Revisiting smart contract vulnerabilities in Hyperledger Fabric

Bachelor thesis (2021)

Authors

C.R. Paulsen Electrical Engineering, Mathematics and Computer Science

Contributors

K. Liang Cyber Security - EEMCS (supervisor 1)
H. Chen Cyber Security - EEMCS (supervisor 2)
Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright: © 2021 Cathrine Paulsen
More Info
expand_more

Published Date

02-07-2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Hyperledger Fabric is a permissioned enterprise blockchain allowing organizations to collaborate and automate processes via smart contracts. However, these contracts could contain security vulnerabilities leading to unexpected behavior or other negative consequences. Therefore, this study takes a closer look at three reported smart contract vulnerabilities in Fabric: rich queries, pseudorandom number generators, and global variables. Smart contracts containing these vulnerabilities were deployed on a test network, and the vulnerable contract features were exploited and explained. The study provides an estimation of each vulnerability's impact severity, and possible countermeasures to lower it were explored and evaluated. This study found that the proposed countermeasures can at least mitigate the impact severity of all three vulnerabilities.
Additionally, the study provides an overview of compatible analysis tools. The available tools were found to be lacking, however, as most of them do not exist outside of research papers. Overall, static code analysis tools were found to be effective at detecting all three vulnerabilities.