Broken Agreement: The Evolution of Solidity Error Handling
Authors: 
Charalambos Mitropoulos, Maria Kechagia, Chrysostomos Maschas, Sotirios Ioannidis, 
Federica Sarro, 
Dimitrios MitropoulosAuthors Info & Claims
Charalambos Mitropoulos, Maria Kechagia, Chrysostomos Maschas, Sotirios Ioannidis, Federica Sarro, Dimitrios MitropoulosAuthors Info & ClaimsPages 257 - 268
Abstract
Background. A smart contract is a computer program enclosing the terms of a legal agreement between two or more parties which is automatically verified and executed via a computer network called blockchain. Once a smart contract transaction is completed the blockchain is updated and the transaction cannot be changed anymore. This implies that any error codified in the smart contract program cannot be rectified. Therefore, it is of vital importance that developers of smart contracts properly exploit error handling to prevent issues during and after the contract execution. Existing programming languages for smart contracts, support developers in this task by providing a set of Error Handling (EH) features. However, it is unclear the extent to which developers effectively use EH in practice. Aims. Our work aims to fill this gap by empirically investigating the state of practice on the adoption of EH features of one of the most popular programming languages for smart contracts, namely Solidity. Method. We empirically analyse the usage of EH features in 283K unique open-source Solidity smart contracts for the Ethereum blockchain. Results. Our analysis of the documentation of the different versions of Solidity coupled with the empirical evaluation of the EH uses and misuses found in real-word smart contracts, indicate that, among other things, Solidity EH features have been changing frequently across versions, and that the adoption of most of the Solidity EH features has been limited in practice. However, we observe an upward trend in the usage of the require EH feature, which is specifically designed for smart contract development. Conclusions. The insights from our study could help developers improve their EH practice as well as designers of smart contract programming languages to equip their language with appropriate EH features.
References
[1]
[1] n.d. https://rekt.news/nomad-rekt/Last access on 13/10/2023.
[2]
[2] n.d. https://github.com/Solidity-ErrorHandling-Anonymous/solbench
[3]
[3] n.d. https://docs.oracle.com/java/tutorial/essential/exceptions/throwing.htmlLast access on 12/10/2023.
[4]
[4] n.d. https://swcregistry.io/docs/SWC-104Last access on 13/10/2023.
[5]
[5] n.d. https://swcregistry.io/docs/SWC-101Last access on 15/10/2023.
[6]
[6] n.d. https://swcregistry.io/docs/SWC-113Last access on 15/10/2023.
[7]
n.d... https://docs.soliditylang.org/en/v0.8.19/control-structures.html#error-handling-assert-require-revert-and-exceptionsLast access on 07/10/2023.
[8]
[8] n.d. https://github.com/Solidity-ErrorHandling-Anonymous/solbench/blob/main/src/ast_detector.py
[9]
[9] n.d. https://swcregistry.io/docs/SWC-118Last access on 15/10/2023.
[10]
[10] n.d. https://soliditylang.org/blog/2020/04/06/memory-creation-overflow-bug/Last access on 14/10/2023.
[11]
[11] n.d. https://cwe.mitre.org/data/definitions/369.htmlLast access on 14/10/2023.
[12]
n.d. Control Structures Solidity Documentation. https://docs.soliditylang.org/en/v0.8.19/control-structures.html [Last access 15/10/2023].
[13]
n.d. Daily Etherium transactions. https://etherscan.io/chart/tx [Last access 31/10/2023].
[14]
n.d. The Ethereum Platform. https://ethereum.org/en/ [Last access 15/10/2023].
[15]
n.d. Etherscan. https://etherscan.io/ [Last access 31/10/2023].
[16]
n.d. SMTChecker Documentation. https://docs.soliditylang.org/en/v0.8.19/smtchecker.html [Last access 15/10/2023].
[17]
n.d. Solidity. https://docs.soliditylang.org/en/v0.8.0/ [Last access 15/10/2023].
