Download PDFOpen PDF in browserPotential Risk Detection System of Hyperledger Fabric Smart Contract based on Static AnalysisEasyChair Preprint 51656 pages•Date: March 16, 2021AbstractThe smart contracts of Hyperledger Fabric blockchain are mostly developed in general-purpose programming languages, which are well-known by potential developers, such as Golang. Due to the lack of mature development specifications for smart contracts using general-purpose programming language, there are often potential risks in the smart contracts related to the characteristics of Hyperledger Fabric. It will bring many inconveniences and potential safety hazards to users after the smart contracts are deployed. Although there are already some potential risk detection tools for smart contracts of Hyperledger Fabric, the accuracy and coverage of the tools are limited. In response to the above problems, this article summarizes three types of potential risks in the smart contracts of Hyperledger Fabric: Non-determinism Risk, Logical Security Risk, and Private Data Security Risk. In order to detect these different types of potential risks, we propose a new static analysis method based on Abstract Syntax Tree, Package Dependency Analysis, and Functional Dependency Analysis. At the same time, we design a detection system that can accurately locate the location of potential risk items in the smart contracts of Hyperledger Fabric and generate development suggestions for the reference of smart contract developers. Keyphrases: Hyperledger Fabric, Potential Risk Detection, smart contract, static analysis
|