloud data provenance. The main idea of ProvChainis to embed provenance data into blockchain transactions sothat any data modifications are traceable. ProvChain consistsof three procedures: provenance data collection, provenancedata storage and provenance data validation. Experimentalresults demonstrate that ProvChain offers tamper-proof dataprovenance, privacy-preservation and data reliability.

Moreover, smart contract can be used to protect intellectualproperty of creative digital media. For example, Figure 8shows an example of this application. Each digital productis embedded with a unique digital watermark (such as buyer’sdigital wallet address and product ID). If there is any infringe-ment (e.g., the buyer sells the digital product to others withoutthe permission from the creator), the law enforcement officercan trace the illegal file with the original file via extractingthe digital watermark and comparing the digital wallet addresswith buyer’s. As a result, the infringement of property-rightcan be easily identified. The whole procedure can be achievedthrough smart contracts and blockchains.

E. Sharing economy

The sharing economy brings many benefits such as reducingconsumer costs by borrowing and recycling items, improvingresource usage, enhancing quality of service, lowering theenvironment impacts [119]. However, most current sharingeconomy platforms are suffering from high transaction costsof customers, privacy exposure and unreliability of trustedthird parties due to the centralization. Smart contracts canpotentially reshape sharing economy by decentralizing sharingeconomy platforms.

Bogner et al. [3] proposed a novel sharing economy plat-form based on Ethereum smart contracts. In particular, thissystem allows users to register and share their items withouta trusted third party. Meanwhile, personal information is also

15

Table V. Comparison of smart contract applications

Application Benefits Use Cases

Internet of Things [101], [4]

XReducing the cost for maintaining central server (1) IoT device firmware auto-updating

XAutomating P2P business trading (2) Supply chains speeding up

XReducing cost for trusted third parties

Distributed Systems Security[103], [105], [9]

XSharing attack list quickly and reliably (1) Mitigating DDoS attack in computer networks

XVerifying the trustfulness of cloud service providers (2) Cloud computing

XAvoiding usage of brokers

Finance [107], [108], [109]

XReducing financial risks (1) Capital markets and investment banking

XLowering administration and service costs (2) Commercial and retail banking

XImproving efficiency of financial services (3) Insurance

Data Provenance [115], [116]

XCapturing malicious data falsification (1) Scientific research

XImproving data reliability (2) Public health

XPreserving privacy (3) Cloud data provenance

Sharing Economy [3], [117],[118]

XReducing consumer costs (1) Item sharing

XReducing cost for trusted third parties (2) P2P automatic payment systems

XPreserving privacy (3) Currency exchange platforms

Public sector [5], [8], [7]

XPreventing data fraudulence (1) E-voting systems

XData transparency of public information (2) Personal reputation systems

XPreserving privacy (3) Smart property exchange platforms

privacy-preserved. The practical implementation also verifiesthe effectiveness of the system. In addition, the fusion ofInternet of Things (IoT) and smart contracts can also advancesharing economy applications. Huckle et al. [117] discussedthe integration of IoT with blockchains to develop sharingeconomy applications such as peer-to-peer automatic paymentsystems, traveling systems, digital assets management andcurrency exchange platforms.

Meanwhile, a privacy respecting approach was proposedin [118] for blockchain-based sharing economy applications.This scheme mainly solves the privacy leakage problem ofblockchain-based systems due to the public openness ofblockchains. In particular, a zero-knowledge approach wasapplied to this system. Realistic implementation also demon-strates the effectiveness of the proposed mechanism.

F. Public sector

Smart contracts along with blockchain technology are alsoreshaping the public sector management. Blockchain can es-sentially prevent data fraudulence and provide the transparencyof public information. Take a public bidding as an example.The integration of blockchains and smart contracts can proveidentities of both bidders and bidding entities, automate thebidding process, provide auditing and reviewing supports.

There are several challenges in e-voting systems, such asuser identity verification and user privacy preservation (orvoting anonymity). Smart contracts also offer the solution toe-voting systems. A blockchain-based voting system namedFollow My Vote8 was proposed to verify user identities without

8Follow My Vote https://followmyvote.com/

the disclosure of user privacy. However, it still relies on atrusted third authority to shuffle the voters so as not to revealuser privacy. McCorry et al. [5] utilized the knowledge ofself-tallying voting protocols (i.e., voters can count the voteswithout a trusted third party) to build a fair voting systembased on smart contracts. In this way, votes can be keptprivately while user identities are verifiable at the same time.