[18]
n.d. Version 0.4.13 Announcment. https://blog.soliditylang.org/2017/07/06/solidity-0.4.13-release-announcement/ [Last access 16/10/2023].
[19]
Manar Abdelhamid and Ghada Hassan. 2019. Blockchain and Smart Contracts. In Proceedings of the 8th International Conference on Software and Information Engineering (Cairo, Egypt) (ICSIE ’19). Association for Computing Machinery, New York, NY, USA, 91–95.
[20]
S. Amann, H. A. Nguyen, S. Nadi, T. N. Nguyen, and M. Mezini. 2019. A Systematic Evaluation of Static API-Misuse Detectors. IEEE Transactions on Software Engineering 45, 12 (2019), 1170–1188.
[21]
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. In Proceedings of the 35th Conference on Programming Language Design and Implementation (Edinburgh, United Kingdom) (PLDI ’14). 259–269. https://doi.org/10.1145/2594291.2594299
[22]
Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. 2017. A Survey of Attacks on Ethereum Smart Contracts SoK. In Proceedings of the 6th International Conference on Principles of Security and Trust - Volume 10204. Springer-Verlag, Berlin, Heidelberg, 164–186.
[23]
Rodrigo Bonifácio, Fausto Carvalho, Guilherme N. Ramos, Uirá Kulesza, and Roberta Coelho. 2015. The use of C++ exception handling constructs: A comprehensive study. In 2015 IEEE 15th International Working Conference on Source Code Analysis and Manipulation (SCAM). 21–30.
[24]
Kirsten Bradley and Michael Godfrey. 2019. A Study on the Effects of Exception Usage in Open-Source C++ Systems. In 2019 19th International Working Conference on Source Code Analysis and Manipulation (SCAM). 1–11.
[25]
Ryan Browne. 2021. Ether, the world’s second-biggest cryptocurrency, is closing in on an all-time high. https://www.cnbc.com/2021/01/19/bitcoin-ethereum-eth-cryptocurrency-nears-all-time-high.html [Online; accessed 20-July-2023].
[26]
Nathan Cassee, Gustavo Pinto, Fernando Castor, and Alexander Serebrenik. 2018. How Swift Developers Handle Errors. In Proceedings of the 15th International Conference on Mining Software Repositories (Gothenburg, Sweden) (MSR ’18). Association for Computing Machinery, New York, NY, USA, 292–302. https://doi.org/10.1145/3196398.3196428
[27]
S. Chaliasos, M. Charalambous, L. Zhou, R. Galanopoulou, A. Gervais, D. Mitropoulos, and B. Livshits. 2024. Smart Contract and DeFi Security Tools: Do They Meet the Needs of Practitioners?. In 2024 IEEE/ACM 46th International Conference on Software Engineering (ICSE). IEEE Computer Society, Los Alamitos, CA, USA, 705–717.
[28]
Stefanos Chaliasos, Arthur Gervais, and Benjamin Livshits. 2022. A Study of Inline Assembly in Solidity Smart Contracts. Proc. ACM Program. Lang. 6, OOPSLA2, Article 165 (oct 2022), 27 pages.
[29]
Huashan Chen, Marcus Pendleton, Laurent Njilla, and Shouhuai Xu. 2020. A Survey on Ethereum Systems Security: Vulnerabilities, Attacks, and Defenses. ACM Comput. Surv. 53, 3, Article 67 (jun 2020), 43 pages.
[30]
Haoxian Chen, Gerald Whitters, Mohammad Javad Amiri, Yuepeng Wang, and Boon Thau Loo. 2022. Declarative Smart Contracts. In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (Singapore, Singapore) (ESEC/FSE 2022). Association for Computing Machinery, New York, NY, USA, 281–293.
[31]
Jiachi Chen, Xin Xia, David Lo, John Grundy, Xiapu Luo, and Ting Chen. 2022. Defining Smart Contract Defects on Ethereum. IEEE Transactions on Software Engineering 48, 1 (2022), 327–345.
