Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach

TL;DR

This paper introduces FSolidM, a framework that uses finite state machines and design patterns to help developers create more secure Ethereum smart contracts with a graphical tool and automatic code generation.

Contribution

It presents a novel FSM-based framework with a graphical interface and security-enhancing plugins for designing and generating secure Ethereum smart contracts.

Findings

Provides a user-friendly tool for FSM-based contract design

Implements security and functionality plugins as design patterns

Facilitates automatic generation of Ethereum smart contracts

Abstract

The adoption of blockchain-based distributed computation platforms is growing fast. Some of these platforms, such as Ethereum, provide support for implementing smart contracts, which are envisioned to have novel applications in a broad range of areas, including finance and Internet-of-Things. However, a significant number of smart contracts deployed in practice suffer from security vulnerabilities, which enable malicious users to steal assets from a contract or to cause damage. Vulnerabilities present a serious issue since contracts may handle financial assets of considerable value, and contract bugs are non-fixable by design. To help developers create more secure smart contracts, we introduce FSolidM, a framework rooted in rigorous semantics for designing con- tracts as Finite State Machines (FSM). We present a tool for creating FSM on an easy-to-use graphical interface and for automatically generating Ethereum contracts. Further, we introduce a set of design patterns, which we implement as plugins that developers can easily add to their contracts to enhance security and functionality.