Peng Qian,Zhenguang Liu,Qinming He,Butian Huang,Duanzheng Tian,Xun Wang

DOI: https://doi.org/10.13328/j.cnki.jos.006375

2022-01-01

Journal of Software

Abstract: Smart contract, one of the most successful applications of blockchain, is taking the world by storm, playing an essential role in the blockchain ecosystem. However, frequent smart contract security incidents not only result in tremendous economic losses but also destroy the blockchain-based credit system. The security and reliability of smart contracts thus gain extensive attention from researchers worldwide. In this survey, we first summarize the common types and typical cases of smart contract vulnerabilities from three levels, i.e., Solidity code layer, EVM execution layer, and Block dependency layer. Further, we review the research progress of smart contract vulnerability detection and classify existing counterparts into five categories, i.e., formal verification, symbolic execution, fuzzing detection, intermediate representation, and deep learning. Empirically, we take 300 real-world smart contracts deployed on Ethereum as the test samples and compare the representative methods in terms of accuracy, F1-Score, and average detection time. Finally, we discuss the challenges in the field of smart contract vulnerability detection and combine with the deep learning technology to look forward to future research directions.

Haiyue Chen,Xiangfu Zhao,Yichen Wang,Zixian Zhen

DOI: https://doi.org/10.1002/spy2.393

2024-03-13

Security and Privacy

Abstract:Ethereum smart contracts are a special type of computer programs. Once deployed on the blockchain, they cannot be modified. This presents a significant challenge to the security of smart contracts. Previous research has proposed static and dynamic detection tools to identify vulnerabilities in smart contracts. These tools check contract vulnerabilities based on predefined rules, and the accuracy of detection strongly depends on the design of the rules. However, the constant emergence of new vulnerability types and strategies for vulnerability protection leads to numerous false positives and false negatives by tools. To address this problem, we analyze the characteristics of vulnerabilities in smart contracts and the corresponding protection strategies. We convert the contracts' bytecode into an intermediate representation to extract semantic information of the contracts. Based on this semantic information, we establish a set of detection rules based on semantic facts and implement a vulnerability detection tool SafeCheck using static program analysis methods. The tool is used to detect six common types of vulnerabilities in smart contracts. We have extensively evaluated SafeCheck on real Ethereum smart contracts and compared it to other tools. The experimental results show that SafeCheck performs better in smart contract vulnerability detection compared to other typical tools, with a high F‐measure (up to 83.1%) for its entire dataset.

Peng Qian,Zhenguang Liu,Qinming He,Roger Zimmermann,Xun Wang

DOI: https://doi.org/10.1109/access.2020.2969429

IF: 3.9

2020-01-01

IEEE Access

Abstract:In the last decade, smart contract security issues lead to tremendous losses, which has attracted increasing public attention both in industry and in academia. Researchers have embarked on efforts with logic rules, symbolic analysis, and formal analysis to achieve encouraging results in smart contract vulnerability detection tasks. However, the existing detection tools are far from satisfactory. In this paper, we attempt to utilize the deep learning-based approach, namely bidirectional long-short term memory with attention mechanism (BLSTM-ATT), aiming to precisely detect reentrancy bugs. Furthermore, we propose contract snippet representations for smart contracts, which contributes to capturing essential semantic information and control flow dependencies. Our extensive experimental studies on over 42,000 real-world smart contracts show that our proposed model and contract snippet representations significantly outperform state-of-the-art methods. In addition, this work proves that it is practical to apply deep learning-based technology on smart contract vulnerability detection, which is able to promote future research towards this area.

Dongcheng Li,W. Eric Wong,Xiaodan Wang,Sean Pan,Liang-Seng Koh

2024-10-01

Abstract:This paper introduces a method for detecting vulnerabilities in smart contracts using static analysis and a multi-objective optimization algorithm. We focus on four types of vulnerabilities: reentrancy, call stack overflow, integer overflow, and timestamp dependencies. Initially, smart contracts are compiled into an abstract syntax tree to analyze relationships between contracts and functions, including calls, inheritance, and data flow. These analyses are transformed into static evaluations and intermediate representations that reveal internal relations. Based on these representations, we examine contract's functions, variables, and data dependencies to detect the specified vulnerabilities. To enhance detection accuracy and coverage, we apply a multi-objective optimization algorithm to the static analysis process. This involves assigning initial numeric values to input data and monitoring changes in statement coverage and detection accuracy. Using coverage and accuracy as fitness values, we calculate Pareto front and crowding distance values to select the best individuals for the new parent population, iterating until optimization criteria are met. We validate our approach using an open-source dataset collected from Etherscan, containing 6,693 smart contracts. Experimental results show that our method outperforms state-of-the-art tools in terms of coverage, accuracy, efficiency, and effectiveness in detecting the targeted vulnerabilities.