Smart contracts can also be used to establish personal digitalidentity and reputation. For example, Tsinghua UniversityUser Reputation System (TURS) [8] is an online identitymanagement system based on smart contracts. The TURSprofile of a person is based on three aspects: personal reputa-tion, online reputation and professional reputation. Users canprotect their private information via smart contracts that grantaccess permissions to other users by programmable clauses(statements). Meanwhile, all the transactions that are recordedinto blockchains cannot be tampered with or removed.

Hillbom and Tillstrom [7] proposed a smart property own-ership exchange protocol based on the smart property con-cept firstly proposed by Szabo [120]. In this protocol, eachparty in the transaction communicates with each other viaBitmessage [121]. After the negotiation of the trading details(e.g., a car’s digital certificate issued by its manufacturer), thebuyer constructs and signs a raw transaction that reassignsthe property ownership to the buyer himself/herself. Afterthe signed transaction is sent to the seller, the seller thenchecks the transaction information. If it is correct, the sellersigns on the received transaction and broadcasts it publicly.Moreover, to ensure the consistency, the whole ownershiptransfer process has to be conducted in an atomic way. Inother words, any failure during the whole process will abort

16

the whole ownership transfer process. For example, if the sellerdoes not sign the transaction, he/she will not get the funds fromthe buyer. Moreover, Li et al. [122] proposed a secure energytrading system based on consortium blockchain technology.In particular, a credit-based payment scheme was proposed tosupport fast energy trading without a trusted intermediary.

Summary. Table V compares the smart contract applications.As shown in Table V, smart contracts can bring numerousbenefits for the aforementioned applications. In summary,smart contracts have the merits like reducing the dependenceon the trusted third parties, lowering the cost, improving thedata reliability and offering privacy-preservation.

VI. CONCLUSION

This article presents an overview on the state-of-the-art ofsmart contracts. In particular, we first provide a brief reviewon smart contract and blockchain technologies. We then pointout the challenges in smart contracts in different aspects ofcreation, deployment, execution, completion of smart con-tracts. Meanwhile, we also discuss the recent advances insolving these challenges. We next compare several major smartcontract platforms. Moreover, we categorize smart contractapplications and enumerate several typical use cases in eachcategory of applications. In summary, we hope this paperwill serve as a guidance to developing secure and scalablesmart contract applications and promote the evolvement ofblockchain technologies.

On top of blockchains, smart contract is developing rapidlyalbeit there are still a number of challenges to be addressed.Most of current research topics on smart contract focus onprogramming language, security and privacy issues while theproliferation of blockchain and smart contract applications alsoposes new challenges. Like other computer software tools,smart contracts also contain a number of bugs which are gen-erated unintentionally or mischievously. However, detectingand identifying these bugs will require extensive efforts inaspects of software engineering and data analytics. In addition,although enterprise practitioners lack of knowledge in com-puting programming, they have the expertise in operationaltechnology and law making (i.e., making contracts), whichhowever is the deficiency of computer programmers. How tofill the gap between operational technology (OT) and informa-tion technology (IT) is of great importance to the developmentof smart contracts. The integration of software technology,natural language processing and artificial intelligence is apossible remedy to this challenge in the future.

ACKNOWLEDGEMENT

The work described in this paper was supported by theNational Key Research and Development Program (2016-YFB1000101), the National Natural Science Foundation ofChina under (61472338) and the Fundamental Research Fundsfor the Central Universities. Imran’s work is supported bythe Deanship of Scientific Research at King Saud Universitythrough the research group project number RG-1435-051. Theauthors would like to thank anonymous reviewers who haveprovided constructive comments greatly improving the paper.

REFERENCES

[1] Nick Szabo. The idea of smart contracts. Nick Szabo’s Papers andConcise Tutorials, 1997.

[2] Hong-Ning Dai, Zibin Zheng, and Yan Zhang. Blockchain for internetof things: A survey. IEEE Internet of Things Journal, 2019.

[3] Andreas Bogner, Mathieu Chanson, and Arne Meeuw. A decentralisedsharing app running a smart contract on the ethereum blockchain. InProceedings of the 6th International Conference on the Internet ofThings, pages 177–178, 2016.

