Using Fault Injection to Assess Blockchain Systems in Presence of Faulty Smart Contracts

Blockchain has become particularly popular due to its promise to support business-critical services in very different domains (e.g., retail, healthcare). Blockchain systems rely on complex middleware, like Ethereum or Hyperledger Fabric, that allow running smart contracts, which specify business logic in cooperative applications. The presence of software defects in these contracts has notably caused failures, including severe security problems. In this article, we use software-implemented fault injection (SWIFI) to assess the behavior of permissioned blockchain systems in the presence of faulty smart contracts. We emulate the occurrence of general software faults and also blockchain-specific software faults (e.g., missing require on transaction sender) in smart contracts code and observe the impact on the overall system dependability in terms of reliability and integrity. We also analyze the effectiveness of formal verification and runtime protection mechanisms in detecting the injected faults. Results indicate that formal verification and runtime protections have to complement built-in platform checks to guarantee proper dependability of blockchain systems. The work presented in this article allows smart contract developers to become aware of possible faults in smart contracts and to understand the impact of their presence. It also provides valuable information for middleware developers to improve the overall fault tolerance of their systems.

[1]  Ákos Hajdu,et al.  solc-verify: A Modular Verifier for Solidity Smart Contracts , 2019, VSTTE.

[2]  Matteo Maffei,et al.  A Semantic Framework for the Security Analysis of Ethereum smart contracts , 2018, POST.

[3]  Robert M. Hierons,et al.  Smart contracts vulnerabilities: a call for blockchain software engineering? , 2018, 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE).

[4]  F. Curbera,et al.  Blockchain: An enabler for healthcare and life sciences transformation , 2019, IBM J. Res. Dev..

[5]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[6]  Zibin Zheng,et al.  Blockchain challenges and opportunities: a survey , 2018, Int. J. Web Grid Serv..

[7]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[8]  Inderpal S. Bhandari,et al.  Orthogonal Defect Classification - A Concept for In-Process Measurements , 1992, IEEE Trans. Software Eng..

[9]  David Metcalf,et al.  The DAO Hacked , 2021, Blockchain Enabled Applications.

[10]  Joaquin Garcia-Alfaro,et al.  Data Privacy Management, Cryptocurrencies and Blockchain Technology , 2017, Lecture Notes in Computer Science.

[11]  Mislav Balunovic,et al.  Learning to Fuzz from Symbolic Execution with Application to Smart Contracts , 2019, CCS.

[12]  Nishant Rodrigues,et al.  KEVM: A Complete Semantics of the Ethereum Virtual Machine , 2017 .

[13]  Petar Tsankov,et al.  Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.

[14]  Elaine Shi,et al.  Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab , 2016, Financial Cryptography Workshops.

[15]  Anna-Lena Lamprecht,et al.  Leveraging Applications of Formal Methods, Verification, and Validation , 2014, Communications in Computer and Information Science.

[16]  David Lo,et al.  Bug Characteristics in Blockchain Systems: A Large-Scale Empirical Study , 2017, 2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR).

[17]  Leonardo Alt,et al.  SMT-Based Verification of Solidity Smart Contracts , 2018, ISoLA.

[18]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[19]  Marieke Huisman,et al.  Practical Mutation Testing for Smart Contracts , 2019, DPM/CBT@ESORICS.

[20]  Deepak Puthal,et al.  The Blockchain as a Decentralized Security Framework , 2018 .

[21]  Patrick Chapman Deviant: A Mutation Testing Tool for Solidity Smart Contracts , 2019 .

[22]  Воробьев Антон Александрович Анализ уязвимостей вычислительных систем на основе алгебраических структур и потоков данных National Vulnerability Database , 2013 .

[23]  Henrique Madeira,et al.  Emulation of Software Faults: A Field Data Study and a Practical Approach , 2006, IEEE Transactions on Software Engineering.

[24]  Somesh Jha,et al.  Smart Contracts and Opportunities for Formal Methods , 2018, ISoLA.

[25]  Bernhard Beckert,et al.  Formal Specification and Verification of Hyperledger Fabric Chaincode , 2018 .

[26]  Prateek Saxena,et al.  Finding The Greedy, Prodigal, and Suicidal Contracts at Scale , 2018, ACSAC.

[27]  Peter Müller,et al.  Modular Specification and Verification of Object-Oriented Programs , 2002, Lecture Notes in Computer Science.

[28]  Marko Vukolic,et al.  Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[29]  Isil Dillig,et al.  Formal Specification and Verification of Smart Contracts for Azure Blockchain , 2018, ArXiv.

[30]  Zuleika Beaven,et al.  The networked record industry: how blockchain technology could transform the record industry , 2017 .

[31]  Nikhil Swamy,et al.  Formal Verification of Smart Contracts: Short Paper , 2016, PLAS@CCS.

[32]  Dimitar Dimitrov,et al.  VerX: Safety Verification of Smart Contracts , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[33]  Nick Szabo,et al.  Smart Contracts: Building Blocks for Digital Markets , 2018 .

[34]  Ye Liu,et al.  ContractFuzzer: Fuzzing Smart Contracts for Vulnerability Detection , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[35]  Robert Hanmer,et al.  Patterns for Fault Tolerant Software , 2007 .

[36]  François Bobot,et al.  Deductive Proof of Ethereum Smart Contracts Using Why3 , 2019, ArXiv.

[37]  Cesare Tinelli,et al.  Satisfiability Modulo Theories , 2021, Handbook of Satisfiability.

[38]  William J. Knottenbelt,et al.  Towards Safer Smart Contracts: A Survey of Languages and Verification Methods , 2018, ArXiv.

[39]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[40]  Domenico Cotroneo,et al.  Assessing Dependability with Software Fault Injection , 2016, ACM Comput. Surv..

[41]  Peng Jiang,et al.  A Survey on the Security of Blockchain Systems , 2017, Future Gener. Comput. Syst..

[42]  M. Iansiti,et al.  The Truth about Blockchain , 2017 .

[43]  Haoran Wu,et al.  MuSC: A Tool for Mutation Testing of Ethereum Smart Contract , 2019, 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[44]  Ilya Sergey,et al.  Scilla: a Smart Contract Intermediate-Level LAnguage , 2018, ArXiv.

[45]  Deepak Puthal,et al.  The Blockchain as a Decentralized Security Framework [Future Directions] , 2018, IEEE Consumer Electronics Magazine.

[46]  Johan Karlsson,et al.  Comparison of Physical and Software-Implemented Fault Injection Techniques , 2003, IEEE Trans. Computers.

[47]  Uwe Zdun,et al.  Smart contracts: security patterns in the ethereum ecosystem and solidity , 2018, 2018 International Workshop on Blockchain Oriented Software Engineering (IWBOSE).

[48]  Yoichi Hirai,et al.  Defining the Ethereum Virtual Machine for Interactive Theorem Provers , 2017, Financial Cryptography Workshops.