HighGuard: Cross-Chain Business Logic Monitoring of Smart Contracts

Smart contracts on the blockchain – A bibliometric analysis and review

As blockchain technology advances, so has the deployment of smart contracts on blockchain platforms, making it exceedingly challenging for users to explicitly identify application services. Unlike traditional contracts, smart contracts are not written in a natural language, making it difficult to determine their provenance. Automatic classification of smart contracts offers blockchain users keyword-based contract queries and a streamlined effective management of smart contracts. In addition, the advancement in smart contracts is accompanied by security challenges, which are generally caused by domain-specific security breaches in smart contract implementation. The development of secure and reliable smart contracts can be extremely challenging due to domain-specific vulnerabilities and constraints associated with various business logics. Accordingly, contract classification based on the application domain and the transaction context offers greater insight into the syntactic and semantic properties of that class. However, despite initial attempts at classifying Ethereum smart contracts, there has been no research on the identification of smart contracts deployed in transactive energy systems for energy exchange purposes. In this article, in response to the widely recognized prospects of blockchain-enabled smart contracts towards an economical and transparent energy sector, we propose a methodology for the detection and analysis of energy smart contracts. First, smart contracts are parsed by transforming code elements into vectors that encapsulate the semantic and syntactic characteristics of each term. This generates a corpus of annotated text as a balanced, representative collection of terms in energy contracts. The use of a domain corpus builder as an embedding layer to annotate energy smart contracts in conjunction with machine learning models results in a classification accuracy of 98.34%. Subsequently, a source code analysis scheme is applied to identified energy contracts to uncover patterns in code segment distribution, predominant adoption of certain functions, and recurring contracts across the Ethereum network.

The post-deployment challenges in developing and upgrading blockchain smart contracts necessitate a high level of accuracy in their development and business logic. However, current methodologies for verifying the business logic of smart contracts frequently fail to address their alignment with end-user business requirements. This paper introduces a two-step language transformation process to bridge this gap. Initially, we establish a transformation rule from the Business Process Model and Notation (BPMN) to Prolog, enabling the translation of business processes into a Prolog representation. This step not only validates the business process logic but also ensures it meets user specifications. Subsequently, we introduce a transformation rule from the BPMN to Go, which facilitates the transformation of the BPMN model, once validated, into a Go language smart contract. To enhance usability, we have engineered a dedicated tool that streamlines this transformation process. We present a case study involving a banking loan process to exemplify the utility of our tool in creating BPMN diagrams, conducting requirement and syntax validations, and effecting the transformation to Go smart contracts. The case study and empirical results suggest that our methodology and the accompanying tool mitigate the complexities inherent in smart contract development. They also ensure the fidelity of business logic to user demands, thereby promoting the broader adoption of blockchain smart contract technology.

Fabric is currently the most popular consortium chain platform with a modular architecture that provides high security, elasticity, flexibility and scalability. Smart contracts realize the automatic execution of transactions and the operation of reconciliation data. The Fabric platform supports general programming languages ​​to write smart contracts. However, in the development process of smart contracts, due to insufficient understanding of the underlying operating logic of smart contracts, developers are prone to introduce some risky operations, resulting in a mismatch between the execution logic of smart contracts and business logic, resulting in a lot of losses. The read-after-write risk is a relatively complex and common security risk in smart contracts. Currently, many detection tools cannot detect this risk. There is an urgent need for a solution that can quickly and accurately detect the read-after-write risk in smart contracts. This paper proposes a static analysis smart contract read-after-write risk detection method based on key methods and call chains. The scheme extracts key method patterns on the abstract syntax tree, identifies and locates key methods with risks, greatly reduces the interference of useless nodes on detection, and realizes rapid detection. By constructing the key method call chain, the real call scene is restored according to the call type and attribute of the key method. After experimental verification, compared with the current popular smart contract risk detection tool Revive^CC, the tool proposed in this paper has higher detection accuracy and can more accurately locate the read-after-write risk in smart contracts.