Software Engineering

Zexu Wang,Jiachi Chen,Yanlin Wang,Yu Zhang,Weizhe Zhang,Zibin Zheng

2024-03-18

Abstract:Reentrancy vulnerability as one of the most notorious vulnerabilities, has been a prominent topic in smart contract security research. Research shows that existing vulnerability detection presents a range of challenges, especially as smart contracts continue to increase in complexity. Existing tools perform poorly in terms of efficiency and successful detection rates for vulnerabilities in complex contracts. To effectively detect reentrancy vulnerabilities in contracts with complex logic, we propose a tool named SliSE. SliSE's detection process consists of two stages: Warning Search and Symbolic Execution Verification. In Stage I, SliSE utilizes program slicing to analyze the Inter-contract Program Dependency Graph (I-PDG) of the contract, and collects suspicious vulnerability information as warnings. In Stage II, symbolic execution is employed to verify the reachability of these warnings, thereby enhancing vulnerability detection accuracy. SliSE obtained the best performance compared with eight state-of-the-art detection tools. It achieved an F1 score of 78.65%, surpassing the highest score recorded by an existing tool of 9.26%. Additionally, it attained a recall rate exceeding 90% for detection of contracts on Ethereum. Overall, SliSE provides a robust and efficient method for detection of Reentrancy vulnerabilities for complex contracts.

Software Engineering

Tengyun Jiao,Zhiyu Xu,Minfeng Qi,Sheng Wen,Yang Xiang,Gary Nan

DOI: https://doi.org/10.1145/3643895

2024-02-12

Abstract:A smart contract is a computerised transaction agreement that carries out predefined terms without human involvement or third-party intermediaries. It serves as a trust intermediary in several industries, including finance, insurance, and supply chain management, in the blockchain 2.0 era. With the increasing interest in smart contracts, security has become a serious problem. Examining typical vulnerability types and vulnerability detection methodologies is of special importance. In this research, a comprehensive evaluation of common smart contract security vulnerabilities is conducted, and a three-tier threat model is then provided to classify the vulnerabilities. In addition, we examine fourteen existing smart contract analysis tools for finding vulnerabilities and classify them according to the main technique they apply. This paper is designed to serve as a reference for people who wish to analyse deployed code and enhance existing detection techniques. At the conclusion, open issues and future research paths regarding smart contract vulnerability detection are presented.

Zhaoxuan Li,Siqi Lu,Rui Zhang,Rui Xue,Wenqiu Ma,Rujin Liang,Ziming Zhao,Sheng Gao

DOI: https://doi.org/10.1007/s10664-022-10218-2

IF: 3.762

2022-10-14

Empirical Software Engineering

Abstract:Recently, although state-of-the-art (SOTA) tools were designed and developed to analyze the vulnerabilities of smart contracts on Ethereum, security incidents caused by these vulnerabilities are still widespread. This can be attributed to the fact that each tool has various standards for judging the severity of vulnerabilities. More importantly, tools fail to identify all the vulnerabilities accurately and comprehensively as the evolution of vulnerabilities. To this end, we first propose a vulnerability assessment model to unify the vulnerability measurement standards. Next, we design a static analysis tool called SmartFast , which expresses the contract source code as a novel intermediate representation named SmartIR. Using preset rules and taint tracking technology, SmartFast matches SmartIR to locate the vulnerability code. Furthermore, SmartFast can recommend the optimization of the contract code automatically. Finally, we implement a prototype of SmartFast with 25K lines of code and compare it with 7 SOTA tools on three datasets (a total of 13,687 public contracts). The results indicate that SmartFast is efficient (only took a few seconds per contract) and robust (0.4% failure rate and resistance to the general code confusion methods). Besides, compared with other tools, SmartFast can detect more kinds of vulnerabilities (119) with a higher precision rate (98.43%) and a recall rate (85.12%), which confirms the conclusion of the theoretical analysis in the paper.

