Beijing,China,and Kawasaki,Japan, February 22, 2019
Fujitsu Research and Development Center Co., Ltd. (*1) and Fujitsu Laboratories Ltd. (*2) today announced development of technology that can comprehensively detect, in advance, risks associated with smart contracts, which are programs that automatically execute transactions on blockchain platforms. The technology also locates relevant risks in the smart contracts.
Blockchain technology, which was developed as the foundation for Bitcoin, is expected to have applications in a variety of fields beyond finance, including real estate and healthcare. Nevertheless, if smart contracts have risks, it would directly lead to business losses, so it is an important research issue to improve the reliability of blockchain system. Now, Fujitsu Research and Development Center and Fujitsu Laboratories have developed algorithms to identify risk-affected transaction process on Hyperledger Fabric (*3), which is one of the execution platforms of blockchain application, using source code analysis technology. Using these algorithms, they have developed technology that can comprehensively detect 13 types of risks in smart contracts(Fig.1), which have the potential to be overlooked in a manual review, and can then locate relevant risks in the smart contracts.
Details of this technology will be announced at the International Workshop on Blockchain Oriented Software Engineering 2019 (IWBOSE 2019), an international conference that to be held in Hangzhou, China on February 24 (Sunday).
【 Development Background 】
Blockchain technology can ensure that, even without a trusted third-party intermediary, data will not be altered, and is expected to have applications not only in the field of finance, but also in securities management, real estate registration, healthcare, and electronic government.
Blockchain offers functionality to automatically check and execute smart contracts, which are implemented as source codes. Because smart contracts are copied to multiple locations and executed in a distributed manner, once a contract has been executed, it cannot easily be stopped, and it cannot be revised even if risks are found in the smart contract. In fact, there has been an incident in which, because a smart contract to create an automatic investment trust application on a blockchain was flawed, a huge amount of capital was improperly transferred.
【 Issues 】
In Hyperledger Fabric, which is one of execution platforms of blockchain applications, the risk of smart contract is classified into 13 types (Fig.1). But previous technologies to detect smart contract risks in advance were unable to detect all of the different types. For example, when writing based on the read value, there is a possibility that the value may not be reflected correctly, since it might be altered by other concurrent transactions. Previous technologies could not detect such risks as they do not consider such context.
Figure 1: Types of risk that can be detected in smart contracts
【 About the Newly Developed Technology 】
Now, Fujitsu Research and Development Center and Fujitsu Laboratories have now developed algorithms to automatically detect risks in smart contracts for Hyperledger Fabric that could not previously be detected (Fig.2).
Figure 2: Smart contract risks detection
Details of the technology are as follows:
1. Technology to detect smart contract risks
Fujitsu Research and Development Center and Fujitsu Laboratories have now developed an algorithm to comprehensively identify bugs in the smart contracts coded with Go language which is often used in Hyperledger Fabric. It analyses the smart contracts, maps them to an abstract syntax tree, creates a control flow graph comprising all possible processing flows, and comprehensively detects the flaws of the smart contracts through locating the risk flows according to the pre-defined rules as well as the existence of a specific kind of access to the blockchain records. Thus, this enables the detection of risks with high precision without risk missing.
【 Result 】
Using this newly developed technology, it may comprehensively detect the currently known risks and enable more efficient smart contract development. It is also expected to reduce the work related to development, such as design comprehension, code evaluation, and so on. Thus, it will contribute to the efficient application of blockchain technology to a wide variety of fields.
【 Future Plans 】
Fujitsu Laboratories will consider applying this technology to blockchain related services such as asset service provided by Fujitsu in FY2019, with the aim of contributing to the realization of safe systems. In addition, Fujitsu Laboratories will not only continue to develop verification technology for smart contracts, but also broad technology development relating to building secure systems using blockchain.
【 Trademarks 】
Proper nouns such as product names mentioned are trademarks or registered trademarks of respective companies.
【 Glossary and Notes 】