[4] Yu Zhang and Jiangtao Wen. An IoT electric business model based onthe protocol of bitcoin. In Proceedings of 18th International Conferenceon Intelligence in Next Generation Networks (ICIN), pages 184–191,2015.

[5] Patrick McCorry, Siamak F Shahandashti, and Feng Hao. A smartcontract for boardroom voting with maximum voter privacy. IACRCryptology ePrint Archive, 2017:110, 2017.

[6] Loi Luu, Yaron Velner, Jason Teutsch, and Prateek Saxena. SMARTPOOL: Practical Decentralized Pooled Mining. In 26th USENIXSecurity Symposium (USENIX Security), pages 1409–1426, 2017.

[7] Erik Hillbom and Tobias Tillstrom. Applications of smart contracts andsmart property utilizing blockchains. Msc thesis in computer science,Chalmers University of Technology and University of Gothenburg,Sweden, 2016.

[8] Affan Yasin and Lin Liu. An online identity and smart contract man-agement system. In Proceedings of 40th Annual Computer Softwareand Applications Conference (COMPSAC), volume 2, pages 192–198,2016.

[9] Vincenzo Scoca, Rafael Brundo Uriarte, and Rocco De Nicola. Smartcontract negotiation in cloud computing. In Cloud Computing(CLOUD), 2017 IEEE 10th International Conference on, pages 592–599. IEEE, 2017.

[10] Jiafu Wan, Jiapeng Li, Muhammad Imran, Di Li, et al. A blockchain-based solution for enhancing security and privacy in smart factory.IEEE Transactions on Industrial Informatics, 2019.

[11] Sana Moin, Ahmad Karim, Zanab Safdar, Kalsoom Safdar, EjazAhmed, and Muhammad Imran. Securing iots in distributed blockchain:Analysis, requirements and open issues. Future Generation ComputerSystems, 2019.

[12] Zibin Zheng, Shaoan Xie, Hongning Dai, Xiangping Chen, andHuaimin Wang. An overview of blockchain technology: Architecture,consensus, and future trends. In 2017 IEEE International Congress onBig Data (BigData Congress), pages 557–564. IEEE, 2017.

[13] Steve Omohundro. Cryptocurrencies, smart contracts, and artificialintelligence. AI matters, 1(2):19–21, 2014.

[14] Xiaoqi Li, Peng Jiang, Ting Chen, Xiapu Luo, and Qiaoyan Wen.A survey on the security of blockchain systems. Future GenerationComputer Systems, 2017.

[15] Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. A Surveyof Attacks on Ethereum Smart Contracts (SoK). In Proceddings ofInternational Conference on Principles of Security and Trust, pages164–186, 2017.

[16] Kevin Delmolino, Mitchell Arnett, Ahmed Kosba, Andrew Miller, andElaine Shi. Step by step towards creating a safe smart contract: Lessonsand insights from a cryptocurrency lab. In Proceedings of InternationalConference on Financial Cryptography and Data Security, pages 79–94, 2016.

[17] Dominik Harz and William Knottenbelt. Towards safer smart contracts:A survey of languages and verification methods. arXiv preprintarXiv:1809.09805, 2018.

[18] Massimo Bartoletti and Livio Pompianu. An empirical analysis ofsmart contracts: platforms, applications, and design patterns. InInternational Conference on Financial Cryptography and Data Security,pages 494–509. Springer, 2017.

[19] Maher Alharby and Aad van Moorsel. Blockchain-based smart con-tracts: A systematic mapping study. arXiv preprint arXiv:1710.06372,2017.

[20] Daniel Macrinici, Cristian Cartofeanu, and Shang Gao. Smart contractapplications within blockchain technology: A systematic mappingstudy. Telematics and Informatics, 2018.

[21] Shuai Wang, Yong Yuan, Xiao Wang, Juanjuan Li, Rui Qin, and Fei-Yue Wang. An overview of smart contract: architecture, applications,and future trends. In 2018 IEEE Intelligent Vehicles Symposium (IV),pages 108–113. IEEE, 2018.

[22] Weili Chen, Zibin Zheng, Jiahui Cui, Edith Ngai, Peilin Zheng, andYuren Zhou. Detecting ponzi schemes on ethereum: Towards healthierblockchain technology. In Proceedings of the 2018 World Wide

17

Web Conference on World Wide Web, pages 1409–1418. InternationalWorld Wide Web Conferences Steering Committee, 2018.

[23] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system,2008.

