Security Vulnerabilities in Chaincode
Chaincode must meet high standards of quality and strict security specifications. Not satisfying these requirements impairs the whole system and can prevent reaching consensus among the peers in the n …
| Talk Title | Security Vulnerabilities in Chaincode |
| Speakers | Tobias Kaiser (Blockchain Engineer, ChainSecurity) |
| Conference | Hyperledger Global Forum |
| Conf Tag | |
| Location | Basel, Switzerland |
| Date | Dec 11-15, 2018 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Chaincode must meet high standards of quality and strict security specifications. Not satisfying these requirements impairs the whole system and can prevent reaching consensus among the peers in the network. Vulnerabilities, unintended behaviors, and system failures can violate such requirements and make entire systems running on top of Hyperledger Fabric unusable. To address this problem, we identified nine security patterns for chaincode. Moreover, we implemented an automated static analyzer to identify and pinpoint these vulnerabilities. Our analyzer is publicly available at https://chaincode.chainsecurity.com/ and is free to use for non-commercial use. It is the first static analyzer implemented specifically for chaincode programs. In this talk, we discuss the vulnerability patterns and show how the static analyzer identifies them in Hyperledger Fabric chaincode.
