这是首次讨论智能合约设计模式的一篇论文,点击「阅读原文」可查看论文原文,本次分享的是摘要和介绍部分
Abstract— The idea to digitally facilitate contract law and business practices through computer programs has led to the notion of smart contracts. Today’s most prominent smart contract ecosystem is Ethereum, a blockchain based distributed computing platform. Due to the inherent nature of blockchain based contract execution, missing low level programming abstractions, and the constant evolution of platform features and security considerations, writing correct and secure smart contracts for Ethereum is a difficult task. Based on a Multivocal Literature Research and an analysis of the gathered data based on qualitative research methods, we mined a number of design patterns providing design guidelines. We describe those patterns in detail and provide exemplary code for better illustration. Our research shows that the patterns are widely used to address application requirements and common problems. We expect generalizability of some or all of the patterns for other smart contract ecosystems, but this is outside of the scope of this study, which studied only smart contract patterns in Ethereum.
摘要— 通过计算机程序以数字方式促进合同规则和商业实践这一想法引发了智能合约的概念。当今最重要的智能合约生态系统是以太坊,一种基于区块链的分布式计算平台。由于区块链的合约执行的固有性质——1)缺少底层编程抽象;2)平台功能和安全考虑因素在不断发展演变,为以太坊编写正确、安全的智能合约是一项艰巨的任务。在一项多声文献研究(MLR)与基于定性研究方法对收集到的数据进行分析的基础上,我们挖掘了许多提供设计指南的设计模式。我们将详细描述这些模式,并提供示例代码以更好地说明。我们的研究表明,这些模式被广泛用于解决应用程序需求和常见问题。我们期望某些或全部模式对于其它智能合约生态系统而言具有普遍性,但这超出了本研究的范围,本研究仅研究了以太坊中的智能合约模式。
I. INTRODUCTION
Bitcoin, which is the most popular cryptocurrency, records transactions in a decentralized data structure called blockchain and supports the feature to encode rules or simple scripts for processing transactions. This feature has evolved to the concept of smart contracts, self-executing computer programs that run on a blockchain to stipulate and enforce the negotiation and execution of (legal) contracts. The blockchain, or more precisely its decentralized nature, assures that contract initiated transactions are autonomously and truthfully executed. Today’s most prominent smart contract ecosystem is Ethereum, a blockchain based distributed computing platform, allowing anyone to write smart contracts with arbitrary rules in the platform’s leading language Solidity.
I. 介绍
比特币,目前最流行的加密货币,它在称为区块链的去中心化数据结构中记录交易,并支持对规则或简单脚本进行编码以处理交易的功能。
此功能目前已演变为智能合约的概念,即在区块链上运行的「自执行计算机程序」,该程序规定和实施(法律的)合约的协商和与执行。区块链——或更确切地说是其去中心化性质,确保了合约发起的交易能够自动、如实地执行。当今最著名的智能合约生态系统是以太坊,这是一个基于区块链的分布式计算平台,允许任何人使用该平台的领头语言 Solidity 编写具有任意规则的智能合约。
Despite the increasing popularity of smart contracts, their implementation involves a number of problems. First, rather unconventional programming paradigms are required, because of the inherent characteristics of blockchain-based program execution. For example, programmers have to consider the lack of execution control and the immutable character of smart contracts once they are deployed. Second, due to missing low-level programming abstractions the developer is responsible for the internal organization and manipulation of data at a deeper level. Third, the rapid transformation of platform features and security considerations requires continuous awareness of platform capabilities and potential security risks. Furthermore, smart contracts handle considerable financial values, therefore it is crucial that their implementation is correct and secure against attacks. Given these points, it is