Revisiting smart contract vulnerabilities in Hyperledger Fabric

More Info


Hyperledger Fabric is a permissioned enterprise blockchain allowing organizations to collaborate and automate processes via smart contracts. However, these contracts could contain security vulnerabilities leading to unexpected behavior or other negative consequences. Therefore, this study takes a closer look at three reported smart contract vulnerabilities in Fabric: rich queries, pseudorandom number generators, and global variables. Smart contracts containing these vulnerabilities were deployed on a test network, and the vulnerable contract features were exploited and explained. The study provides an estimation of each vulnerability's impact severity, and possible countermeasures to lower it were explored and evaluated. This study found that the proposed countermeasures can at least mitigate the impact severity of all three vulnerabilities.
Additionally, the study provides an overview of compatible analysis tools. The available tools were found to be lacking, however, as most of them do not exist outside of research papers. Overall, static code analysis tools were found to be effective at detecting all three vulnerabilities.