TY - GEN
T1 - A Mixed-Methods Study of Security Practices of Smart Contract Developers
AU - Sharma, Tanusree
AU - Zhou, Zhixuan
AU - Miller, Andrew
AU - Wang, Yang
N1 - Publisher Copyright:
© USENIX Security 2023. All rights reserved.
PY - 2023
Y1 - 2023
N2 - Smart contracts are self-executing programs that run on blockchains (e.g., Ethereum). While security is a key concern for smart contracts, it is unclear how smart contract developers approach security. To help fill this research gap, we conducted a mixed-methods study of smart contract developers including interviews and a code review task with 29 developers and an online survey with 171 valid respondents. Our findings show various smart contract security perceptions and practices, including the usage of different tools and resources. Overall, the majority of our participants did not consider security as a priority in their smart contract development. In addition, the security vulnerability identification rates in our code review tasks were alarmingly low (often lower than 50%) across different vulnerabilities and regardless of our participants' years of experience in smart contract development. We discuss how future education and tools could better support developers in ensuring smart contract security.
AB - Smart contracts are self-executing programs that run on blockchains (e.g., Ethereum). While security is a key concern for smart contracts, it is unclear how smart contract developers approach security. To help fill this research gap, we conducted a mixed-methods study of smart contract developers including interviews and a code review task with 29 developers and an online survey with 171 valid respondents. Our findings show various smart contract security perceptions and practices, including the usage of different tools and resources. Overall, the majority of our participants did not consider security as a priority in their smart contract development. In addition, the security vulnerability identification rates in our code review tasks were alarmingly low (often lower than 50%) across different vulnerabilities and regardless of our participants' years of experience in smart contract development. We discuss how future education and tools could better support developers in ensuring smart contract security.
UR - http://www.scopus.com/inward/record.url?scp=85173275168&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85173275168&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85173275168
T3 - 32nd USENIX Security Symposium, USENIX Security 2023
SP - 2545
EP - 2562
BT - 32nd USENIX Security Symposium, USENIX Security 2023
PB - USENIX Association
T2 - 32nd USENIX Security Symposium, USENIX Security 2023
Y2 - 9 August 2023 through 11 August 2023
ER -