A Vulnerability Detection Framework for Hyperledger Fabric Smart Contracts Based on Dynamic and Static Analysis

EasyChair Preprint 8161

Abstract

Hyperledger Fabric is another development of blockchain technology after Ethereum, which is more suitable as an operating platform for smart contracts. However, the testing technology of Hyperledger Fabric smart contracts (also known as chaincode) is not yet mature currently. Based on this, this paper studies the vulnerability detection of chaincodes. Firstly, we summarize 17 kinds of chaincode vulnerabilities by investigating existing research. Secondly, taking the high accuracy of dynamic detection and the high efficiency of static detection into consideration, we propose a chaincode vulnerability detection framework that combines the dynamic symbolic execution and the static abstract syntax tree analysis technology. We also implement a supporting-tool that can detect the above 15 types of vulnerabilities. Finally, we test the tool by 15 chaincode projects collected from GitHub and unknown vulnerabilities were detected in 13 projects. The accuracy rate was 91% after manual inspection. In order to verify the recall rate, we manually inject 30 vulnerabilities into the collected chaincodes and all of them are detected. The evaluation results show that the proposed vulnerability detection method for Hyperledger Fabric smart contracts has a certain degree of innovation and effectiveness.

Keyphrases: Hyperledger Fabric, abstract syntax tree, smart contract, symbolic execution, vulnerability detection

@booklet{EasyChair:8161,
  author    = {Peiru Li and Shanshan Li and Mengjie Ding and Jiapeng Yu and He Zhang and Xin Zhou and Jingyue Li},
  title     = {A Vulnerability Detection Framework for Hyperledger Fabric Smart Contracts Based on Dynamic and Static Analysis},
  howpublished = {EasyChair Preprint 8161},
  year      = {EasyChair, 2022}}