ChainSecurity’s Chaincode Scanner: a powerful Security Checker for Hyperledger Fabric Smart Contracts
From the Labs of ChainSecurity: a Static Analyzer for Hyperledger Fabric Chaincode!
Hyperledger Fabric is an open-source platform for permissioned blockchain systems. Contrary to public blockchains, such as Ethereum or Neo, Hyperledger Fabric is designed for distributed business to business applications. Its key features are extensibility and modularity. Smart Contracts, or so-called chaincode, handle the transaction logic in Hyperledger Fabric. They are deployed and executed on the platform and interact with and manipulate the ledger.
Developing smart contracts for blockchain platforms reveals certain pitfalls and in the past several projects were released with exploitable vulnerabilities. While verifiers for Ethereum smart contracts already exist, no such tools have been developed for chaincode applications yet.
Therefore we are happy to announce the release of the ChainSecurity’s Chaincode Scanner, a static analyzer for Hyperledger Fabric smart contracts. It takes chaincode written in Go as an input and checks it for nine vulnerability patterns.
To use the Chaincode Scanner, simply upload your code to a public repository, such as github and paste its path into the input field on the website. This path adheres to the same rule as any Go package downloaded with the
go get command.
To, for example, check our demo project located at https://github.com/ChainSecurity/hyperchecker_demo, simply paste github.com/ChainSecurity/hyperchecker_demo, click on analyze, wait for a few seconds and then explore the discovered vulnerabilities displayed in a codeviewer.