Using Fault Injection to Assess Blockchain Systems in Presence of Faulty Smart Contracts

Termination of smart contracts is crucial for any blockchain system's security and consistency, especially for those supporting Turing-complete smart contract languages. Resource-constrained blockchain systems, like Ethereum and Hyperledger Fabric, could prevent smart contracts from terminating properly when the pre-allocated resources are not sufficient. The Zen system utilizes the dependent type system of the programming language F* to prove the termination of smart contracts for all inputs during compilation time. Since the smart contract execution usually depends on the current blockchain state and user inputs, this approach is not always successful. In this work, we propose a lazy approach by statically proving conditional termination and non-termination of a smart contract to determine input conditions under which the contract terminates or not. Prior to the execution of the smart contract, the proof-carrying blockchain system will check that its current state and the contract's input satisfy the termination conditions in order to determine if the contract is qualified (i.e., eventually terminating) to run on the chain.

The development of smart contract in a decentralized blockchain system raises various problems in the legal field marked by cases of smart contract violations such as the DAO, Parity Wallet, and PlayDapp cases. The breach of smart contract in the blockchain system affects the application and enforcement of conventional law in a virtual world that has no geographical jurisdiction. The limitations of conventional law in regulating the virtual world gave birth to various new legal concepts such as lex cryptographia and virtual state. This research aims to examine the expansion of law in blockchain systems and smart contract, especially in cases of breach of smart contract and the birth of new governance. This research uses doctrinal research methods with a case study approach and literature research. Based on the results of this research, the existence of smart contracts affects the legal expansion of their legitimacy and application as contracts that have legal force. Smart contract that have no ties to territorial jurisdiction give the parties to the smart contract complete freedom to regulate the settlement of contract violations, so that smart contracts become law, legal procedures, and punishment itself in carrying out its functions. In addition, the existence of smart contracts in the blockchain system also gave birth to lex cryptographia as a new law and a blockchain-based virtual state as a new governance model that is not limited by geographical areas.

A smart contract is a computer protocol intended to digitally facilitate and enforce the negotiation of a contract in undependable environment. However, the number of attacks using the vulnerabilities of the smart contracts is also growing in recent years. Many solutions have been proposed in order to deal with them, such as documenting vulnerabilities or setting the security strategies. Among them, the most influential progress is made by the formal verification method. In this paper, we propose a formal verification method based on Colored Petri Nets (CPN) to verify smart contracts in blockchain system. First, we develop the smart contract models with possible attacker models based on hierarchical CPN modeling, then the smart contract models are executed by step-by-step simulation to validate their functional correctness, and finally we utilize the branch timing logic ASK-CTL based model checking technology in the CPN tools to detect latent vulnerabilities in smart contracts. We demonstrate that our CPN modeling based verification method can not only detect the logical vulnerabilities of the smart contract, but also consider the impacts of users behavior to find out potential non-logical vulnerabilities in the contracts, such as the vulnerabilities caused by the limitations of the Solidity language.

UCBIS: An improved consortium blockchain information system based on UBCCSP

International audience

Recently the blockchain technology has been actively studied due to its great potentiality. The smart contract is a key mechanism of the blockchain system. Due to the short history of the smart contract, many issues have not been solved yet. One main issue is vulnerability and another main issue is cost optimization. While the vulnerability of smart contract has been actively studied, the cost optimization has been rarely studied. In this paper, we propose two cost optimization methods for smart contracts running on the blockchain system. Triggering a function in a smart contract program code may require costs and it is repeated continuously. So the minimization of costs required to trigger a function of smart contract while maintaining the performance equally is very important. The proposed two methods minimize the usage of expensive permanent variables deployed on the blockchain system. We apply the proposed two methods to three prevalent blockchain platforms: Ethereum, Klaytn and Tron. Evaluation experiments verify that the proposed scheme significantly reduces the costs of functions in the smart contract written with Solidity.