computer science, software engineering

Yujian Zhang,Daifu Liu

DOI: https://doi.org/10.3390/fi14110326

2022-11-12

Future Internet

Abstract:With the blooming of blockchain-based smart contracts in decentralized applications, the security problem of smart contracts has become a critical issue, as vulnerable contracts have resulted in severe financial losses. Existing research works have explored vulnerability detection methods based on fuzzing, symbolic execution, formal verification, and static analysis. In this paper, we propose two static analysis approaches called ASGVulDetector and BASGVulDetector for detecting vulnerabilities in Ethereum smart contacts from source-code and bytecode perspectives, respectively. First, we design a novel intermediate representation called abstract semantic graph (ASG) to capture both syntactic and semantic features from the program. ASG is based on syntax information but enriched by code structures, such as control flow and data flow. Then, we apply two different training models, i.e., graph neural network (GNN) and graph matching network (GMN), to learn the embedding of ASG and measure the similarity of the contract pairs. In this way, vulnerable smart contracts can be identified by calculating the similarity to labeled ones. We conduct extensive experiments to evaluate the superiority of our approaches to state-of-the-art competitors. Specifically, ASGVulDetector improves the best of three source-code-only static analysis tools (i.e., SmartCheck, Slither, and DR-GCN) regarding the F1 score by 12.6% on average, while BASGVulDetector improves that of the three detection tools supporting bytecode (i.e., ContractFuzzer, Oyente, and Securify) regarding the F1 score by 25.6% on average. We also investigate the effectiveness and advantages of the GMN model for detecting vulnerabilities in smart contracts.

Jiaming Ye,Mingliang Ma,Yun Lin,Lei Ma,Yinxing Xue,Jianjun Zhao

DOI: https://doi.org/10.1016/j.jss.2022.111410

IF: 3.5

2022-06-20

Journal of Systems and Software

Abstract:Recent years have seen smart contracts are getting increasingly popular in building trustworthy decentralized applications. Previous research has proposed static and dynamic techniques to detect vulnerabilities in smart contracts. These tools check vulnerable contracts against several predefined rules. However, the emerging new vulnerable types and programming skills to prevent possible vulnerabilities emerging lead to a large number of false positive and false negative reports of tools. To address this, we propose Vulpedia , which mines expressive vulnerability signatures from contracts. Vulpedia is based on the relaxed assumption that the owner of contract is not malicious. Specifically, we extract structural program features from vulnerable and benign contracts as vulnerability signatures , and construct a systematic detection method based on detection rules composed of vulnerability signatures. Compared with the rules defined by state-of-the-arts, our approach can extract more expressive rules to achieve better completeness (i.e., detection recall) and soundness (i.e., precision). We further evaluate Vulpedia with four baselines (i.e., Slither, Securify, SmartCheck and Oyente) on the testing dataset consisting of 17,770 contracts. The experiment results show that Vulpedia achieves best performance of precision on 4 types of vulnerabilities and leading recall on 3 types of vulnerabilities meanwhile exhibiting the great efficiency performance.

computer science, theory & methods, software engineering

Jiashuo Zhang,Yue Li,Jianbo Gao,Zhi Guan,Zhong Chen

DOI: https://doi.org/10.1109/icse-companion58688.2023.00019

2023-01-01

Abstract:Ethereum smart contract enables developers to enforce access control policies of critical functions using built-in signature verification interfaces, i.e., ecrecover. However, due to the lack of best practices for these interfaces, improper verifications commonly exist in deployed smart contracts, leaving potential unauthorized access and financial losses. Even worse, the attack surface is ignored by both developers and existing smart contract security analyzers. In this paper, we take a close look at signature-related vulnerabilities and de-mystify them with clear classification and characterization. We present SIGUARD, the first automatic tool to detect these vulnerabilities in real-world smart contracts. Specifically, SIGUARD explores signature-related paths in the smart contract and extracts data dependencies based on symbolic execution and taint analysis. Then, it conducts vulnerability detection based on a systematic search for violations of standard patterns including EIP-712 and EIP-2621. The preliminary evaluation validated the efficacy of SIGUARD by reporting previously unknown vulnerabilities in deployed smart contracts on Ethereum. A video of SIGUARD is available at https://youtu.be/xXAEhqXWOu0.

