Smart Contract - Security Assessment Integrated Framework (SC-SIF) for Hyperledger Fabric

Abstract

In the era of ever-changing technology, we people are adopting new technologies/domains to make a better world. In recent times, Blockchain technology is known for its distributed, permissioned/permission-less and immutability nature. Likewise, the Hyperledger fabric is a permission-based framework that can be used in cross-industry applications for Blockchain technology. The logic behind the cross-industry applications is written in a specific language called a smart contract. Though Hyper ledger fabric is permissioned and is considered immutable, detecting architectural threats on the security and privacy mechanisms of Hyperledger Fabric is a challenge. In this paper, we are proposing the Security Assessment Integrated (SC-SIF) Framework for smart contract assessment in the Hyperledger fabric. This can be used to analyze, scan, and evaluate the smart contracts security vulnerability written in NodeJS/Go/script language. Furthermore, framework provide an integration platform to define and configure multiple security tools including communication protocol, exchange policy and security rules to obtain the security vulnerability on provided smart contracts. It also provides an option to evaluate the tools security assessment report and generate smart contract assessment report in human readable form (JSON/XML) that can help research community, developer, and analyst to improve their smart contract. This paper also briefs literature survey of existing security assessment smart contract and incorporates the working of the ledger, channels, endorsement policy roles, and the transaction flow.