Revisiting smart contract vulnerabilities in Hyperledger Fabric

Revisiting smart contract vulnerabilities in Hyperledger Fabric

Paulsen, Cathrine (TU Delft Electrical Engineering, Mathematics and Computer Science; TU Delft Intelligent Systems)

Liang, K. (mentor)
Chen, H. (graduation committee)
Scharenborg, O.E. (graduation committee)

Delft University of Technology

Computer Science and Engineering

CSE3000 Research Project

2021-07-02

Hyperledger Fabric is a permissioned enterprise blockchain allowing organizations to collaborate and automate processes via smart contracts. However, these contracts could contain security vulnerabilities leading to unexpected behavior or other negative consequences. Therefore, this study takes a closer look at three reported smart contract vulnerabilities in Fabric: rich queries, pseudorandom number generators, and global variables. Smart contracts containing these vulnerabilities were deployed on a test network, and the vulnerable contract features were exploited and explained. The study provides an estimation of each vulnerability's impact severity, and possible countermeasures to lower it were explored and evaluated. This study found that the proposed countermeasures can at least mitigate the impact severity of all three vulnerabilities.
Additionally, the study provides an overview of compatible analysis tools. The available tools were found to be lacking, however, as most of them do not exist outside of research papers. Overall, static code analysis tools were found to be effective at detecting all three vulnerabilities.

blockchain
smart contracts
Hyperledger Fabric
security

http://resolver.tudelft.nl/uuid:dd09d153-a9df-4c1b-a317-d93c1231ee28

Student theses

bachelor thesis

© 2021 Cathrine Paulsen