Chain code hold transaction logic , all the issues and security flaws must be solved before deploying on hyperledger network.
If your hyperledger network & chain code Verified by 3rd party Auditor, it gain trust in participants involved in private permissioned consortium .
It is generally of the combined nature (chain codes + hyperledger network + backend). We identify and research on best optimisations possible with the chain code and hyperledger network configuration to achieve maximum TPS. We focus to make platform more efficient and secure overall.
A Chain code audit is a process to test the source code against all known vulnerabilities and attacks A Smart Contract audit identifies and prevents the deployment of security vulnerabilities that may cause to loss. Both business case logic and security point of view are considered.
Nexledger Accelerator is developed by Samsung SDS to improve the performance of a blockchain network, in terms of transaction throughput. Accelerator enables the blockchain network to deal with explosive transaction requests from applications. With Nexledger Accelerator the TPS can be increased upto 10 times .
Hyperledger Caliper is a blockchain benchmark tool, it allows users to measure the performance of a blockchain implementation with a set of predefined use cases. Hyperledger Caliper will produce reports containing a number of performance indicators to serve as a reference when using the blockchain networks.The report includes the transaction throughput and resources used by all components in the network.
Non-determinism Arising From Language Instructions
KVS Structure Iteration
Reified Object Addresses
Concurrency of Program
Generating Random Number
Non-determinism Caused From Accessing Outside of Blockchain
System Command Execution
External File Accessing
External Library Calling
State Database Specification
Range Query Risk (Phantom reads)
Cross Channel Chaincode Invocation
Read Your Write
Unchecked Input Arguments
Hyperledger Fabric is a permissioned blockchain infrastructure providing enterprise-grade blockchain solutions.The configurable consensus and modular architecture enables Hyperledger Fabric a best choice for a broad range of industry use cases.The business logic or the smart contract is called as chaincode in Fabric network which is executed in the peer nodes.The channel configuration supports endorsement policies to be enabled which provides additional security and privacy.The certificate authority provides various levels of certificates and it is used by the Membership Service providers to enable various capabilities for the Fabric network components.Due to this modular architecture the Fabric network is highly scalable.
Hyperledger fabric contains sensitive data about the consortium. Hyperledger auditing eliminates the possible vulnerabilities before it could be exploited.The chain code sometimes contains personal information as well as confidential business logic.Fabric network can be hacked in many ways and once the network is taken down by a malicious entity depending on the level of attack one will able to steal sensitive data, making illegal transaction which will lead the company to shutdown the entire network.Once the attacker has control over the fabric network depending on the node security , all the services connected to the node can be taken down.Hyperledger fabric security helps to eliminate most of the security loopholes.
Hyperledger fabric network have more complex configuration and it should be taken care.Some developers exclude some configuration for simplicity and to save time.If the block size and time ,the network components ,state database and logging are not taken care of properly it will affect the network performance to go down.By performing performance test for the network the ideal configurations for the network can be known.The performance test will help to increase the throughput of the network significantly.
Following are the things you need to know before starting Hyperledger Fabric Auditing:
1. Correct Functions Visibility:- Functions in solidity can have four visibility specifiers.Absent specifiers can be dangerous especially in the case of functions where the default is public accessibility. If such a function has critical logic then it can be triggered from any external address to potentially misuse the contract.
2. Oracle calls:- Blockchains cannot access data outside their network. An oracle is a data feed provided by third party service designed for use in smart contracts on the blockchain.
3. Check for re-enterancy and ensure state committed before external call:- Reentrancy occurs when external contract calls are allowed to make new calls to the calling contract before the initial execution is complete.
4. Don’t delegatecall to untrusted code:- The delegatecall function is used to call functions from other contracts as if they belong to the caller contract
We choose One Project each month for a Free Detailed Audit