[24] Miguel Castro, Barbara Liskov, et al. Practical byzantine fault toler-ance. In OSDI, volume 99, pages 173–186, 1999.

[25] Sunny King and Scott Nadal. Ppcoin: Peer-to-peer crypto-currencywith proof-of-stake. Self-Published Paper, August, 19, 2012.

[26] Zibin Zheng, Shaoan Xie, Hong-Ning Dai, Xiangping Chen, andHuaimin Wang. Blockchain challenges and opportunities: A survey.International Journal of Web and Grid Services, 14(4):352–375, 2018.

[27] Don Tapscott and Alex Tapscott. Blockchain Revolution: How thetechnology behind Bitcoin is changing money, business, and the world.Penguin, 1 edition, 2016.

[28] Ming Li, Jian Weng, Anjia Yang, Wei Lu, Yue Zhang, Lin Hou, Jia-NanLiu, Yang Xiang, and Robert H. Deng. CrowdBC: A Blockchain-basedDecentralized Framework for Crowdsourcing. IEEE Transactions onParallel and Distributed Systems, 2018.

[29] John Ream, Yang Chu, and David Schatsky. Upgrading blockchains:Smart contract use cases in industry. Deloitte Press, 2016.

[30] Florian Idelberger, Guido Governatori, Regis Riveret, and GiovanniSartor. Evaluation of logic-based smart contracts for blockchainsystems. In International Symposium on Rules and Rule MarkupLanguages for the Semantic Web (RuleML), pages 167–183. Springer,2016.

[31] Christian Sillaber and Bernhard Waltl. Life cycle of smart contractsin blockchain ecosystems. Datenschutz und Datensicherheit - DuD,41(8):497–500, Aug 2017.

[32] Riikka Koulu. Blockchains and online dispute resolution: smartcontracts as an alternative to enforcement. SCRIPTed, 13:40, 2016.

[33] Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller,and Michael Bailey. Erays: reverse engineering ethereum’s opaquesmart contracts. In 27th {USENIX} Security Symposium ({USENIX}Security 18), pages 1371–1385, 2018.

[34] Christopher K Frantz and Mariusz Nowostawski. From institutions tocode: towards automated generation of smart contracts. In Proceedingsof IEEE International Workshops on Foundations and Applications ofSelf Systems, pages 210–215, 2016.

[35] Giovanni Ciatto, Roberta Calegari, Stefano Mariani, Enrico Denti, andAndrea Omicini. From the blockchain to logic programming and back:Research perspectives. WOA, 2018.

[36] Theodoros Kasampalis, Dwight Guth, Brandon Moore, Traian Ser-banuta, Virgil Serbanuta, Daniele Filaretti, Grigore Rosu, and RalphJohnson. Iele: An intermediate-level blockchain language designedand implemented using formal semantics. Technical report, 2018.

[37] Chris Lattner and Vikram Adve. Llvm: A compilation frameworkfor lifelong program analysis & transformation. In Proceedings ofthe international symposium on Code generation and optimization:feedback-directed and runtime optimization, page 75. IEEE ComputerSociety, 2004.

[38] Michael Coblenz. Obsidian: A safer blockchain programming lan-guage. In Proceedings of the 39th International Conference on SoftwareEngineering Companion, ICSE-C ’17, pages 97–99, 2017.

[39] Anastasia Mavridou and Aron Laszka. Tool demonstration: Fsolidm fordesigning secure ethereum smart contracts. In International Conferenceon Principles of Security and Trust, pages 270–277. Springer, 2018.

[40] Chao Liu, Han Liu, Zhao Cao, Zhong Chen, Bangdao Chen, andBill Roscoe. Reguard: finding reentrancy bugs in smart contracts.In Proceedings of the 40th International Conference on SoftwareEngineering: Companion Proceeedings, pages 65–68. ACM, 2018.

[41] Joseph Bonneau, Jeremy Clark, and Steven Goldfeder. On bitcoinas a public randomness source. IACR Cryptology ePrint Archive,2015:1015, 2015.

[42] Arjen K Lenstra and Benjamin Wesolowski. A random zoo: sloth,unicorn, and trx. IACR Cryptology ePrint Archive, 2015:366, 2015.

[43] Benedikt Bunz, Steven Goldfeder, and Joseph Bonneau. Proofs-of-delay and randomness beacons in ethereum. IEEE Security and Privacyon the blockchain (IEEE S&B), 2017.