[32]
Xiangping Chen, Peiyong Liao, Yixin Zhang, Yuan Huang, and Zibin Zheng. 2021. Understanding Code Reuse in Smart Contracts. In 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). 470–479.
[33]
William Jay Conover. 1999. Practical nonparametric statistics (3. ed ed.). Wiley, New York, NY [u.a.].
[34]
Thomas Durieux, João F. Ferreira, Rui Abreu, and Pedro Cruz. 2020. Empirical Review of Automated Analysis Tools on 47,587 Ethereum Smart Contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (Seoul, South Korea) (ICSE ’20). Association for Computing Machinery, New York, NY, USA, 530–541.
[35]
Thomas Durieux, João F. Ferreira, Rui Abreu, and Pedro Cruz. 2020. Empirical review of automated analysis tools on 47,587 Ethereum smart contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. ACM.
[36]
Robert Dyer, Hoan Anh Nguyen, Hridesh Rajan, and Tien N. Nguyen. 2013. Boa: A language and infrastructure for analyzing ultra-large-scale software repositories. In 2013 35th International Conference on Software Engineering (ICSE). 422–431. https://doi.org/10.1109/ICSE.2013.6606588
[37]
Felipe Ebert, Fernando Castor, and Alexander Serebrenik. 2015. An exploratory study on exception handling bugs in Java programs. Journal of Systems and Software 106 (2015), 82–101.
[38]
Ana Nora Evans, Bradford Campbell, and Mary Lou Soffa. 2020. Is Rust Used Safely by Software Developers?. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (Seoul, South Korea) (ICSE ’20). Association for Computing Machinery, New York, NY, USA, 246–257. https://doi.org/10.1145/3377811.3380413
[39]
Mattia Fazzini, Qi Xin, and Alessandro Orso. 2019. Automated API-Usage Update for Android Apps. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). ACM, 204–215.
[40]
Arthur Gervais, Ghassan O. Karame, Karl Wüst, Vasileios Glykantzis, Hubert Ritzdorf, and Srdjan Capkun. 2016. On the Security and Performance of Proof of Work Blockchains. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (Vienna, Austria) (CCS ’16). Association for Computing Machinery, New York, NY, USA, 3–16.
[41]
Mingyuan Huang, Jiachi Chen, Zigui Jiang, and Zibin Zheng. 2024. Revealing Hidden Threats: An Empirical Study of Library Misuse in Smart Contracts. In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering(ICSE ’24). Association for Computing Machinery, New York, NY, USA, Article 26, 12 pages. https://doi.org/10.1145/3597503.3623335
[42]
Sungjae Hwang and Sukyoung Ryu. 2020. Gap between Theory and Practice: An Empirical Study of Security Patches in Solidity. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (Seoul, South Korea) (ICSE ’20). Association for Computing Machinery, New York, NY, USA, 542–553.
[43]
Mary Beth Kery, Claire Le Goues, and Brad A. Myers. 2016. Examining Programmer Practices for Locally Handling Exceptions. In Proceedings of the 13th International Workshop on Mining Software Repositories (Austin, Texas) (MSR ’16). ACM, New York, NY, USA, 484–487.
[44]
Seoung Kyun Kim, Zane Ma, Siddharth Murali, Joshua Mason, Andrew Miller, and Michael Bailey. 2018. Measuring Ethereum Network Peers. In Proceedings of the Internet Measurement Conference 2018 (Boston, MA, USA) (IMC ’18). Association for Computing Machinery, New York, NY, USA, 91–104.
[45]
Joseph R. Kiniry. 2006. Exceptions in Java and Eiffel: Two Extremes in Exception Design and Application. In Advanced Topics in Exception Handling Techniques, Christophe Dony, Jørgen Lindskov Knudsen, Alexander Romanovsky, and Anand Tripathi (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 288–300.
