Anais
Resumo do trabalho
Tecnologia da Informação · Adoção de TICs e Impactos Organizacionais
Título
SMART CONTRACTS IN SOLIDITY: a study on good development practices
Palavras-chave
Ethereum
DApps
Blockchain
Autores
-
Mariane Carvalho EstevesMBA USP ESALQ
-
Danielle Aparecida AlcantaraUNIVERSIDADE FEDERAL DE LAVRAS (UFLA)
-
Juliana PavianiUNIVERSIDADE FEDERAL DE LAVRAS (UFLA)
-
Jairo Antonio Resende PavianiUNIVERSIDADE FEDERAL DE LAVRAS (UFLA)
Resumo
Introdução
Smart contracts have become foundational elements for decentralized applications (DApps), enabling trustless, autonomous operations on blockchain networks. Ethereum, as the most widely adopted platform, has popularized Solidity as the de facto language for developing such contracts. While this architecture provides transparency, immutability, and resilience, it also introduces substantial risks. Notably, flaws such as reentrancy attacks and inadequate access control have caused severe financial and operational damage, as demonstrated by multiple high-profile incidents in Ethereum's history.
Problema de Pesquisa e Objetivo
Despite the growing maturity of blockchain ecosystems and tooling, recurring vulnerabilities continue to compromise smart contracts. This study addresses the research question: What secure development practices can effectively mitigate critical vulnerabilities in Solidity smart contracts? The main objective is to identify, classify, and analyze best practices for secure smart contract development—emphasizing strategies to reduce security flaws, enhance robustness, and support responsible innovation in decentralized environments.
Fundamentação Teórica
The study draws on a multidisciplinary base, including blockchain architecture (Nakamoto, 2008), Ethereum's smart contract model (Buterin, 2014), and Solidity’s evolution (Solidity, 2024). It incorporates literature on security vulnerabilities (Atzei et al., 2017), secure coding patterns (Demeyer et al., 2022), decentralized systems (Christidis & Devetsikiotis, 2016), and detection tools such as Slither. Audit reports and vulnerability taxonomies guide the study's analytical and methodological foundation.
Discussão
The study used a qualitative method with a PRISMA-based review, audit report analysis, code inspection (Uniswap v4, Seaport, 1inch v2), and Slither scans. Reentrancy was a major flaw; best practices included Checks-Effects-Interactions, nonReentrant modifiers, and logic separation. Access control flaws involved open functions and replay attacks. Mitigation used onlyOwner/onlyRole, msg.sender validation, whitelists, and modular roles. Proactive design proved more secure than post-audit corrections.
Conclusão
The research shows that Solidity vulnerabilities—reentrancy and access control—are mostly preventable through early adoption of secure practices. Using design patterns, modular logic, and contextual checks enhances contract security. Sole reliance on static tools is inadequate; combining automated scans, manual reviews, and secure-by-design methods is essential. This layered approach improves resilience, auditability, and trust in blockchain-based systems.
Contribuição / Impacto
This study offers a reference for developers, auditors, and scholars on secure Solidity development. It synthesizes technical and empirical insights into practical guidelines for risk mitigation. By promoting robust, auditable contracts, it contributes to responsible adoption of blockchain in critical sectors like finance and public services. The findings support the development of secure-by-design smart contracts that enhance digital trust and system integrity in decentralized ecosystems.
Referências Bibliográficas
Atzei, N., Bartoletti, M., & Cimoli, T. (2017). A survey of attacks on Ethereum smart contracts (sok). In International conference on principles of security and trust (pp. 164-186). Berlin, Heidelberg: Springer Berlin Heidelberg.Demeyer, S., Rocha, H., & Verheijke, D. (2022). Refactoring Solidity smart contracts to protect against reentrancy exploits. In T. Margaria & B. Steffen (Eds.), ISoLA 2022. Lecture Notes in Computer Science, vol 13702. Springer, Cham.
Solidity . (2025). Solidity documentation (v0.8.29). Available at: https://docs.Solidity lang.org/en/v0.8.29/.
Solidity . (2025). Solidity documentation (v0.8.29). Available at: https://docs.Solidity lang.org/en/v0.8.29/.