Dongfang Jia,Zhicong Liu,Zhengqi Zhang,Jun Ye

DOI: https://doi.org/10.1007/978-981-16-7469-3_108

2022-01-01

Abstract:In recent years, the second-generation blockchain platforms and applications represented by smart contracts have seen explosive growth, but frequent smart contract vulnerability incidents have seriously threatened the ecological security of blockchain. In view of the low efficiency of code audit based on expert experience, it is important to develop a general automation tool to mine smart contract vulnerabilities. In the beginning, the security threats of smart contracts should be investigated and analyzed, and many smart contract vulnerabilities and attack modes that occur frequently, such as code reentrant, access control, integer overflow, etc., were summarized. Then, the technology method of smart contract vulnerability detection conforming to The Times is obtained, and the current samples of smart contract vulnerability detection are summarized. The current investigation includes too few types of vulnerabilities, with a variety of inaccuracies and deviations. It is only carried out through manual audit. Through these methods, according to the state of including after put forward the general ideas of this kind of situation, and puts forward a kind of symbolic execution auxiliary fuzzy test framework, can reduce the symbolic execution channel congestion and fuzzy test code coverage degree is too little, so as to improve test efficiency, easy to dig holes of large and medium-sized intelligent contracts quality improvement.

Yingli Zhang,Jiali Ma,Xin Liu,Guodong Ye,Qun Jin,Jianhua Ma,Qingguo Zhou

DOI: https://doi.org/10.1109/jiot.2023.3294496

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) has become a focus of information infrastructure development in recent years. The smart blockchain can provide various solutions for trust, security, and privacy (TSP) challenges to protect IoT data, and smart contracts are the foundation of blockchain intelligence, and greatly enhance the ability of smart blockchain to solve TSP problems. So the security of smart contracts must be addressed. We propose an efficient smart contract vulnerability detector to improve the safety of smart contracts. It comprises a graph extraction method and a complete vulnerability detection process. The graph extraction method consists of vulnerability pattern extraction and a graph generation process. The vulnerability detection process first uses the approximate graph matching algorithm to select representative SCGraphs from the dataset to build vulnerability SCGraph libraries. Secondly, determine whether the contract contains vulnerabilities by calculating the similarity between the SCGraphs generated from the contracts to be detected and the SCGraphs in the vulnerability library. Experiments show that our approach achieves an inspiring high detection rate and is the fastest among existing vulnerability detection tools, which indicates that it can provide good vulnerability detection for smart contracts.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiaotao Feng,Qin Wang,Xiaogang Zhu,Sheng Wen

DOI: https://doi.org/10.48550/arXiv.1905.00799

2019-05-02

Abstract:With the frantic development of smart contracts on the Ethereum platform, its market value has also climbed. In 2016, people were shocked by the loss of nearly $50 million in cryptocurrencies from the DAO reentrancy attack. Due to the tremendous amount of money flowing in smart contracts, its security has attracted much attention of researchers. In this paper, we investigated several common smart contract vulnerabilities and analyzed their possible scenarios and how they may be exploited. Furthermore, we survey the smart contract vulnerability detection tools for the Ethereum platform in recent years. We found that these tools have similar prototypes in software vulnerability detection technology. Moreover, for the features of public distribution systems such as Ethereum, we present the new challenges that these software vulnerability detection technologies face.

Software Engineering,Cryptography and Security

Tao Feng,Yuyang Cui

DOI: https://doi.org/10.4018/ijswis.342850

2024-05-02

International Journal on Semantic Web and Information Systems

Abstract:In recent years, smart contracts have risen rapidly in the blockchain field, but security issues have also become increasingly prominent. Due to the lack of unified evaluation standards, the security analysis of smart contracts mainly relies on complex and not easily scalable expert rules. To address these issues, we employ slicing techniques to reduce the interference of extraneous code on the detection process, apply normalisation techniques to eliminate the differences between different compiler versions and use particle swarm optimisation algorithms to determine the similarity between contracts, thus improving the accuracy and efficiency of detection. In addition, we combine a variety of features such as static analysis, dynamic analysis and symbolic execution to gain a more comprehensive understanding of contract characteristics and behaviours for more accurate vulnerability identification. Experimental results show that the scheme significantly improves the detection capability and provides a new solution for the security detection of smart contracts.

