Vulnerability in Private Data Endorsement Policy Management in Hyperledger Fabric 2.0

To whom it may concern, We are a research group conducting research on the Hyperledger Fabric. We find a design flaw about the endorsement policy of Private Data related transactions in Hyperledger Fabric 2.0. When private data adopts a default chaincode-level MAJORITY endorsement policy, the design flaw allows arbitrary change of private data by a malicious private data owner with endorsements from unauthorized organizations that do not own the private data. Please refer to the attached for the attack details. Please let me know if you have any questions or concerns. If you think it is necessary, we can give you a briefing on the issues. Look forward to your reply! Best Regards, Shan Wang, Southeast University Yue Zhang, Jinan University Xinwen Fu, University of Massachusetts, Lowell ## Impact The lack of proper management of endorsement policy is the root cause of our attack. Our attacks may bring security concerns to the private data collection. For example, in a scenario where the private data is a kind of digital asset (i.e., in the case of technology transfer, patents can be configured as private data and maintained by all inventors together), requiring majority endorsements to be transferred. A malicious data owner may perform the assets transferring on its own without other data owners’ agreement.