ChainSecurity’s Chaincode Scanner: a powerful Security Checker for Hyperledger Fabric Smart Contracts

From the Labs of ChainSecurity: a Static Analyzer for Hyperledger Fabric Chaincode!

Hyperledger Fabric is an open-source platform for permissioned blockchain systems. Contrary to public blockchains, such as Ethereum or Neo, Hyperledger Fabric is designed for distributed business to business applications. Its key features are extensibility and modularity. Smart Contracts, or so-called chaincode, handle the transaction logic in Hyperledger Fabric. They are deployed and executed on the platform and interact with and manipulate the ledger.

Developing smart contracts for blockchain platforms reveals certain pitfalls and in the past several projects were released with exploitable vulnerabilities. While verifiers for Ethereum smart contracts already exist, no such tools have been developed for chaincode applications yet.

Therefore we are happy to announce the release of the ChainSecurity’s Chaincode Scanner, a static analyzer for Hyperledger Fabric smart contracts. It takes chaincode written in Go as an input and checks it for nine vulnerability patterns.

To use the Chaincode Scanner, simply upload your code to a public repository, such as github and paste its path into the input field on the website. This path adheres to the same rule as any Go package downloaded with the go get command.

Simply paste the path of your project into the input field and click Analyze.

To, for example, check our demo project located at https://github.com/ChainSecurity/hyperchecker_demo, simply paste github.com/ChainSecurity/hyperchecker_demo, click on analyze, wait for a few seconds and then explore the discovered vulnerabilities displayed in a codeviewer.

The result of the analysis, displayed as a table with helpful code annotation and information.

The service on https://chaincode.chainsecurity.com is intended for non-commercial use only. Get in touch with the ChainSecurity team for commercial use or Hyperledger Fabric consulting services.