4 research outputs found
Using Fault Injection to Assess Blockchain Systems in Presence of Faulty Smart Contracts
Authors' manuscript. Published in IEEE Access 2020. The final
publication is available at IEEE via
http://dx.doi.org/10.1109/ACCESS.2020.3032239Blockchain has become particularly popular due to its promise to support
business-critical services in very different domains (e.g., retail, supply
chains, healthcare). Blockchain systems rely on complex middleware, like
Ethereum or Hyperledger Fabric, that allow running smart contracts, which
specify business logic in cooperative applications. The presence of software
defects or faults in these contracts has notably been the cause of failures,
including severe security problems. In this paper, we use a software
implemented fault injection (SWIFI) technique to assess the behavior of
permissioned blockchain systems in the presence of faulty smart contracts. We
emulate the occurrence of general software faults (e.g., missing variable
initialization) and also blockchain-specific software faults (e.g., missing
require statement on transaction sender) in smart contracts code to observe the
impact on the overall system dependability (i.e., reliability and integrity).
We also study the effectiveness of formal verification (i.e., done by
solc-verify) and runtime protections (e.g., using the assert statement)
mechanisms in detection of injected faults. Results indicate that formal
verification as well as additional runtime protections have to complement
built-in platform checks to guarantee the proper dependability of blockchain
systems and applications. The work presented in this paper allows smart
contract developers to become aware of possible faults in smart contracts and
to understand the impact of their presence. It also provides valuable
information for middleware developers to improve the behavior (e.g., overall
fault tolerance) of their systems.This work was supported in part by the Bi-Lateral FCT-NKFIH Program Portugal-Hungary, through the Project Advanced Analytics for Empirical Assessment of Cloud Resilience, in part by the European Union's Horizon 2020 Research and Innovation Program through the Marie Sklodowska-Curie under Grant 823788 ``ADVANCE," the BME-Arti cial Intelligence TKP2020/IK grant of NRDI, in part by the NRDI Fund Based on the Charter of Bolster Issued by the NRDI Of ce under the Auspices of the Ministry for Innovation and Technology, and in part the ÚNKP-19-3 New National Excellence Program of the Ministry for Innovation and Technology