hyperledger
Guide for writing secure chaincode
challenges
- general
- _is there a good reference for fabric or more general handling issues like how to safely do cc2cc avoiding re-entrant code/DAO-style attacks, input validation, ...)
- ....
- fpc (confidentiality) specific
-
leakage through (publically readable!) keys and access patterns (but not data) of key/value pairs (set of accesses from ledger and sequence of accesses at peer running enclave). Note that here is some related discussion in the "Data Model on Ledger" section in the Auction Demo specification & design
-
commit-and-reveal
-
for designated peer there is an inherent fairness issue: the peer (org) hosting the single enclave can stop processing requests if it doesn't like the state of the chaincode and prevent any progress (for other endorsement strategy this is a non-issue as any peer can be used to make progress). Depending on chaincode, this can be mitigated by careful choice of the designated peer to be at a org which is doesn't have any incentive to exploit this "priviilege" ...
-
...
-
see HLGF slides (where we announced this guide :-) for more challenges/issues
[maybe off topic] Realms in es/js at tc39 (frozen realms from SES secure ecmascript) has implemented an object graph with wet/dry as observable/private membranes to stop key leakage. A great deal of research already, this PR gives succinct insight into implementation details underway. https://github.com/salesforce/observable-membrane/pull/48
Possibly add a pointer to/summary of guidelines for writing side-channel-resistant code, for most sensitive use cases
