A Review Analysis on Smart Contract Vulnerabilities Using Blockchain Bibin Baby 1 , Alan Sunil 2 , Neetha Thomas 3 1 BCA Scholar Santhigiri College of Computer Sciences, Vazhithala, Thodupuzha, Idukki bcaa19_2236@santhigiricollege.com 2 BCA Scholar Santhigiri College of Computer Sciences, Vazhithala, Thodupuzha, Idukki bcaa19_2208@santhigiricollege.com 3 Assistant Professor Department of Computer Science Santhigiri College of Computer Sciences, Vazhithala, Thodupuzha, Idukki neethathomas@santhigiricollege.com Abstract: Smart Contracts have gained tremendous popularity in the past few years., to the point that billons of US Dollars are currently exchanged very day through such technology. In this paper we advocate the need for a discipline of Blockchain Software Engineering, addressing the issues posed by smart contract programming and other and other application running on blockchains. We analyze a case of study where a bug discovered in a Smart Contract Library, and perhaps “unsafe” programming, allowed an attack on Parity, a wallet application, causing the freezing of about 500K Ethers. In this study we analyze the source code of Parity and the Library, and discuss how recognized best practices could mitigate, if adopted and adapted, such detrimental software misbehavior. We also specify the Smart Contract software development, which make some of the existing approaches insufficient, and call for the definition of a specific Blockchain Software Engineering. Keywords: smart contracts, blockchains, software engineering. 1. Introduction Smart contracts are becoming more and more popular nowadays. They were first conceived in 1997 and the idea was originally described by computer scientist and cryptographer Nick Szabo as a kind of digital vending machine. He described how users could input data or value and receive a finite item from a machine (in this case a real-world snack or a soft drink). More in general, smart contracts are self-enforcing agreements, i.e. contracts, as we intend them in the real world, but expressed as a computer program whose execution enforces the terms of the contract. This is a clear shift in the paradigm: untrusted parties demand the trust on their agreement to the correct execution of a computer program. A properly designed smart contract makes possible a crow-funding platform without the need for a trusted third party in charge of administering the system. It is worth remarking that such a third party makes the system centralized, where all the trust is demanded to a single party, entity, or organisation. Since smart contracts are stored on a blockchain, they are immutable, public and decentralised. Immutability means that when a smart contract is created, it cannot be changed again and no one will be able to tamper with the code of a contract. The decentralised model of immutable contracts implies that the execution and output of a contract is validated by each participant to the system and, therefore, no single party is in control of the money. No one could force the execution of the contract to release the funds, as this would be made invalid by the other participants to the system. Tampering with smart contracts become almost impossible. A smart contract does not necessarily constitute a valid binding agreement at law. Some legal academics claim that smart contracts are not legal agreements, but rather means of performing obligations deriving from other agreements such as technological means for the automation of payment obligations or obligations consisting in the transfer of tokens or cryptocurrencies. Additionally, other scholars have argued that the imperative or declarative nature of programming languages can impact the legal validity of smart contracts. With the 2015's implementation of Ethereum, based on blockchains, "smart contract" is mostly used more specifically in the sense of general-purpose computation that takes place on a blockchain or distributed ledger. The US National Institute of Standards and Technology describes a "smart contract" as a "collection of code and data (sometimes referred to as functions and state) that is deployed using cryptographically signed transactions on the blockchain network". In this interpretation, used for example by the Ethereum Foundation or IBM, a smart contract is not International Conference on Interllectual Property Rights, 20/02/2021 Santhigiri College of Computer Sciences, Idukki, Kerala, India 56