Smart contracts are a special type of programs running inside a blockchain. Immutable and transparent, they provide means to implement fault-tolerant and censorship-resistant services. Unfortunately, its immutability causes a serious challenge of ensuring that a business logic and implementation is correct upfront, before publishing in a blockchain. Several big accidents have indeed shown that users of this technology need special tools to verify smart contract correctness. Existing automated checkers are able to detect only well known implementation bugs, leaving the question of business logic correctness far aside. In this work, we present a symbolic model-checking technique along with a formal specification method for a subset of Solidity programming language that is able to express both state properties and trace properties; the latter constitutes a weak analogy of temporal properties. We evaluate the proposed technique on the MiniDAO smart contract, a young brother of notorious TheDAO. Our Proof-of-Concept was able to detect a non-trivial error in the business logic of this smart contract in a few seconds.

Blockchain smart contracts formalization: Approaches and challenges to address vulnerabilities

Blockchain has become particularly popular due to its promise to support business-critical services in very different domains (e.g., retail, supply chains, healthcare). Blockchain systems rely on complex middleware, like Ethereum or Hyperledger Fabric, that allow running smart contracts, which specify business logic in cooperative applications. The presence of software defects or faults in these contracts has notably been the cause of failures, including severe security problems. In this paper, we use a software implemented fault injection (SWIFI) technique to assess the behavior of permissioned blockchain systems in the presence of faulty smart contracts. We emulate the occurrence of general software faults (e.g., missing variable initialization) and also blockchain-specific software faults (e.g., missing require statement on transaction sender) in smart contracts code to observe the impact on the overall system dependability (i.e., reliability and integrity). We also study the effectiveness of formal verification (i.e., done by solc-verify) and runtime protections (e.g., using the assert statement) mechanisms in detection of injected faults. Results indicate that formal verification as well as additional runtime protections have to complement built-in platform checks to guarantee the proper dependability of blockchain systems and applications. The work presented in this paper allows smart contract developers to become aware of possible faults in smart contracts and to understand the impact of their presence. It also provides valuable information for middleware developers to improve the behavior (e.g., overall fault tolerance) of their systems.

Smart contracts are widely popularized to transfer an asset securely from one device to another. Smart contracts contain the blockchain’s business logic that revolutionized the concept of self-enforcing contracts without the need for a middle man. Many use cases thus are being generated day by day. Smart contracts allow us to build decentralized applications through blockchains. The transactions in the smart contract are interrelated; they define the overall flow of the application. To maintain integrity between the transactions, the execution of the smart contracts is sequential and has no conflicts. These contracts’ execution is slow and time-consuming. Thus, we cannot leverage the current systems’ complete resource utilization. To overcome this, we propose a safer multi-threading model using fine-grain locking and thread executor service mechanism to concurrently execute the smart contract which also provides integrity among the transactions. Our results prove the faster and safer execution of smart contracts.KeywordsBlockchainFine-grain lockingSmart contractThread executor service

The introduction of blockchain technology into Supply Chain management has opened the possibility of faster and more secure transactions of commodities and services. As for every blockchain, Smart Contracts are the tool for controlling the transactions in blockchain-based supply chains. In this paper, we introduce a method for automating the implementation of natural language contracts into Smart Contracts in the Supply Chain context. The basic idea here is to extract information from a natural language contract using two Natural Language Processing (NLP) techniques, the Named Entity Recognition (NER) and Relation Extraction (RE), and then use this extracted information to automatically create a corresponding Smart Contract. This is an ongoing project, and we implemented the first phase of NLP, i.e., NER. The main issue we are facing here is the limited availability of annotated contract datasets. To tackle this challenge, we created an annotated legal contract dataset dedicated to the NER task. The dataset is analyzed with the deep learning method (BiLSTM) and transformer-based method (BERT). As per the generation of smart contracts, our approach consists of identifying meaningful entities and the relations between them and then representing them as business logic that can be directly incorporated into computer code as blockchain smart contracts.KeywordsNLPNERREDatasetDeep learningLegal domain