Hyperledger Fabric is a well-known framework for developing enterprise blockchain solutions. Developers of these blockchains must ensure the correct execution of read and write operations so that the smart contracts' application logic is consistent with the business logic. In this paper, we present a static analysis approach based on abstract interpretation to detect read-write set issues in Hyperledger Fabric smart contracts and avoid bugs and critical errors that could compromise blockchain applications. The analysis is implemented in GoLiSA, a semantics-based static analyzer for Go applications. Our experimental results show that the proposed analysis can detect read-write set issues on a significant benchmark of existing applications. Moreover, it achieves better results in detecting read-after-write issues than other well-known open-source analyzers for Hyperledger Fabric smart contracts.

Smart contracts are widely employed in many industries as a result of the high-quality development of science and economic technology, as well as the introduction of blockchain, which can automatically conduct retrieval, verification, and payment tasks. Smart contracts as an emerging topic, particularly the study of smart legal contracts, must remain forward-looking, and the smart contract sector cannot wait for the legal status of smart contracts to be resolved before advancing. The relative lag of the law becomes unavoidable due to the unassembled and unpredictable character of the law and thus its legislation. In this paper, we explore the incorporation of smart contracts into the scope of legal regulation, the construction of a series of systems for smart contracts, and the prognosis of smart contracts in terms of contract logic, arbitration process, and formal verification from the current law. Furthermore, a smart contract payment template based on semantic-aware graph neural networks is proposed to address the traditional smart contract vulnerability detection payment template method's low detection accuracy and high false alarm rate, as well as the neural network-based method's insufficient mining of bytecode-level smart contract features. Experiments comparing the method described in this research to comparable methods reveal that the strategy proposed in this study improves all types of indicators significantly.

In this paper, we propose the application of a well-known runtime fault-tolerance technique, N-Version Program-ming (NVP), as a new tool of smart contract software fault mitigation, especially for execute-order-validate blockchain systems, such as Hyperledger Fabric (HLF). Two patterns for aligning the NVP concept with the HLF architecture are proposed. A fully transparent solution where all peers have the same N versions installed and one we termed ‘O-Version Programming’ (where ‘O’ stands for ‘Organization’), which relies on the majority voting aspects of execute-order-validate consensus mechanisms.

The rise of blockchain technology has paved the way for an increasing number of blockchain systems, each having different characteristics. The need for distributed applications that span across multiple blockchain systems is increasing. However, it is currently not possible to write a single-description smart contract which can be compiled to span across multiple blockchain systems. In this paper we present PORTHOS, a macroprogramming framework and domain specific language for writing commitment-based smart contracts that span multiple blockchain systems. The language allows programmers to write smart contracts at a higher level of abstraction by composing together contract blocks, without the need to specify how logic should be split across different blockchain instances. A runtime framework, including both on-chain and off-chain functionality, harmonises the features of different blockchain systems as well as enables communication across the smart contracts. A proof of concept, built on the Ethereum and Hyperledger Fabric blockchain systems and extendible to other systems, illustrates the technique and framework. We also show how the PORTHOS language is expressive enough to define a variety of applications.

Smart contracts are programs that automatically execute on the blockchain system such as Ethereum. Everybody can write and deploy smart contracts on Ethereum, which causes a large collection of similar contracts via code reuse. In practice, code reuse in smart contract may amplify severe threats like security attacks, resource waste, etc. In this paper, we conduct an empirical study of code reuse in smart contracts for understanding the code reuse practice in the smart contract ecosystem. We first collect 146,452 open-source smart contract projects from Ethereum and then perform a detailed analysis. We first study how often the smart contract projects reuse and then we identify the top reused smart contracts and analyze how the developers revise smart contracts during reuse. Our research suggests that the code reuse in smart contract is quite frequent because about 26% contract code blocks are reused and the average time of reuse is 14.6. And the top reused contracts are almost all related to ERC20 token, which reveals that the current smart contract ecosystem is relatively homogenous. At last, we summarize 7 common types of code revision in smart contracts.

