A Vulnerability Detection Framework for Hyperledger Fabric Smart Contracts Based on Dynamic and Static Analysis
Chapter
Submitted version
Permanent lenke
https://hdl.handle.net/11250/3033024Utgivelsesdato
2022Metadata
Vis full innførselSamlinger
Originalversjon
EASE '22: Proceedings of the International Conference on Evaluation and Assessment in Software Engineering 2022 10.1145/3530019.3531342Sammendrag
Hyperledger Fabric is another development of blockchain technology after Ethereum, which is more suitable as an operating platform for smart contracts. However, the testing technology of Hyperledger Fabric smart contracts (also known as chaincode) is not yet mature currently. Based on this, this paper studies the vulnerability detection of Golang chaincodes. Firstly, we summarize 17 kinds of Golang chaincode vulnerabilities by investigating existing research. Secondly, taking the high accuracy of dynamic detection and the high efficiency of static detection into consideration, we propose a chaincode vulnerability detection framework that combines the dynamic symbolic execution and the static abstract syntax tree analysis technology. We also implement a supporting-tool that can detect the above 15 types of vulnerabilities. Finally, we test the tool by 15 chaincodes collected from GitHub and unknown vulnerabilities were detected in 13 projects. The precision turned out to be 91% after manual inspection. In order to verify the recall rate, we manually inject 30 vulnerabilities into the collected chaincodes and all of them are detected. The evaluation results show the accuracy of the proposed vulnerability detection method for Hyperledger Fabric smart contracts.