[44] Ting Chen, Xiaoqi Li, Xiapu Luo, and Xiaosong Zhang. Under-optimized smart contracts devour your money. In Proceedings of24th International Conference on Software Analysis, Evolution andReengineering (SANER), pages 442–446, 2017.

[45] Ting Chen, Zihao Li, Hao Zhou, Jiachi Chen, Xiapu Luo, XiaoqiLi, and Xiaosong Zhang. Towards saving money in using smartcontracts. In 2018 IEEE/ACM 40th International Conference onSoftware Engineering: New Ideas and Emerging Technologies Results(ICSE-NIER), pages 81–84. IEEE, 2018.

[46] Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and AquinasHobor. Making smart contracts smarter. In Proceedings of the2016 ACM SIGSAC Conference on Computer and CommunicationsSecurity, pages 254–269, 2016.

[47] Elvira Albert, Pablo Gordillo, Benjamin Livshits, Albert Rubio, andIlya Sergey. Ethir: A framework for high-level analysis of ethereumbytecode. In International Symposium on Automated Technology forVerification and Analysis, pages 513–520. Springer, 2018.

[48] Markus Knecht and Burkhard Stiller. Smartdemap: A smart contractdeployment and management platform. In Proceedings of InternationalConference on Autonomous Infrastructure, Management and Security,pages 159–164, 2017.

[49] Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, BernhardScholz, and Yannis Smaragdakis. Madmax: Surviving out-of-gasconditions in ethereum smart contracts. Proceedings of the ACM onProgramming Languages, 2(OOPSLA):116, 2018.

[50] Johannes Krupp and Christian Rossow. teether: Gnawing at ethereumto automatically exploit smart contracts. In 27th {USENIX} SecuritySymposium ({USENIX} Security 18), pages 1317–1333, 2018.

[51] Lexi Brent, Anton Jurisevic, Michael Kong, Eric Liu, Francois Gau-thier, Vincent Gramoli, Ralph Holz, and Bernhard Scholz. Vandal: Ascalable security analysis framework for smart contracts. arXiv preprintarXiv:1809.03981, 2018.

[52] Neville Grech, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis.Gigahorse: Thorough, declarative decompilation of smart contracts.

[53] Sidney Amani, Myriam Begel, Maksym Bortin, and Mark Staples.Towards verifying ethereum smart contract bytecode in isabelle/hol.In Proceedings of the 7th ACM SIGPLAN International Conferenceon Certified Programs and Proofs, pages 66–77. ACM, 2018.

[54] Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet,Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kula-tova, Aseem Rastogi, Thomas Sibut-Pinote, Nikhil Swamy, and San-tiago Zanella-Beguelin. Formal verification of smart contracts: Shortpaper. In Proceedings of the 2016 ACM Workshop on ProgrammingLanguages and Analysis for Security, PLAS, 2016.

[55] Nikhil Swamy, Catalin Hritcu, Chantal Keller, Aseem Rastogi, An-toine Delignat-Lavaud, Simon Forest, Karthikeyan Bhargavan, CedricFournet, Pierre-Yves Strub, Markulf Kohlweiss, Jean-Karim Zinzin-dohoue, and Santiago Zanella-Beguelin. Dependent types andmulti-monadic effects in f*. In Proceedings of the 43rd AnnualACM SIGPLAN-SIGACT Symposium on Principles of ProgrammingLanguages, POPL, pages 256–270, 2016.

[56] Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. Zeus:Analyzing safety of smart contracts. In 25th Annual Network andDistributed System Security Symposium, NDSS, pages 18–21, 2018.

[57] Kenneth L McMillan. Interpolants and symbolic model checking. InInternational Workshop on Verification, Model Checking, and AbstractInterpretation, pages 89–90. Springer, 2007.

[58] Han Liu, Chao Liu, Wenqi Zhao, Yu Jiang, and Jiaguang Sun. S-gram:towards semantic-aware security auditing for ethereum smart contracts.In Proceedings of the 33rd ACM/IEEE International Conference onAutomated Software Engineering, pages 814–819. ACM, 2018.

[59] TonTon Hsien-De Huang. Hunting the ethereum smart con-tract: Color-inspired inspection of potential attacks. arXiv preprintarXiv:1807.01868, 2018.

[60] A Tann, Xing Jie Han, Sourav Sen Gupta, and Yew-Soon Ong. Towardssafer smart contracts: A sequence learning approach to detectingvulnerabilities. arXiv preprint arXiv:1811.06632, 2018.

