View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Emerging Technology
February 26, 2019updated 18 Jul 2022 8:52am

This Algorithm Analyses 13 Risks in Blockchain Smart Contracts

“Smart contracts are both public and impossible to alter once deployed."

By CBR Staff Writer

Tokyo-based information technology developer Fujitsu has designed an algorithm that detects risks within smart contracts created on blockchain technology.

The algorithm identifies vulnerabilities and errors within smart contracts that are coded in GO language, which is often used in blockchain contract construction. The detection technology analyses 13 risks vectors Fujitsu has identified.

Fujitsu’s says its algorithm analyses smart contracts. It then “maps them to an abstract syntax tree, creates a control flow graph comprising all possible processing flows, and comprehensively detects the flaws of the smart contracts through locating the risk flows according to the pre-defined rules as well as the existence of a specific kind of access to the blockchain records.”

Smart Contracts are digital contracts that are stored and actioned within a blockchain. They can be anything from insurance premiums, property contracts, financial services to crowdfunding agreements.

Due to its decentralised nature the Blockchain takes out the traditional middle person that is required in legal or financial contracts, such as a lawyer or banker.

Fujitsu Smart Contracts

Smart contract risks detection flow Image Source : Fujitsu

Industrial Blockchain Technology

Bernhard Mueller Product Engineer at ConsenSys Diligence told Computer Business Review: “Generally speaking, the more complex smart contracts become, the more likely it is that logic errors are introduced. Therefore, simplicity should take precedence over anything else.”

“The reason for this is that smart contracts are immutable, and once they enter an undesirable state there’s no way back. Therefore, the logic contained in the smart contract should always be as minimalistic as possible, and there should be clear specifications as to how the contract must behave.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Industrial blockchain technology has seen adoption by an array of industries, often in experimental beta test cases, e.g. by oil and gas companies (O&G).

Currently thousands of freight invoices are sent to oil and gas companies; these invoices contain pricing, fuel surcharges, detention and ancillary charges. They also travel across the world changing hands a few times. This changing of hands can cause discrepancies to appear in the records. O&G enterprises are looking at Blockchain technology as it provides a decentralised record of all transactions.

Using a smart contract embedded in the chain, companies can add invoice calculation into the app that takes into account rates, distance travelled and track and trace capabilities.

Kevin Bailey Director of GTM Strategy at Gospel Technology told Computer Business Review that: “It is important to note that smart contracts, even though they are supported by blockchain, have requirements external to the blockchain, with large elements executed outside of its architecture.”

“Blockchain relies on triggers and watchers that enforce the process being executed, and the smart element of the contract/process is then executed outside of the chain, particularly in enterprise use cases. This crucial distinction means that smart contracts do not enjoy the same security benefits as blockchain, which is secured by cryptographic key. In other words, unlike blockchain, smart contracts are potentially vulnerable to attack.”

Fujitsu Smart Contracts Fabric Risk Detection

Fujitsu, specifically, has created algorithms to detect risk-affected transaction processes on Hyperledger Fabric blockchains.

Hyperledger Fabric is a blockchain platform that is part of a group of projects revolving around the technology hosted by The Linux Foundation.

Fujitsu identified 13 risk types such as Fabric specifications, database specifications, language instructions and access to outside of the blockchain, which their algorithms find using source code analysis technology.

While Fujitsu admitted that some technologies exist to help identify these risk, none have the capability to detect all at once. They point to the example of smart contracts having issues to do with read values and that the value may not be read probably as it may be changed by other concurrent transactions. “Previous technologies could not detect such risks as they do not consider such context,” Fujitsu claim.

Kevin Bailey of Gospel Technology further told us that: “Smart contracts are both public and impossible to alter once deployed, meaning that hackers can scrutinise the code for any semblance of vulnerability, and recovering from a successful attack could be quite difficult.”

“At the moment, there are also no standards for smart contracts and trust must be placed in a third party, who codes the smart contract. Smart contracts do offer many benefits when it comes to efficiency and effectiveness, but until the process is standardised and the appropriate safeguards are introduced, they have a long way to go before they can be considered risk-free.”

See Also: A Tale of Two Blockchain Startups

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.