“Smart contracts are both public and impossible to alter once deployed.”
Tokyo-based information technology developer Fujitsu has designed an algorithm that detects risks within smart contracts created on blockchain technology.
The algorithm identifies vulnerabilities and errors within smart contracts that are coded in GO language, which is often used in blockchain contract construction. The detection technology analyses 13 risks vectors Fujitsu has identified.
Fujitsu’s says its algorithm analyses smart contracts. It then “maps them to an abstract syntax tree, creates a control flow graph comprising all possible processing flows, and comprehensively detects the flaws of the smart contracts through locating the risk flows according to the pre-defined rules as well as the existence of a specific kind of access to the blockchain records.”
Smart Contracts are digital contracts that are stored and actioned within a blockchain. They can be anything from insurance premiums, property contracts, financial services to crowdfunding agreements.
Due to its decentralised nature the Blockchain takes out the traditional middle person that is required in legal or financial contracts, such as a lawyer or banker.
Industrial Blockchain Technology
Bernhard Mueller Product Engineer at ConsenSys Diligence told Computer Business Review: “Generally speaking, the more complex smart contracts become, the more likely it is that logic errors are introduced. Therefore, simplicity should take precedence over anything else.”
“The reason for this is that smart contracts are immutable, and once they enter an undesirable state there’s no way back. Therefore, the logic contained in the smart contract should always be as minimalistic as possible, and there should be clear specifications as to how the contract must behave.”
Industrial blockchain technology has seen adoption by an array of industries, often in experimental beta test cases, e.g. by oil and gas companies (O&G).
Currently thousands of freight invoices are sent to oil and gas companies; these invoices contain pricing, fuel surcharges, detention and ancillary charges. They also travel across the world changing hands a few times. This changing of hands can cause discrepancies to appear in the records. O&G enterprises are looking at Blockchain technology as it provides a decentralised record of all transactions.
Using a smart contract embedded in the chain, companies can add invoice calculation into the app that takes into account rates, distance travelled and track and trace capabilities.
Kevin Bailey Director of GTM Strategy at Gospel Technology told Computer Business Review that: “It is important to note that smart contracts, even though they are supported by blockchain, have requirements external to the blockchain, with large elements executed outside of its architecture.”
“Blockchain relies on triggers and watchers that enforce the process being executed, and the smart element of the contract/process is then executed outside of the chain, particularly in enterprise use cases. This crucial distinction means that smart contracts do not enjoy the same security benefits as blockchain, which is secured by cryptographic key. In other words, unlike blockchain, smart contracts are potentially vulnerable to attack.”
Fujitsu Smart Contracts Fabric Risk Detection
Fujitsu, specifically, has created algorithms to detect risk-affected transaction processes on Hyperledger Fabric blockchains.
Hyperledger Fabric is a blockchain platform that is part of a group of projects revolving around the technology hosted by The Linux Foundation.
Fujitsu identified 13 risk types such as Fabric specifications, database specifications, language instructions and access to outside of the blockchain, which their algorithms find using source code analysis technology.
While Fujitsu admitted that some technologies exist to help identify these risk, none have the capability to detect all at once. They point to the example of smart contracts having issues to do with read values and that the value may not be read probably as it may be changed by other concurrent transactions. “Previous technologies could not detect such risks as they do not consider such context,” Fujitsu claim.
Kevin Bailey of Gospel Technology further told us that: “Smart contracts are both public and impossible to alter once deployed, meaning that hackers can scrutinise the code for any semblance of vulnerability, and recovering from a successful attack could be quite difficult.”
“At the moment, there are also no standards for smart contracts and trust must be placed in a third party, who codes the smart contract. Smart contracts do offer many benefits when it comes to efficiency and effectiveness, but until the process is standardised and the appropriate safeguards are introduced, they have a long way to go before they can be considered risk-free.”