Skip to content
/ fuzz-fabric-chaincode Public

An attempt to fuzz smart contracts (chaincodes) of Hyperledger Fabric. This work was part of the course project of E0 256 - Computer Systems Security, at IISc, Bangalore.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

deepeshhada/fuzz-fabric-chaincode

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 

Repository files navigation

Fuzzing Hyperledger Fabric chaincode

Prerequisites

Please visit the Prerequisite Installation Instructions to ensure you have the correct prerequisites installed. Since the fabric release version used is 1.4, please use the version of that documentation to ensure alignment.

Download Binaries and Docker Images

Clone the fuzz-fabric-chaincode repository and checkout the develop branch. The repository has already been bootstrapped to include all the necessary binaries and docker images.

You can also download the script and execute locally, using the bootstrap.sh script in the scripts folder.

Continuous Integration

Please have a look at Continuous Integration Process.

License

Hyperledger Project source code files are made available under the Apache License, Version 2.0 (Apache-2.0), located in the LICENSE file.
Hyperledger Project documentation files are made available under the Creative Commons Attribution 4.0 International License (CC-BY-4.0), available at http://creativecommons.org/licenses/by/4.0/.

Build and start the network

The chaincodes are written in Golang and Node.js. You can find them with the respective languages in chaincode/chaincode_example02 folder.
The fuzz code is present in the invoke() method of the two chaincodes. Also, the network components are common to both the languages and are present in the first-network folder.

Golang

Open a terminal and execute the following commands:

  1. cd first-network

  2. ./byfn.sh down: to shut down the network components, if they've previously been started.

  3. ./byfn.sh up: to start the network.

The network components start spawning up after the above commands.
Note that the Golang chaincode contains an import statement for the go-fuzz library. Hence, keep track of when the CLI is container starts.
Once the CLI starts, open up another terminal, and execute:

  1. docker exec -it cli bash: opens up the cli container.

  2. go get github.com/google/go-fuzz

The bug can now be seen in the terminal where the network was bootstrapping.

Node.js

Open a terminal and execute the following commands:

  1. cd first-network

  2. ./byfn.sh down: to shut down the network (if up).

  3. ./byfn.sh up -l node: to start the network.

The network components start spawning up after the above commands.
No fuzz-library has been used here; rather, Math.random() fuzzes a variable, called Rval in our case, as can be seen in the Node chaincode file.

About

An attempt to fuzz smart contracts (chaincodes) of Hyperledger Fabric. This work was part of the course project of E0 256 - Computer Systems Security, at IISc, Bangalore.

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published