Remember meForgot password?
    Log in with Twitter

Fujitsu builds new tech to automate finding blockchain bugs

By James Walker     Mar 7, 2018 in Technology
Fujitsu has announced new technology that can find and verify risks in blockchain applications. The tech analyses smart contracts to find potential flaws, providing advance warning of vulnerabilities. The company has identified six main risks.
Smart contracts are one of the most frequently cited benefits of blockchain technology. Blockchains such as Ethereum provide methods for developers to create applications that sit atop the blockchain. These apps can interact with transactions on the blockchain and run code when they occur, allowing for complex behaviours to be implemented.
In theory, blockchain tech is supposed to be secure and immune to regular tampering. However, recent discoveries have revealed serious flaws in the way some smart contracts are implemented. Fujitsu's new technology allows developers to analyse their smart contract code and identify risks before it is deployed. The software verifies risks in advance and then locates the relevant sections of the source code.
Fujitsu is targeting six specific issues which could allow for malicious interaction with smart contracts. These range from fundamental technical issues, such as call stack restrictions and divide by zero errors, through to vulnerabilities introduced by the nature of the blockchain. These include more complex problems, such as difficulties in verifying the source of a transaction call and uncertainties when accurately timestamping individual transactions.
Fujitsu has developed tech to automatically find smart contract flaws
Fujitsu has developed tech to automatically find smart contract flaws
READ NEXT: GE Transportation joins global blockchain consortium
Researchers at Fujitsu Laboratories and Fujitsu Research and Development Center have developed risk detection technology to alert developers if their contracts might contain these flaws. The tech uses symbolic execution to "comprehensively" find and isolate bugs in the code. The process works by virtually executing transactions under a range of circumstances defined by the contract.
In trials of the software, Fujitsu achieved a success rate of 100%, with the exception of a few isolated edge cases. Previous similar attempts to analyse blockchain software had a detection rate of around 67%. Fujitsu said its implementation will make smart contracts simpler to implement and more reliable, enabling blockchain development to progress in industry.
"Because over-identification of risk is rare, this technology will enable more efficient smart contract development, and combined with the risk location identification technology, it is also expected to reduce the workload involved in tasks such as specification comprehension, code evaluation, and fixing the code," said Fujitsu. "This technology will contribute to the efficient application of blockchain technology to a wide variety of fields."
Fujitsu's still developing the technology but intends to commercialise it later this year. Having implemented the system for Ethereum contracts, the company's researchers are now working on support for the Hyperledger Fabric blockchain. Fujitsu added that it's also working on other technologies to help verify smart contracts and blockchain systems.
More about Fujitsu, blockchain, smart contracts, ethereum, Cybersecurity
Latest News
Top News