Revisiting smart contract vulnerabilities in Hyperledger Fabric
C.R. Paulsen (TU Delft - Electrical Engineering, Mathematics and Computer Science)
Katai Liang – Mentor (TU Delft - Cyber Security)
H. Chen – Graduation committee member (TU Delft - Cyber Security)
O.E. Scharenborg – Coach (TU Delft - Multimedia Computing)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Hyperledger Fabric is a permissioned enterprise blockchain allowing organizations to collaborate and automate processes via smart contracts. However, these contracts could contain security vulnerabilities leading to unexpected behavior or other negative consequences. Therefore, this study takes a closer look at three reported smart contract vulnerabilities in Fabric: rich queries, pseudorandom number generators, and global variables. Smart contracts containing these vulnerabilities were deployed on a test network, and the vulnerable contract features were exploited and explained. The study provides an estimation of each vulnerability's impact severity, and possible countermeasures to lower it were explored and evaluated. This study found that the proposed countermeasures can at least mitigate the impact severity of all three vulnerabilities.
Additionally, the study provides an overview of compatible analysis tools. The available tools were found to be lacking, however, as most of them do not exist outside of research papers. Overall, static code analysis tools were found to be effective at detecting all three vulnerabilities.