beneficial to have a solid foundation of established design and coding guidelines that promote the creation of correct and secure smart contracts, for example in the form of design patterns. Design patterns [1, 2] are a commonly used technique to encode design guidelines or best practices. They express an abstract or conceptual solution to a concrete, complex, and reoccurring problem. So far, design patterns have not received a lot of attention in Ethereum research and information on Solidity design and coding guidelines is scattered among different sources. In previous work [3] we have gathered security related design patterns. In this work, we focus on general design patterns for smart contracts in Ethereum. Our research aims to answer the following two research questions (RQs):
尽管智能合约越来越受欢迎,但它们的实施仍涉及许多问题。首先,由于区块链的序执行的固有特性,因此需要非常规的编程范例。例如,程序员必须考虑运行时控制的缺乏与智能合约一旦部署就具有的不变性。其次,由于缺少底层编程抽象,开发人员要负责内部组织和更深层次的数据处理。第三,平台功能和安全性考虑因素的快速转变要求对平台功能和潜在安全风险的持续了解。此外,智能合约往往涉及可观的金融资产,因此,正确执行智能合约并确保其不受攻击至关重要。
考虑到这些要点,为已建立的设计和编码指南(例如,以设计模式的形式)促进创建正确和安全的智能合约提供坚实的基础是有益的。设计模式 [1, 2] 是编码设计准则或最佳实践的常用技术。他们表达了针对具体,复杂且反复出现的问题的抽象或概念性解决方案。迄今为止,设计模式在以太坊研究中尚未引起足够的重视,有关 Solidity 设计和编码准则的信息分散在不同的来源中。在以往的工作中[3],我们收集了与安全性相关的设计模式。在本项工作中,我们专注于以太坊智能合约的一般设计模式。我们的研究旨在回答以下两个研究问题(RQ):
RQ1 Which design patterns commonly appear in the Ethereum ecosystem? RQ2 How do these design patterns map to Solidity coding practices? In order to answer these questions, we followed the Multivocal Literature Research method by Garousi et al. [4] to incorporate practitioners’ experience and applied an analysis of the gathered data based on qualitative research methods (namely Grounded Theory [5] techniques to synthesize the patterns). Our research identified several patterns that pinpoint common issues during the implementation of smart contracts and provide guidance to resolve them. The paper is organised in the following way: First, we discuss the research study design in Section II, before we present design patterns for Solidity in Section III, and discuss our findings in Section IV. Finally, we present related work in Section V, and draw a conclusion in Section VI.
RQ1哪些设计模式经常出现在以太坊生态系统? RQ2这些设计模式是如何映射到 Solidity 编码实践的? 为了回答这些问题,我们遵循了 Garousi 等人的“多声文学研究”方法, [4]结合从业者的经验,并基于定性研究方法(即基于扎根理论[5]的综合模式技术)对收集的数据进行了分析。 我们的研究确定了几种模式,这些模式可以在智能合约的实施过程中指出常见问题,并为解决这些问题提供指导。 本文的组织方式如下:首先,我们在第二节中讨论研究设计,然后在第三节中介绍 Solidity 的设计模式,然后在第四节中讨论我们的发现。 最后,我们在第五节介绍相关工作,并在第六节得出结论。
[1] E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design Patterns: Elements of Reusable Object-oriented Software. Boston, MA, USA: Addison-Wesley Longman Publishing Co., Inc., 1995.
[2] D. C. Schmidt, M. Stal, H. Rohnert, and F. Buschmann, PatternOriented Software Architecture: Patterns for Concurrent and Networked Objects, 2nd ed. New York, NY, USA: John Wiley & Sons, Inc., 2000.
[3] M. Wohrer and U. Zdun, “Smart contracts: Security patterns ¨ in the ethereum ecosystem and solidity,” in 1st International Workshop on Blockchain Oriented Software Engineering @ SANER 2018, March 2018. [Online]. Available: http: //eprints.cs.univie.ac.at/5433/
[4] V. Garousi, M. Felderer, and M. V. Mantyl ¨ a, “The need for ¨ multivocal literature reviews in software engineering: complementing systematic literature reviews with grey literature,” in Proceedings of the 20th International Conference on Evaluation and Assessment in Software Engineering. ACM, 2016.
如果觉得我的文章对您有用,请随意打赏。你的支持将鼓励我继续创作!