Domain Specific Code Smells in Smart Contracts
Smart contracts are programs running on a blockchain. They are immutable to patch for bugs once deployed -- it is critical to ensure they are bug-free and well-designed before deploying. Code smells are symptoms in source code that possibly indicate deeper problems. The detection of code smells is a method to avoid potential bugs and improve the design of existing code. However, traditional code smell patterns are designed for centralized OO programs, e.g., Java or C++; while smart contracts are decentralized and contain numerous distinctive features, such as the gas system. To fill this gap, we collected smart-contract-related posts from Stack Exchange, as well as real-world smart contracts. We manually analyzed these posts and defined 20 kinds of code smells for smart contracts. We categorized these into security, architecture, and usability problems. To validate if practitioners consider these contract smells as harmful, we created an online survey and received 96 responses from 24 different countries. Feedback showed these code smells are harmful and removing them would improve quality and robustness of smart contracts. We manually identified our defined code smells in 587 contract accounts and publicly released our dataset. Finally, we summarized 5 impacts caused by contract code smells. These help developers better understand the symptoms of the smells and removal priority.
READ FULL TEXT