Ethereum smart contract bugs

Fujitsu Working To Mitigate Ethereum Smart Contract Bugs

One of the leading Japanese IT firms, Fujitsu, is working on a new technology which aims to mitigate the problems associated with Ethereum smart contracts. Moreover, a statement today revealed the company’s plans to develop a new system that would have the capability to detect potential risks present in the source code of Ethereum’s smart contracts. The basic underlying concept is to help the blockchain authenticate source call, which is responsible for triggering smart contract transactions.

Ethereum Smart Contracts Differentiate It from Bitcoin

One of the differentiating factors between Bitcoin and Ethereum are smart contracts. This feature lets developers build applications on top of the current Ethereum blockchain for automatically executing contracts or programming orders.

The Six Ethereum Smart Contract Bugs

The six Ethereum smart contracts bugs that Fujitsu aims to help with include reentrancy, authenticating the source of a transaction call, call stack restrictions, divide by zero, transaction order dependence, and transaction uncertainty due to reliance on timestamp.

A Bit about the Development Background

One benefit of using blockchain technology remains its ability to deliver unaltered data without the need for a trusted third-party intermediary. This kind of exemption for the need of third-party intermediary finds blockchain technology uses in real estate registration, securities management, electronic government, and healthcare industries.

Smart contracts are copied to multiple locations and executed in a distributed way. Thus, after the execution of a smart contact, it cannot be stopped easily. Similarly, the executed smart contracts cannot be revised despite identification of any risks. Among other problems and implications of these risks is the potential risk of improper transfer of large sums of money.

Notably, the Ethereum specification can use indirect calls to potentially evade authentication.

How Fujitsu Technology is poised to Overcome Ethereum Smart Contract Bugs?

Here is how the company thinks it is going to overcome the Ethereum smart contract bugs.

Symbolic Execution Technology

Fujitsu Laboratories, in collaboration with Fujitsu Research and Development, has developed an algorithm to address issues related to Ethereum’s smart contracts.  This algorithm identifies the Ethereum smart contract bugs, which can be potentially used to fake origins of a transaction call. This technology ensures highly accurate risk detection by identifying and comparing unique code patterns. The use of symbolic execution under various circumstances helps locate any improper processing.

Accurate Identification of Relevant Places in Source Code for Locating Risks

The technology also looks at various parts of code to identify which chunk of the code exposes the system to risk, with what’s claimed to be greater accuracy. Additionally, the technology separates the unused commands from a debugging execution file. This file directly corresponds to the Ethereum execution files. Therefore, developers can more easily try to mitigate the risks identified within the execution file. Furthermore, the technology establishes a link between the debugging execution file and the main execution file.

Here is how Fujitsu announced the results of the use of this technology for identifying Ethereum smart contract bugs.

“Using this newly developed technology, the two companies found that where previous verification tools had a detection rate of about 67%, this new technology was capable of 100% detection, excepting a few items, and that in terms of precision it achieved an accuracy rate of up to 88%, enabling both highly accurate risk detection as well as source code risk location identification.”