[61] Jeremy Charlier, Sofiane Lagraa, Radu State, and Jerome Francois.Profiling smart contracts interactions tensor decomposition and graphmining. In Proceedings of the Second Workshop on MIning DAta forfinancial applicationS (MIDAS 2017), pages 31–42, 2017.

[62] Michael Frowis and Rainer Bohme. In code we trust? In DataPrivacy Management, Cryptocurrencies and Blockchain Technology,pages 357–372. Springer, 2017.

[63] Ivica Nikolic, Aashish Kolluri, Ilya Sergey, Prateek Saxena, andAquinas Hobor. Finding the greedy, prodigal, and suicidal contractsat scale. In Proceedings of the 34th Annual Computer SecurityApplications Conference, pages 653–663. ACM, 2018.

[64] Ying Fu, Meng Ren, Fuchen Ma, Yu Jiang, Heyuan Shi, and JiaguangSun. Evmfuzz: Differential fuzz testing of ethereum virtual machine.arXiv preprint arXiv:1903.08483, 2019.

[65] Fan Zhang, Ethan Cecchetti, Kyle Croman, Ari Juels, and ElaineShi. Town crier: An authenticated data feed for smart contracts. InProceedings of the 2016 ACM SIGSAC Conference on Computer andCommunications Security, pages 270–282, 2016.

18

[66] John Adler, Ryan Berryhill, Andreas Veneris, Zissis Poulos, Neil Veira,and Anastasia Kastania. Astraea: A decentralized blockchain oracle.arXiv preprint arXiv:1808.00528, 2018.

[67] Steve Ellis. A decentralized oracle network steve ellis, ari juels, andsergey nazarov. 2017.

[68] Anastasia Mavridou and Aron Laszka. Designing secure ethereumsmart contracts: A finite state machine based approach. arXiv preprintarXiv:1711.09327, 2017.

[69] Christopher Natoli and Vincent Gramoli. The blockchain anomaly. In2016 IEEE 15th International Symposium on Network Computing andApplications (NCA), pages 310–317. IEEE, 2016.

[70] Thomas Dickerson, Paul Gazzillo, Maurice Herlihy, and Eric Koskinen.Adding concurrency to smart contracts. In Proceedings of the ACMSymposium on Principles of Distributed Computing, PODC, pages303–312. ACM, 2017.

[71] Ilya Sergey and Aquinas Hobor. A concurrent perspective on smartcontracts. In International Conference on Financial Cryptography andData Security, 2017.

[72] Parwat Singh Anjana, Sweta Kumari, Sathya Peri, Sachin Rathor, andArchit Somani. An efficient framework for concurrent execution ofsmart contracts. arXiv preprint arXiv:1809.01326, 2018.

[73] Santiago Bragagnolo, Henrique Rocha, Marcus Denker, and StephaneDucasse. Smartinspect: solidity smart contract inspector. In 2018International Workshop on Blockchain Oriented Software Engineering(IWBOSE), pages 9–18. IEEE, 2018.

[74] Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalam-pos Papamanthou. Hawk: The blockchain model of cryptographyand privacy-preserving smart contracts. In Proceedings of 2016 IEEESymposium on Security and Privacy (SP), pages 839–858, 2016.

[75] Guy Zyskind, Oz Nathan, and Alex Pentland. Enigma: Decentral-ized computation platform with guaranteed privacy. arXiv preprintarXiv:1506.03471, 2015.

[76] Maria Apostolaki, Gian Marti, Jan Mller, and Laurent Vanbever.SABRE: Protecting Bitcoin against Routing Attacks. arXiv preprintarXiv:1808.06254, 2018.

[77] Massimo Bartoletti, Salvatore Carta, Tiziana Cimoli, and Roberto Saia.Dissecting ponzi schemes on ethereum: identification, analysis, andimpact. arXiv preprint arXiv:1703.03779, 2017.

[78] Massimo Bartoletti, Barbara Pes, and Sergio Serusi. Data mining fordetecting bitcoin ponzi schemes. In 2018 Crypto Valley Conferenceon Blockchain Technology (CVCBT), pages 75–84. IEEE, 2018.

[79] Christof Ferreira Torres and Mathis Steichen. The art of the scam:Demystifying honeypots in ethereum smart contracts. arXiv preprintarXiv:1902.06976, 2019.

