Fujitsu Develops New Technology that Identifies Ethereum Smart Contract Bugs

On 7^th March 2018, Fujitsu revealed in its Press Release section that its research and development center has come up with algorithms that will detect bug infected transaction sequences on the Ethereum blockchain.

Smart contracts are basically computer codes that can be used as a platform for exchanging shares, money, property etc. The platform of Ethereum smart contracts can also be used to build various apps. The codes and algorithm of smart contracts are supported on a decentralized open source network. The transaction process through a smart contract requires the sender to “drop” a crypto coin into the decentralized ledger. Smart contracts are described by the white paper of Ethereum as autonomous agents.

How Can Bugs Affect Ethereum Smart Contracts

The Ethereum platform allows the developers to build their own smart contracts. The smart contracts can be copied to more than one location and are then run in a distributed way. It is difficult to stop a contract after its execution. Moreover, the contract cannot be revised even when it has been infected by bugs. As Fujitsu says in the press release, in one such incident a flaw had caused havoc in a transaction of a considerable sum.

The Ethereum smart contract risks can be categorized into six groups and the technologies prior to the one developed by Fujitsu Laboratories and Fujitsu Research and Development Center failed to detect all these types of risks in advance.

1. Reentrancy
2. Authentication of the source of the transaction call
3. Call stack restrictions
4. Divide by zero
5. Transaction order dependency
6. Transaction uncertainty due to reliance on the timestamp

(Source: Fujitsu website)

Details Regarding the Technology Developed by Fujitsu

The major break made by Fujitsu is that the technology can pinpoint the pertinent addresses in the source code. The screenshot below shows how the newly developed technology will detect the risks.

• Use of symbolic execution technology: The bugs in the source code may have the capability to abuse the language specifications of Ethereum that will help in creating a fake origin of the transaction call. The solution developed will detect these risks by using symbolic execution technology. It will virtually perform the transactions under different situations and as per the source code that is based on the order of improper processing. The proposed technology, according to the researchers, promises to be an accurate method of detecting the risks of the Ethereum smart contracts.
• Spotting on the affected area of the source code: The technology developed by Fujitsu Laboratory and Fujitsu Research and Development Center to recognize the part of the source code that will be affected by the newly discovered risk. Symbolic execution is possible because the newly developed technology scrubs out idle commands from a debugging execution file, affixed with source-code data that corresponds with the Ethereum execution files. This facilitates the technology developed by Fujitsu to spot out the source code locations that concur with the risks detected in the execution file. This is done by analyzing the relationship between the debugging execution file and the execution file by utilizing information like the sequence and type of the virtually running the processing commands.

Concluding Thoughts

According to the labs and research center of Fujitsu, this technology has the potential of 100% detection of bugs compared to the prior technologies that were only 67% efficient. During the experimentation phase, it is said to have been 88% precise. The discussed technology is expected to solve the risks issue of Ethereum smart contracts and will pave the way for future developments of the smart contract technology. Apart from this the technology will effectively reduce the labor given for tasks like code evaluation and amend the code.

We will be updating our subscribers as soon as we know more. For the latest on ETH, sign up below!

Disclaimer: This article should not be taken as, and is not intended to provide, investment advice. Global Coin Report and/or its affiliates, employees, writers, and subcontractors are cryptocurrency investors and from time to time may or may not have holdings in some of the coins or tokens they cover. Please conduct your own thorough research before investing in any cryptocurrency and read our full disclaimer.

Image courtesy of Pierre Metivier via Flickr