《Smart Contract Development: Challenges and Opportunities》论文笔记_a review on smart contract: challenges, advances a

 论文地址：下载地址
 年份：2019

 这篇论文主要的工作时，开展了一个探索性的研究，调查统计了区块链中的智能合约（只要针对以太坊：最受欢迎的针对智能合约的区块链平台）存在的挑战与问题，和开发者们对智能合约存在问题改进的建议。并分析了未来需要继续深入的研究方向。
 近年来，出现了很多区块链智能合约相关的论文。尽管如此，很多研究者在开发智能合约技术和使用工具花费了大量精力，且智能合约没能得到很好的实际应用。

论文的主要贡献如下：

1.本论文是第一个对智能合约目前的状况和挑战做出的深入研究。
2.对调查数据进行了定量与定性的研究分析，为智能合约研究者提出了可行的开发经验以及方向。

背景知识：

比特币：

 一种不需要中央管理机构来管理的数字加密货币，而是通过网络节点之间自动协商进行管理。

区块链：

 区块链中的每个块具有一些交易信息，时间戳，以及该块的先前块的哈希值。区块链存储在每个网络节点上，这意味着这些记录和交易信息对所有网络节点公开。区块链使交易双方不需要经过第三方的参与而进行。区块链的一个新兴领域是智能合约。

智能合约：

 智能合约是指运行在一个区块链平台上的底层代码脚本，同时运行运行在分类账簿的多个网络节点上。为数据驱动的很多领域提供了一个很好的机会。
 智能合约是一段程序，其包含了数据（账户余额）和可执行的代码。它存在在区块链中，当满足一定条件时将自动执行。

智能合约在Corda上运行：

 Corda是一个开源的区块链平台，专为需要高度监管的金融服务行业设计。在Corda上运行的智能合约包含代码和法律条文两部分。

On-Chain和Off-Chain智能合约：

 On-Chain智能合约，交易信息对区块链网络上的每个网络节点可见Off-Chain智能合约只对部分感兴趣的参与者可见。

针对智能合约的区块链平台：

 分为public blockchain和non-public blockchain。
 public blockchain允许所有用户节点的加入。
 non-public blockchain只允许有许可的用户节点加入。

Ethereum（以太坊）：

 在以太坊上，用户可以使用编程语言，如Solidity去开发复杂的智能合约应用。所有用高级语言编写的智能合约都会被编译成相同的形式。

Gas机制：

 Gas是以太坊上采用的一种内部定价机制。Gas是一种用来测量一个交易会耗费多少计算资源的方法。对于每一笔交易，人们需要支付gas费用。

Trusted Execution Environment（TEE）：

 为保证智能合约的机密性和隐私性，目前一些工作正在将区块线月TEE结合。TEE是一个确保敏感数据的存储和处理，保护的安全区域，称其为：enclave。在enclave内，代码和数据受硬件强制访问策略的控制。

本论文开展了一项调查研究，并将问题类别分为如下6大类：

一、Security

1.High requirement for code security
 Three major themes on why there was an increased focus on security in smart contract deployment:

1.Sensitive Nature of Information Handled
2.Irreversible Transactions
3.Code unmodifiable after deployment

2.Hard to guarantee security
 Four major aspects of these difficulties:

1.Public code access
2.Flaws in compiler
3.Lack of best practices for writing safe code
4.Lack of tools/techniques to verify code correctness

3.Current best practices for security

Testing and code review are their major ways to ensure the correctness of smart contracts.

二、Debugging

1.Debugging is painful
 Two main categories of dubugging challenges came up:

1.Lack of powerful interactive debuggers
2.Non-informative error messages

2.Current debugging practices

1.【65.1% respondents said that they use existing debugging tools.】
2.【56.5% respondents mentioned that they would often write additional methods/events to check variables and transaction states.】
3.【17.2% respondents of our survey mentioned that they would often request the help of GitHub community or other developers through some forums, e.g., Stack Overflow, when they encounter bugs.】

三、Programming language

1.Limitations of Solidity The major limitations of Solidity include:

1.Lack of general purpose libraries.
2.Lack of support for error logging/reporting.
3.Lack of standards/rules.
4.Lack of safety checks for data types.
5.Inconvenient way to call external functions.
6. Lack of support for memory management.
7.Constrained number of local variables.

2.Most desired Solidity improvements

四、Ethereum virtual machine

1.Limitations of EVM
 Four main limitations of EVM:

1.Limited support for debugging.
2.Lack of support of traditional languages.
3.Inefficiency of bytecode execution.
4.Limited stack size.

2.Most desired improvements for EVM
 Better support for debugging is desired the most.

五、Gas

1.Special attention to gas consumption
 Two reasons for why gas consumption is specially important are as follows:

1.Gas is money.
2.Transaction failure due to insufficient amount of gas.

2.Difficulty in handling gas problems
Two aspects that contribute to difficulties in performing gas optimization are as follow:

1.No gas estimation tool at source code level.
2.Tradeoff between gas optimization and code readability.

六、Online learning resources &community support

1.Online learning resources
 Three kinds of online learning resources that are missing：

1.Lack of reference code.
2.Lack of standardized knowledge.
3.Lack of up-to-date documentations.

2.Community support

Since the technique is new, the community is still in development. Sometimes you cannot get timely help from the community when you get stuck.

Survey Results:

 Based on the testing results, we can say with some certainty that:

Summary of Results:

 Through the analysis of interview and survey data, we could find that:

未来的方向：

1.Security and Reliability of Smart Contracts
2.Other Factors Affecting Smart Contract Development
  Here, we highlight five different aspects of smart contract development that pose open research problems requiring advances in the field：

1.Programming Language and Virtual Machine Design
2.Better Resource Management
3.Library Construction
4.Evolution, Maintenance, and Deployment of Smart Contracts
5.Supporting End-Users

有效性的威胁：

1.Internal Validity

 It is possible that we may draw wrong conclusions from interviewees comments. It is also possible that survey respondents may have provided dishonest answers.

2.External Validity

 We stopped our interviews when we reached the saturation of findings after interviewing 20 persons. Considering there may exist other populations who might add new insights, we also need to acknowledge that the opinions provided by our interviewees may not be representative of and agreeable to the whole community. To reduce this threat, we ensured that our interviewees hold various roles and have different levels of expertise, e.g., developers, trainers, CEOs in companies developing smart contract applications,etc

相关工作：

1.Empirical Studies on Smart Contract
2.Tools for Smart Contract:
3.Studies on Challenges and Opportunities:

结论：

 在论文的研究中，调查了智能合约开发者们面临的挑战。分析了智能合约仍处于起步阶段的原因，并为未来智能合约研究者提出了建设性的建议与研究方向。