Analysis of Source Code Duplication in Ethreum Smart Contracts

The practice of writing smart contracts for the Ethereum blockchain is quite recent and still in development. A blockchain developer should expect constant changes in the security software field, as new bugs and security risks are discovered, and new good practices are developed. Following the security practices accepted in the blockchain community is not enough to ensure the writing of secure smart contracts. The paper aims to study the practice of code cloning among the smart contracts by analyzing two corpora. The first corpus, the "Smart-Corpus", includes smart contracts already deployed in the Ethereum blockchain. The second corpus, the "Open-Zeppelin's Solidity Library", is supervised by a community of developers who constantly take care to increase the security and efficiency of the smart contracts included in the corpus. From the comparative analysis of the corpora, we observe that the smart contracts developers frequently duplicate the code by cloning already existing smart contracts which are not part of the "OpenZeppelin corpus". In particular, we found that 79.1% of smart contracts contain duplicated code and only 18.4% of smart contracts reuse the code by implementing a smart corpus belonging to the OpenZeppelin repository. The paper discusses the advantages and the disadvantages of code duplication in the Ethereum blockchain ecosystem, and suggests to refer to the smart contracts of the OpenZeppelin's Solidity Library. The Ethereum blockchain community can indeed benefit from using the tested code presented in OpenZeppelin's Solidity Library to increase its security.