[80] Elinor Ostrom. Collective action and the evolution of social norms.Journal of Natural Resources Policy Research, 6(4):235–252, 2014.

[81] Xiaoqi Li, Peng Jiang, Ting Chen, Xiapu Luo, and Qiaoyan Wen.A survey on the security of blockchain systems. Future GenerationComputer Systems, 2017.

[82] Joseph Bonneau, Jeremy Clark, and Steven Goldfeder. On bitcoinas a public randomness source. IACR Cryptology ePrint Archive,2015:1015, 2015.

[83] The DAO, The Hack, The Soft Fork and The Hard Fork, 2017.[84] Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais,

Florian Buenzli, and Martin Vechev. Securify: Practical securityanalysis of smart contracts. In Proceedings of the 2018 ACM SIGSACConference on Computer and Communications Security, pages 67–82.ACM, 2018.

[85] Abraham Silberschatz, Henry F. Korth, and S. Sudarshan. DatabaseSystem Concepts. McGraw-Hill Education, 6 edition, 2010.

[86] Gilad Bracha and David Ungar. Mirrors: design principles for meta-level facilities of object-oriented programming languages. In ACMSIGPLAN Notices, volume 39, pages 331–344. ACM, 2004.

[87] Dorit Ron and Adi Shamir. Quantitative analysis of the full bitcointransaction graph. In Financial Cryptography and Data Security:17th International Conference, FC 2013, Okinawa, Japan, pages 6–24.Springer Berlin Heidelberg, 2013.

[88] Maria Apostolaki, Aviv Zohar, and Laurent Vanbever. HijackingBitcoin: Routing attacks on cryptocurrencies. In Security and Privacy(SP), IEEE Symposium on, pages 375–392. IEEE, 2017.

[89] Vitalik Buterin et al. Ethereum white paper, 2013.[90] Christian Cachin. Architecture of the Hyperledger blockchain Fabric.

In Workshop on Distributed Cryptocurrencies and Consensus Ledgers,2016.

[91] Richard Gendal Brown. The corda platform: An introduction. 2018.[92] David Mazieres. The stellar consensus protocol: A federated model

for internet-level consensus. 2016.

[93] Sergio Demian Lerner. Rootstock whitepaper. 2015.[94] Thomas Bocek and Burkhard Stiller. Smart Contracts – Blockchains

in the Wings, pages 169–184. Springer, Berlin, Heidelberg, 2018.[95] Heidi Howard, Malte Schwarzkopf, Anil Madhavapeddy, and Jon

Crowcroft. Raft refloated: Do we have consensus? SIGOPS Oper.Syst. Rev., 49(1):12–21, January 2015.

[96] EOS IO. Eos. io technical white paper. EOS. IO (accessed 18December 2017) https://github. com/EOSIO/Documentation, 2017.

[97] Riyaz Ahamed Ariyaluran Habeeb, Fariza Nasaruddin, Abdullah Gani,Ibrahim Abaker Targio Hashem, Ejaz Ahmed, and Muhammad Im-ran. Real-time big data processing for anomaly detection: A survey.International Journal of Information Management, 2018.

[98] Hasan Ali Khattak, Munam Ali Shah, Sangeen Khan, Ihsan Ali, andMuhammad Imran. Perception layer security in internet of things.Future Generation Computer Systems, 2019.

[99] Ibrar Yaqoob, Ejaz Ahmed, Muhammad Habib ur Rehman, Abdelmut-tlib Ibrahim Abdalla Ahmed, Mohammed Ali Al-garadi, MuhammadImran, and Mohsen Guizani. The rise of ransomware and emergingsecurity challenges in the internet of things. Computer Networks,129:444–458, 2017.

[100] Daniele Miorandi, Sabrina Sicari, Francesco De Pellegrini, and Im-rich Chlamtac. Internet of things: Vision, applications and researchchallenges. Ad Hoc Networks, 10(7):1497 – 1516, 2012.

[101] Konstantinos Christidis and Michael Devetsikiotis. Blockchains andsmart contracts for the internet of things. IEEE Access, 4:2292–2303,2016.

[102] Steve Mansfield-Devine. The growth and evolution of ddos. NetworkSecurity, 2015(10):13–20, 2015.