The use of private blockchains is proposed to enhance decentralized 5G-based DoD wireless network security, auditability, governance, and overall performance. This paper explores and validates methods for leveraging smart contracts and decentralized consensus mechanisms inherent to blockchain approaches to securely enhance wireless network performance. A real-time, decentralized architectural software implementation is postulated with detailed interfaces to determine how blockchain and smart contracts apply to real-world wireless networks based on a patented approach developed by the authors. Methods are presented for decentralized wireless networks to perform network arbitration, spectrum service level agreements, and business logic through low latency blockchain transactions. Simulation results characterize the performance of typical blockchain transaction latencies in decentralized wireless network paradigms to determine feasibility. Use case studies of federal and non-federal spectrum sharing are discussed that demonstrate how a private decentralized blockchain architecture and smart contracts can provide considerably improved wireless network performance.

In the previous chapter we learned how to programmatically interact with Bitcoin and Ethereum blockchains using JavaScript. We also touched on how to create and deploy Ethereum smart contracts. In this chapter we will take our blockchain application programming to the next level by learning how to develop and deploy a DApp based on the Ethereum blockchain. As part of creating this DApp, we will be setting up a private Ethereum network and then we will use this network as the underlying blockchain for our DApp. This DApp will have its business logic in an Ethereum smart contract, and this logic will be executed using a web application connecting to private Ethereum network. This way, we intend to cover all aspects of Ethereum application development— from setting up nodes and networks, to creating and deploying a smart contract, to executing smart contract functions using client applications.

MDAPW3: MDA-based development of blockchain-enabled decentralized applications

Access control management is an integral part of maintaining the security of an application. Although there has been significant work in the field of cloud access control mechanisms, however, with the advent of Distributed Ledger Technology (DLT), on-chain access control management frameworks hardly exist. Existing access control management mechanisms are tightly coupled with the business logic, resulting in governance issues, non-coherent with existing Identity Management Solutions, low security, and compromised usability. We propose a novel framework to implement dynamic role-based access control for decentralized applications (dApps). The framework allows for managing access control on a dApp, which is completely decoupled from the business application and integrates seamlessly with any dApps. The smart contract architecture allows for the independent management of business logic and execution of access control policies. It also facilitates secure, low cost, and a high degree of flexibility of access control management. The proposed framework promotes decentralized governance of access control policies and efficient smart contract upgrades. We also provide quantitative and qualitative metrics for the efficacy and efficiency of the framework. Any Turing complete smart contract programming language is an excellent fit to implement the framework. We expect this framework to benefit enterprise and non-enterprise dApps and provide greater access control flexibility and effective integration with traditional and state of the art identity management solutions.

Due to the proliferation of IoT and the popularity of smart contracts mediated by blockchain, smart home systems have become capable of providing privacy and security to their occupants. In blockchain-based home automation systems, business logic is handled by smart contracts securely. However, a blockchain-based solution is inherently resource-intensive, making it unsuitable for resource-constrained IoT devices. Moreover, time-sensitive actions are complex to perform in a blockchainbased solution due to the time required to mine a block. In this work, we propose a blockchain-independent smart contract infrastructure suitable for resource-constrained IoT devices. Our proposed method is also capable of executing time-sensitive business logic. As an example of an end-to-end application, we describe a smart camera system using our proposed method, compare this system with an existing blockchain-based solution, and present an empirical evaluation of their performance.

Blockchain has been praised for its capacity to hold data in a decentralized and tamper-proof way. It also supports the execution of code through blockchain's smart contracts, adding automation of actions to the network with high trustability. However, as smart contracts are visible by anybody on the network, the business data and logic may be at risk, thus companies could be reluctant to use such technology. This paper aims to propose a pattern that allows the execution of automatable legal contract clauses, where its execution states are stored in an on-chain smart-contract and the logic needed to enforce it wraps it off-chain. An engine completes this pattern by running a business process that corresponds to the legal contract. We then propose a pattern-based solution based on a real-life use case: transportation of refrigerated goods. We argue that this pattern guarantees companies pseudonymity and data confidentiality while ensuring that an audit trail can be reconstituted through the blockchain smart-contract to identify misbehavior or errors. This paper paves the way for a future possible implementation of the solution described, as well as its evaluation.