Potential Risk Detection System of Hyperledger Fabric Smart Contract based on Static Analysis

Abstract

As an indispensable part of Hyperledger Fabric application system, smart contracts are mostly developed in general-purpose programming languages such as Golang. However, these smart contracts often have potential risks that cause serious problems such as failed transactions or sensitive information leakage on the ledger. Although there are already some detection tools for potential risks, e.g., Chaincode Scanner and Chaincode Analyzer, the accuracy and coverage of them are limited. In response to the above problems, this paper summarizes 16 potential risks in smart contracts, including three type risks: Non-determinism Risk, Logical Security Risk, and Private Data Security Risk. In order to detect them, we propose a new static analysis method based on Abstract Syntax Tree Analysis, Package Dependency Analysis, and Functional Dependency Analysis. Based on the new method, a detection system is designed that can detect 16 potential risks in smart contracts developed using Golang language more accurately and provide development suggestions to eliminate these risks.