[46]
Zhou Liao, Shuwei Song, Hang Zhu, Xiapu Luo, Zheyuan He, Renkai Jiang, Ting Chen, Jiachi Chen, Tao Zhang, and Xiaosong Zhang. 2023. Large-Scale Empirical Study of Inline Assembly on 7.6 Million Ethereum Smart Contracts. IEEE Transactions on Software Engineering 49, 2 (2023), 777–801.
[47]
Lu Liu, Lili Wei, Wuqi Zhang, Ming Wen, Yepang Liu, and Shing-Chi Cheung. 2021. Characterizing Transaction-Reverting Statements in Ethereum Smart Contracts. In 2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE). 630–641.
[48]
Benjamin Mariano, Yanju Chen, Yu Feng, Shuvendu K. Lahiri, and Isil Dillig. 2021. Demystifying Loops in Smart Contracts. In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering (Virtual Event, Australia) (ASE ’20). Association for Computing Machinery, New York, NY, USA, 262–274.
[49]
Cristina Marinescu. 2013. Should we beware the exceptions? an empirical study on the Eclipse project. In 15th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC). IEEE, 250–257.
[50]
Suman Nakshatri, Maithri Hegde, and Sahithi Thandra. 2016. Analysis of Exception Handling Patterns in Java Projects: An Empirical Study. In Proceedings of the 13th International Workshop on Mining Software Repositories (Austin, Texas) (MSR ’16). 500–503.
[51]
Gustavo A. Oliva, Ahmed E. Hassan, and Zhen Ming (Jack) Jiang. 2020. An Exploratory Study of Smart Contracts in the Ethereum Blockchain Platform. Empirical Softw. Engg. 25, 3 (may 2020), 1864–1904.
[52]
Yun Peng, Yu Zhang, and Mingzhe Hu. 2021. An Empirical Study for Common Language Features Used in Python Projects. In 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). 24–35.
[53]
Daniel Perez and Benjamin Livshits. 2021. Smart Contract Vulnerabilities: Vulnerable Does Not Imply Exploited. In USENIX Security Symposium.
[54]
Paul Ralph and Ewan Tempero. 2018. Construct Validity in Software Engineering Research and Software Metrics. In Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018 (Christchurch, New Zealand) (EASE ’18). Association for Computing Machinery, New York, NY, USA, 13–23.
[55]
Alex Reinking and Ruzica Piskac. 2015. A Type-Directed Approach to Program Repair. In Computer Aided Verification, Daniel Kroening and Corina S. Păsăreanu (Eds.). Springer International Publishing, Cham, 511–517.
[56]
Meng Ren, Zijing Yin, Fuchen Ma, Zhenyang Xu, Yu Jiang, Chengnian Sun, Huizhong Li, and Yan Cai. 2021. Empirical Evaluation of Smart Contract Testing: What is the Best Choice?. In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (Virtual, Denmark) (ISSTA 2021). Association for Computing Machinery, New York, NY, USA, 566–579.
[57]
Martin P. Robillard and Gail C. Murphy. 2000. Designing Robust Java Programs with Exceptions. In Proceedings of the 8th ACM SIGSOFT International Symposium on Foundations of Software Engineering: Twenty-first Century Applications (San Diego, California, USA) (SIGSOFT ’00/FSE-8). ACM, New York, NY, USA, 2–10.
[58]
Alexander Romanovsky and Bo Sandén. 2001. Except for Exception Handling …. Ada Lett. XXI, 3 (sep 2001), 19–25. https://doi.org/10.1145/568671.568678
[59]
H.B. Shah, C. Gorg, and M.J. Harrold. 2010. Understanding Exception Handling: Viewpoints of Novices and Experts. IEEE Transactions on Software Engineering 36, 2 (March 2010), 150–161.
