Fujitsu is based in Tokyo and offers a wide range of technology
products, solutions and services, with approximately 155,000 employees in more
than 100 countries.
“Because smart contracts are copied to multiple locations and
executed in a distributed manner, once a contract has been executed, it cannot
easily be stopped, and it cannot be revised even if risks are found in the
smart contract,” per the Fujitsu
For instance, issues with a smart contract led to The DAO hack in 2016,
which exploited weaknesses in the Ethereum Virtual Machine (EVM) to transfer
$50 million worth of ether into the control of an attacker.
Researchers from Fujitsu Laboratories and Fujitsu
Research and Development Center, two subsidiaries of the Japanese
tech giant, located respectively in Kawasaki, Japan, and Beijing, China,
announced a new static analysis method for Ethereum smart contracts at the Blockchains
and Smart Contracts Workshop 2018 (BSC 2018) in Paris, in a
presentation titled “Security
Assurance for Smart Contract.”
“Since Ethereum smart contracts hold millions of dollars, their
execution correctness is crucial against attacks which aim at stealing the
assets,” noted the researchers in their workshop paper. “In this paper, we
proposed a security assurance method for smart contract source code to find
potential security risks.”
The new static analysis solution for Ethereum smart contracts
consists of topological analysis of function invocation relationship, logic
risk detection and location.
Based on these features, the Fujitsu team developed a tool called “Security
Assurance for Smart Contract” (SASC), which can provide high-quality support.
According to the researchers, SASC will soon be published on GitHub as open
review published by a blockchain enthusiast on Medium explores
possible security risks for smart contracts and Fujitsu’s SASC solution.
In November, Ethereum co-founder Vitalik Buterin outlined a vision
for the evolution of the Ethereum platform. Among other forthcoming
developments, Buterin noted that he expects Ethereum to eventually introduce
formal verification for smart contracts. At this moment, however, Ethereum
doesn’t support static analysis to filter out bugs and predict the computing
resources that a program will require.
Therefore, the forthcoming open sourcing of SASC represents a
significant acceleration in Ethereum development and a step toward full
maturity. Smart contract security is a key issue for the adoption of Ethereum
and similar blockchain technologies in critical industries.
press release stated that Fujitsu Laboratories will
continue to develop verification technologies, not only for Ethereum but also
Fabric, a blockchain framework project for smart contracts hosted by The
Linux Foundation, with the goal of commercialization of this technology during
fiscal year 2018.
In addition, besides verification technology for smart contracts,
Fujitsu Laboratories plans to also develop a broad range of blockchain
technologies for building secure systems. The commitment of a tech giant like
Fujitsu is likely to significantly boost the adoption of blockchain technology
in the information and communications technology security market.