[103] Bruno Rodrigues, Thomas Bocek, Andri Lareida, David Hausheer,Sina Rafati, and Burkhard Stiller. A blockchain-based architecture forcollaborative ddos mitigation with smart contracts. In Proceedings ofInternational Conference on Autonomous Infrastructure, Managementand Security, pages 16–29, 2017.

[104] H. Wang, P. Shi, and Y. Zhang. JointCloud: A Cross-Cloud CooperationArchitecture for Integrated Internet Service Customization. In 2017IEEE 37th International Conference on Distributed Computing Systems(ICDCS), pages 1846–1855, June 2017.

[105] Changyu Dong, Yilei Wang, Amjad Aldweesh, Patrick McCorry, andAad van Moorsel. Betrayal, distrust, and rationality: Smart counter-collusion contracts for verifiable cloud computing. In Proceedings ofthe 2017 ACM SIGSAC Conference on Computer and CommunicationsSecurity (CCS), pages 211–227. ACM, 2017.

[106] Rafael Brundo Uriarte, Francesco Tiezzi, and Rocco De Nicola. Dy-namic slas for clouds. In Proceedings of European Conference onService-Oriented and Cloud Computing, pages 34–49, 2016.

[107] Bart Cant, Amol Khadikar, Antal Ruiter, Jakob Bolgen Bronebakk,Jean Coumaros, Jerome Buvat, and Abhishek Gupta. Smart contracts infinancial services: Getting from hype to reality. Capgemini Consulting,pages 1–26, 2016.

[108] Ye Guo and Chen Liang. Blockchain application and outlook in thebanking industry. Financial Innovation, 2(1):24, 2016.

[109] A Tapscott and D Tapscott. How blockchain is changing finance.Harvard Business Review, 1, 2017.

[110] Wenliang Du and Mikhail J Atallah. Secure multi-party computationproblems and their applications: a review and open problems. InProceedings of the 2001 workshop on New security paradigms, pages13–22, 2001.

[111] Stephen L George. Research misconduct and data fraud in clinicaltrials: prevalence and causal factors. International journal of clinicaloncology, 21(1):15–21, 2016.

[112] John Rasko and Carl Power. What pushes scientists to lie? thedisturbing but familiar story of haruko obokata. The Guardian, 18,2015.

[113] Ryan KL Ko and Mark A Will. Progger: An efficient, tamper-evidentkernel-space logger for cloud data provenance tracking. In CloudComputing (CLOUD), 2014 IEEE 7th International Conference on,pages 881–889. IEEE, 2014.

[114] M. M. B. Taha, S. Chaisiri, and R. K. L. Ko. Trusted tamper-evidentdata provenance. In 2015 IEEE Trustcom/BigDataSE/ISPA, pages 646–653, 2015.

[115] Aravind Ramachandran, Dr Kantarcioglu, et al. Using blockchain andsmart contracts for secure data provenance management. arXiv preprintarXiv:1709.10000, 2017.

[116] X. Liang, S. Shetty, D. Tosh, C. Kamhoua, K. Kwiat, and L. Njilla.Provchain: A blockchain-based data provenance architecture in cloudenvironment with enhanced privacy and availability. In 2017 17th

19

IEEE/ACM International Symposium on Cluster, Cloud and GridComputing (CCGRID), pages 468–477, 2017.

[117] Steve Huckle, Rituparna Bhattacharya, Martin White, and NataliaBeloff. Internet of things, blockchain and shared economy applications.Procedia Computer Science, 98:461–466, 2016.

[118] Lei Xu, Nolan Shah, Lin Chen, Nour Diallo, Zhimin Gao, Yang Lu,and Weidong Shi. Enabling the sharing economy: Privacy respectingcontract based on public blockchain. In Proceedings of the ACMWorkshop on Blockchain, Cryptocurrencies and Contracts, pages 15–21. ACM, 2017.

[119] Araz Taeihagh. Crowdsourcing, sharing economies and development.Journal of Developing Societies, 33(2):191–222, 2017.

[120] Nick Szabo. Formalizing and securing relationships on public net-works. First Monday, 2(9), 1997.

[121] Jonathan Warren. Bitmessage: A peer-to-peer message authenticationand delivery system. White Paper, 2012.

[122] Z. Li, J. Kang, R. Yu, D. Ye, Q. Deng, and Y. Zhang. Consortiumblockchain for secure energy trading in industrial internet of things.IEEE Transactions on Industrial Informatics, PP(99):1–1, 2017.