[60]
Amann Sven, Hoan Anh Nguyen, Sarah Nadi, Tien N. Nguyen, and Mira Mezini. 2019. Investigating Next Steps in Static API-Misuse Detection. In 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR). 265–275. https://doi.org/10.1109/MSR.2019.00053
[61]
Darin Verheijke and Henrique Rocha. 2023. An Exploratory Study on Solidity Guards and Ether Exchange Constructs. In Proceedings of the 5th International Workshop on Emerging Trends in Software Engineering for Blockchain (Pittsburgh, Pennsylvania) (WETSEB ’22). Association for Computing Machinery, New York, NY, USA, 1–8. https://doi.org/10.1145/3528226.3528372
[62]
Yilin Wang, Xiangping Chen, Yuan Huang, Hao-Nan Zhu, Jing Bian, and Zibin Zheng. 2023. An empirical study on real bug fixes from solidity smart contract projects. Journal of Systems and Software 204 (2023), 111787.
[63]
Ziyan Wang, Xiangping Chen, Xiaocong Zhou, Yuan Huang, Zibin Zheng, and Jiajing Wu. 2021. An Empirical Study of Solidity Language Features. In 2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C). 698–707. https://doi.org/10.1109/QRS-C55045.2021.00105
[64]
Westley Weimer and George C. Necula. 2008. Exceptional Situations and Program Reliability. ACM Transactions on Programming Language Systems 30, 2, Article 8 (2008), 51 pages.
[65]
Claes Wohlin, Per Runeson, Martin Hst, Magnus C. Ohlsson, Bjrn Regnell, and Anders Wessln. 2012. Experimentation in Software Engineering. Springer Publishing Company, Incorporated.
[66]
Hao Zhang, Ji Luo, Mengze Hu, Jun Yan, Jian Zhang, and Zongyan Qiu. 2023. Detecting Exception Handling Bugs in C++ Programs. In 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE). 1084–1095.
[67]
Zhuo Zhang, Brian Zhang, Wen Xu, and Zhiqiang Lin. 2023. Demystifying Exploitable Bugs in Smart Contracts. In 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE). 615–627.
[68]
Chenguang Zhu, Ye Liu, Xiuheng Wu, and Yi Li. 2023. Identifying Solidity Smart Contract API Documentation Errors. Association for Computing Machinery, New York, NY, USA.
Index Terms
- Broken Agreement: The Evolution of Solidity Error Handling
Recommendations
Gap between theory and practice: an empirical study of security patches in solidity
ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software EngineeringEthereum, one of the most popular blockchain platforms, provides financial transactions like payments and auctions through smart contracts. Due to the immense interest in smart contracts in academia, the research community of smart contract security has ...
An exploratory study on solidity guards and ether exchange constructs
WETSEB '22: Proceedings of the 5th International Workshop on Emerging Trends in Software Engineering for BlockchainEthereum is a blockchain platform that enables the use of smart contracts. Smart contracts will execute a set of instructions without an intermediary party when called upon. The possibility to make calls to another contract or exchange cryptocurrency ...
How are solidity smart contracts tested in open source projects?: an exploratory study
AST '22: Proceedings of the 3rd ACM/IEEE International Conference on Automation of Software TestSmart contracts are self-executing programs that are stored on the blockchain. Once a smart contract is compiled and deployed on the blockchain, it cannot be modified. Therefore, having a bug-free smart contract is vital. To ensure a bug-free smart ...
Comments
Information & Contributors
Information
Published In
October 2024
633 pages
ISBN:9798400710476
DOI:10.1145/3674805
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 24 October 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- Horizon Research and Innovation Programme
- ERC Advanced
Conference
ESEM '24
Sponsor:
ESEM '24: ACM / IEEE International Symposium on Empirical Software Engineering and Measurement
October 24 - 25, 2024
Barcelona, Spain
Acceptance Rates
Overall Acceptance Rate 130 of 594 submissions, 22%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 82Total Downloads
- Downloads (Last 12 months)82
- Downloads (Last 6 weeks)31
Reflects downloads up to 16 Jan 2025
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in