Fujitsu Detects 13 Types of Potential Risks of Enterprise Blockchain System
Risk detection is automatic and comprehensive to improve safety of smart contracts
Fujitsu Research and Development Center Co., Ltd., Fujitsu Laboratories Ltd.
Beijing,China,and Kawasaki,Japan, February 22, 2019
Fujitsu Research and Development Center Co., Ltd. (*1) and Fujitsu Laboratories Ltd. (*2) today announced development of technology that can comprehensively detect, in advance, risks associated with smart contracts, which are programs that automatically execute transactions on blockchain platforms. The technology also locates relevant risks in the smart contracts.
Blockchain technology, which was developed as the foundation for Bitcoin, is expected to have applications in a variety of fields beyond finance, including real estate and healthcare. Nevertheless, if smart contracts have risks, it would directly lead to business losses, so it is an important research issue to improve the reliability of blockchain system. Now, Fujitsu Research and Development Center and Fujitsu Laboratories have developed algorithms to identify risk-affected transaction process on Hyperledger Fabric (*3), which is one of the execution platforms of blockchain application, using source code analysis technology. Using these algorithms, they have developed technology that can comprehensively detect 13 types of risks in smart contracts(Fig.1), which have the potential to be overlooked in a manual review, and can then locate relevant risks in the smart contracts.
Details of this technology will be announced at the International Workshop on Blockchain Oriented Software Engineering 2019 (IWBOSE 2019), an international conference that to be held in Hangzhou, China on February 24 (Sunday).
【 Development Background 】
Blockchain technology can ensure that, even without a trusted third-party intermediary, data will not be altered, and is expected to have applications not only in the field of finance, but also in securities management, real estate registration, healthcare, and electronic government.
Blockchain offers functionality to automatically check and execute smart contracts, which are implemented as source codes. Because smart contracts are copied to multiple locations and executed in a distributed manner, once a contract has been executed, it cannot easily be stopped, and it cannot be revised even if risks are found in the smart contract. In fact, there has been an incident in which, because a smart contract to create an automatic investment trust application on a blockchain was flawed, a huge amount of capital was improperly transferred.
【 Issues 】
In Hyperledger Fabric, which is one of execution platforms of blockchain applications, the risk of smart contract is classified into 13 types (Fig.1). But previous technologies to detect smart contract risks in advance were unable to detect all of the different types. For example, when writing based on the read value, there is a possibility that the value may not be reflected correctly, since it might be altered by other concurrent transactions. Previous technologies could not detect such risks as they do not consider such context.
Figure 1: Types of risk that can be detected in smart contracts
【 About the Newly Developed Technology 】
Now, Fujitsu Research and Development Center and Fujitsu Laboratories have now developed algorithms to automatically detect risks in smart contracts for Hyperledger Fabric that could not previously be detected (Fig.2).
Figure 2: Smart contract risks detection
Details of the technology are as follows:
1. Technology to detect smart contract risks
Fujitsu Research and Development Center and Fujitsu Laboratories have now developed an algorithm to comprehensively identify bugs in the smart contracts coded with Go language which is often used in Hyperledger Fabric. It analyses the smart contracts, maps them to an abstract syntax tree, creates a control flow graph comprising all possible processing flows, and comprehensively detects the flaws of the smart contracts through locating the risk flows according to the pre-defined rules as well as the existence of a specific kind of access to the blockchain records. Thus, this enables the detection of risks with high precision without risk missing.
【 Result 】
Using this newly developed technology, it may comprehensively detect the currently known risks and enable more efficient smart contract development. It is also expected to reduce the work related to development, such as design comprehension, code evaluation, and so on. Thus, it will contribute to the efficient application of blockchain technology to a wide variety of fields.
【 Future Plans 】
Fujitsu Laboratories will consider applying this technology to blockchain related services such as asset service provided by Fujitsu in FY2019, with the aim of contributing to the realization of safe systems. In addition, Fujitsu Laboratories will not only continue to develop verification technology for smart contracts, but also broad technology development relating to building secure systems using blockchain.
【 Trademarks 】
Proper nouns such as product names mentioned are trademarks or registered trademarks of respective companies.
【 Glossary and Notes 】
- 1. Fujitsu Research and Development Center Co., Ltd.:
Head Office: Beijing, China
Chairman: Hirotaka Hara
- 2. Fujitsu Laboratories Ltd.:
Head Office: Kawasaki, Kanagawa, Japan
President and Representative Director: Hidenori Furuta
- 3. Hyperledger Fabric:
A blockchain framework implementation and one of the Hyperledger projects that is Intended to be a foundation for developing applications or solutions with a modular architecture. Hyperledger Fabric allows components, such as consensus and membership services, to be plug-and-play and leverages container technology to host smart contracts called “chaincode” that comprise the application logic of the system. (https://hyperledger.org/projects/fabric)
Fujitsu is the leading Japanese information and communications technology (ICT) company, offering a full range of technology products, solutions, and services. Approximately 140,000 Fujitsu group staff support customers in more than 100 countries. We use our experience and the power of ICT to shape the future of society with our customers. Fujitsu Limited (TSE: 6702) reported consolidated revenues of 4.1 trillion YEN (US$39 billion) for the fiscal year ended March 31, 2018. For more information, please seehttp://www.fujitsu.com.
About Fujitsu R&D Center
Fujitsu R&D Center Co., Ltd. is the first wholly-owned corporate research and development institution with independent legal status established in China by Fujitsu group in Japan with an investment of US$4.4 million. The research area of FRDC covers all the business fields of Fujitsu, namely information processing, communications, semiconductors and software services.
Founded in February 1998, the company's business scope covers the research, development and technical services of system hardware and software of information and communication technology, electronic equipment, network technology, communication technology, information service technology, material technology, ecological protection and environmental governance technology, etc. For more information, please see: http://www.fujitsu.com/cn/frdc/
Company: Fujitsu R&D Center Co., Ltd.
Press Release ID:2019-02-22
Date: February 22, 2019
City: Beijing,China,and Kawasaki,Japan
Company: Fujitsu R&D Center Co., Ltd.