computer science, information systems, artificial intelligence

Wei Wang,Jingjing Song,Guangquan Xu,Yidong Li,Hao Wang,Chunhua Su

DOI: https://doi.org/10.1109/tnse.2020.2968505

IF: 6.6

2021-04-01

IEEE Transactions on Network Science and Engineering

Abstract:Smart contracts are decentralized applications running on Blockchain. A very large number of smart contracts has been deployed on Ethereum. Meanwhile, security flaws of contracts have led to huge pecuniary losses and destroyed the ecological stability of contract layer on Blockchain. It is thus an emerging yet crucial issue to effectively and efficiently detect vulnerabilities in contracts. Existing detection methods like Oyente and Securify are mainly based on symbolic execution or analysis. These methods are very time-consuming, as the symbolic execution requires the exploration of all executable paths or the analysis of dependency graphs in a contract. In this work, we propose ContractWard to detect vulnerabilities in smart contracts with machine learning techniques. First, we extract bigram features from simplified operation codes of smart contracts. Second, we employ five machine learning algorithms and two sampling algorithms to build the models. ContractWard is evaluated with 49502 real-world smart contracts running on Ethereum. The experimental results demonstrate the effectiveness and efficiency of ContractWard. The predictive Micro-F1 and Macro-F1 of ContractWard are over 96% and the average detection time is 4 seconds on each smart contract when we use XGBoost for training the models and SMOTETomek for balancing the training sets.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Shuo Yang,Jiachi Chen,Mingyuan Huang,Zibin Zheng,Yuan Huang

2024-03-28

Abstract:Reentrancy, a notorious vulnerability in smart contracts, has led to millions of dollars in financial loss. However, current smart contract vulnerability detection tools suffer from a high false positive rate in identifying contracts with reentrancy vulnerabilities. Moreover, only a small portion of the detected reentrant contracts can actually be exploited by hackers, making these tools less effective in securing the Ethereum ecosystem in practice.

Cryptography and Security,Software Engineering

Xite Wang,Senping Tian,Wei Cui

DOI: https://doi.org/10.1109/tse.2024.3400294

IF: 7.4

2024-07-19

IEEE Transactions on Software Engineering

Abstract:The blockchain has been the main computing scenario for smart contracts, and the decentralized infrastructure of the blockchain is effectively implemented in a de-trusted and executable environment. However, vulnerabilities in smart contracts are particularly vulnerable to exploitation by malicious attackers and have always been a key issue in blockchain security. Existing traditional tools are inefficient in detecting vulnerabilities and have a high rate of false positives when detecting contracts. Some neural network methods have improved the detection efficiency, but they are not competent for fine-grained (code line level) vulnerability detection. We propose the ContractCheck model for detecting contract vulnerabilities based on neural network methods. ContractCheck extracts fine-grained segments from the abstract syntax tree (AST) and function call graph of smart contract source code. Furthermore, the segments are parsed into token flow retaining semantic information as uint, which are used to generate numerical vector sequences that can be trained using neural network methods. We conduct multiple rounds of experiments using a dataset constructed from 36,885 smart contracts and identified the optimal ContractCheck model structure by employing the Fasttext embedding vector algorithm and constructing a composite model using CNN and BiGRU for training the network. Evaluation on other datasets demonstrates that ContractCheck exhibits significant improvement in contract-level detection performance compared to other methods, with an increase of 23.60% in F1 score over the best existing method. Particularly, it achieves fine-grained detection based on neural network methods. The cases provide indicate that ContractCheck can effectively assist developers in accurately locating the presence of vulnerabilities, thereby enhancing the security of Ethereum smart contracts.