Over the last decades, software has been introduced in desperate safety domains, such as automotive, avionics and railways, just to name a few. For these domains, software is demanded to be highly robust to hardware faults and software faults since its failure may endanger human life, harm the environment, or cause economical loss. Fault injection, the deliberate inoculation of faults, is a powerful means to assess the robustness of software components that goes far beyond traditional testing techniques. Fault Injection encompasses several techniques, among them robustness testing and software implemented fault injection, which emulate software faults and hardware faults, respectively. Despite the intensive use of these techniques, their application is still costly. This thesis focuses on robustness testing and software implemented fault injection, for both analyzes the �effect of workload on the experiment outcomes. Furthermore, the thesis suggests approaches to make the fault injection techniques more cost-effective by leveraging on the workload.

The speedy growth of cryptocurrencies in recent years and Blockchain technology has revived smart contracts (SC). Decentralization, verifiability, and enforceability are SC characteristics that allow contract terms to be enforced between untrustworthy parties without the interference of a central server or centralized authority. Traditional sectors, such as finance, the Internet of Things (IoT), and management, are expected to be transformed by smart contracts. Smart contracts could be used in a wide range of scenarios in the digital economy and smart industries such as banking, marketing, sanitation, and the IoT. Not only that, but the SC may also provide improvements in the mainstream development process. For the security of information in distributed networks, Blockchain systems such as Ethereum and Hyperledger are trending. The problems related to privacy and security of information need enhancement through analysis, and we discuss the same in this chapter. Blockchain creates secure smart contracts and has some unique features, including: (a) The Smart Contract software code is recorded and tested on the Blockchain, thereby rendering the Contract resistant to interference. (b) The smart contract execution is imposed anonymously, trustless single nodes with no centralized power and cooperation of third-party administrations. (c) The Smart Contract acts as an intelligent agent with its cryptocurrency (or possibly other digital assets) to transfer when certain conditions are met. Smart contracts are computer protocols that use Blockchain technology to digitally verify, facilitate, and enforce agreements between two or more parties. This chapter aims to provide a comprehensive and systematic overview of Blockchain-based Smart Contracts and their emerging research fields.

In the era of ever-changing technology, we people are adopting new technologies/domains to make a better world. In recent times, Blockchain technology is known for its distributed, permissioned/permission-less and immutability nature. Likewise, the Hyperledger fabric is a permission-based framework that can be used in cross-industry applications for Blockchain technology. The logic behind the cross-industry applications is written in a specific language called a smart contract. Though Hyper ledger fabric is permissioned and is considered immutable, detecting architectural threats on the security and privacy mechanisms of Hyperledger Fabric is a challenge. In this paper, we are proposing the Security Assessment Integrated (SC-SIF) Framework for smart contract assessment in the Hyperledger fabric. This can be used to analyze, scan, and evaluate the smart contracts security vulnerability written in NodeJS/Go/script language. Furthermore, framework provide an integration platform to define and configure multiple security tools including communication protocol, exchange policy and security rules to obtain the security vulnerability on provided smart contracts. It also provides an option to evaluate the tools security assessment report and generate smart contract assessment report in human readable form (JSON/XML) that can help research community, developer, and analyst to improve their smart contract. This paper also briefs literature survey of existing security assessment smart contract and incorporates the working of the ledger, channels, endorsement policy roles, and the transaction flow.

Due to their decentralized and trustless nature, blockchain and distributed ledger technologies are increasingly used in several domains, including critical applications. The behavior of such blockchain-integrated systems is typically driven by smart contracts. However, smart contracts are application-specific software and may contain faults with severe system-level impacts. This is especially true in the case of the extensively used Hyperledger Fabric (HLF) platform, where smart contracts are written in general-purpose languages (Java, among others), and applications can go far beyond handling virtual-currency-like assets. In this work, we present a novel formal-verification-based approach to smart contract verification and a high-level empirical model of the HLF platform. Our Smart Contract in the Loop (SCIL) method uses a model checker (Java Pathfinder) to check whether specific error properties hold for a given smart contract, while a predefined combination of platform-level fault modes is active. We facilitate the checking of HLF smart contracts without modification and enable the propagation or non-propagation of platform faults through the smart contracts to the system failure level.