engineering, electrical & electronic,computer science, software engineering

Cuifeng Gao,Wenzhang Yang,Jiaming Ye,Yinxing Xue,Jun Sun

DOI: https://doi.org/10.1145/3641846

IF: 3.685

2024-02-08

ACM Transactions on Software Engineering and Methodology

Abstract:Smart contracts are becoming appealing targets for hackers because of the vast amount of cryptocurrencies under their control. Asset loss due to the exploitation of smart contract codes has increased significantly in recent years. To guarantee that smart contracts are vulnerability-free, there are many works to detect the vulnerabilities of smart contracts, but only a few vulnerability repair works have been proposed. Repairing smart contract vulnerabilities at the source code level is attractive as it is transparent to users, whereas existing repair tools, such as SCRepair and sGuard , suffer from many limitations: (1) ignoring the code of vulnerability prevention; (2) possibly applying the repair to the wrong statements and changing the original business logic of smart contracts; (3) showing poor performance in terms of time and gas overhead. In this work, we propose machine learning guided rule-based automated vulnerability repair on smart contracts to improve the effectiveness and efficiency of sGuard . To address the limitations mentioned above, we design the features that characterize both the symptoms of vulnerabilities and the methods of vulnerability prevention to learn various vulnerability patterns and reduce false positives. Additionally, a fine-grained localization algorithm is designed by traversing the nodes of the abstract syntax tree, and we refine and extend the repair rules of sGuard to preserve the original business logic of smart contracts and support new vulnerability types. Our tool, named sGuard+ , reduces time overhead based on machine learning models, and reduces gas overhead by fewer code changes and precise patching. In our experiment, we collect a publicly available vulnerability dataset from CVE, SWC and SmartBugs Curated as a ground truth for evaluations. Overall, sGuard+ repairs more vulnerabilities with less time and gas overhead than state-of-the-art tools. Furthermore, we reproduce about 9,000 historical transactions for regression testing. It is shown that sGuard+ has no impact on the original business logic of smart contracts.

computer science, software engineering

Saltanat Mohammed Abdullah Shaikh

DOI: https://doi.org/10.52783/cana.v31.737

2024-06-20

Abstract:Background: Research has been done on the vulnerabilities of Ethereum smart contract detection since the emergence of blockchain technologies. Ethereum is one of the most popular platforms for DApps (decentralized applications) and smart contracts but turns more undoubtedly when their number and popularity grow. Methods: The study evaluates different detection methods including static analysis, dynamic code analysis, symbolic execution, and machine learning. Findings: The performance metrics on key areas, e.g. detection time, true positive rate, false positive rate, and scalability are emphasized in this evaluation analysis. These inferences imply that although Static Analysis can provide fast detection and high accuracy, Machine Learning is better at High scalability. The study also identifies trending flaws often encountered such as re-entrancy attacks and lack of input validation and stresses further the necessity of strong security methods. Besides, you may consider the sensitivity analysis in different network load scenarios as it shows the efficiency of detection technique in changing operational settings. Novelty and applications: Overall, the research brings a reliable development to smart contracts in Ethereum's security industries through analyzing and profiling vulnerability types and performance metrics that inform the development of more stable and efficient security activities for distributed applications.

Pengcheng,Peng,Qingzhao,Dawn,Prateek,Sanjeev,Zhuotao,Xusheng

DOI: https://doi.org/10.48550/arXiv.2307.08912

2023-07-23

Abstract:The increased adoption of smart contracts in many industries has made them an attractive target for cybercriminals, leading to millions of dollars in losses. Thus, deploying smart contracts with detected vulnerabilities (known to developers) are not acceptable, and fixing all the detected vulnerabilities is needed, which incurs high manual labor cost without effective tool support. To fill this need, in this paper, we propose ContractFix, a novel framework that automatically generates security patches for vulnerable smart contracts. ContractFix is a general framework that can incorporate different fix patterns for different types of vulnerabilities. Users can use it as a security fix-it tool that automatically applies patches and verifies the patched contracts before deploying the contracts. To address the unique challenges in fixing smart contract vulnerabilities, given an input smart contract, \tool conducts our proposed ensemble identification based on multiple static verification tools to identify vulnerabilities that are amenable for automatic fix. Then, ContractFix generates patches using template-based fix patterns and conducts program analysis (program dependency computation and pointer analysis) for smart contracts to accurately infer and populate the parameter values for the fix patterns. Finally, ContractFix performs static verification that guarantees the patched contract is free of vulnerabilities. Our evaluations on $144$ real vulnerable contracts demonstrate that \tool can successfully fix $94\%$ of the detected vulnerabilities ($565$ out of $601$) and preserve the expected behaviors of the smart contracts.

Software Engineering