SESCF: A Secure and Efficient Supply Chain Framework via Blockchain-Based Smart Contracts

+e demands for the fairness, security, and efficiency of the supply chain have grown significantly due to the rise of globalization. However, some problems of the information flow, logistics, and capital flow in the supply chain remain a challenge, such as the information asymmetry between upstream and downstream, substandard quality of goods, difficulty in traceability, and default of payment. +erefore, this paper proposes a blockchain-based supply chain framework (SESCF), which solves the supply chain problems securely and efficiently. First, the use of blockchain and smart contracts ensures the information symmetry in the supply chain system. Second, the radio frequency identification (RFID) provides a unique identity of goods, which helps in real-time quality monitoring. Additionally, the immutability and distributed storage of the blockchain play an important role in tracking the origin of goods.+ird, the efficient payment channel is used to solve the problem of payment defaults. Furthermore, simulations of smart contracts along with the security analyses are presented in this paper. We also implement a blockchain-based supply chain system (SescfDapp), which is built upon a Consortium blockchain. Large-scale experiments and detailed analysis prove the feasibility and efficiency of our proposed system.


Introduction
In recent years, with the deepening of the global division of labor, the supply chain of modern enterprises has been continuously extended, resulting in the fragmentation, complexity, geographical dispersion, and other characteristics, which has brought great challenges to supply chain management [1][2][3]. e supply chain's operations not only affect the core enterprise's interests but also affect the whole supply chain and the relevant enterprises' interests, which makes it increasingly important to propose a fair, secure, and efficient supply chain system [4][5][6]. Information flow, logistics, and capital flow are the three lifebloods of the supply chain. Information flow directs logistics, and logistics drives capital flow. However, in actual work, situations such as inadequate information flow, low logistics efficiency, and constant capital flow often occur. First, due to asymmetric and delayed information in the upstream and downstream, it is difficult for enterprises to control the flow of goods in real time. ere is also the risk that information will be tampered to cause fraud, which will lead to a sharp increase in costs and a significant decrease in efficiency. Additionally, the modern supply chain encompasses all aspects of the production and distribution of goods, from raw materials to finished products delivered to consumers. However, the supply chain involves a vast range and weak supervision which has led buyers to lack a reliable way to verify the authenticity of goods. erefore, the global counterfeit market is hugely flooded. A report released by the European Union states that the global market value of counterfeit trade is as high as more than 400 billion US dollars. About 5% of all goods imported into EU countries are fake and shoddy products over $100 billion [7], and monitoring the development of goods and efficient logistics management in the goods supply chain is critical to ensure goods quality. Meanwhile, the existing supply chain management systems have weak constraints and on-chain enterprises have a large operating space, resulting in the final cash settlement between the supplier and the buyer being highly dependent on the contractual spirit of the two parties, especially when multiparty transactions and multilevel transactions are involved.
e above issues become more challenging when there is a lack of transparency and mutual trust in the current supply chain systems.
Blockchain technology is a feasible way to solve the above issues; in other words, blockchain and supply chain are a natural pair [8][9][10]. First of all, the structure of the blockchain is a kind of time-series data that can store information, which is similar to the form of goods circulation in the supply chain. Secondly, the relatively low frequency of information updates in the supply chain avoids the shortcomings of current blockchain technology in terms of processing performance. Every transaction information on the blockchain, such as transaction parties, transaction time, and transaction content, will be recorded on a block and stored on the distributed ledger of each node on the chain, which ensures the integrity, reliability, and high transparency of the information. According to [11], for a variety of use cases in capital markets, distributed ledger technology (DLT) has the potential to reduce transaction latency, operational risk, process friction, liquidity requirements, and more. As mentioned in the 2018 China's Blockchain Industry White Paper [12], blockchain technology has begun to be implemented in many areas of the real economy. e report introduces blockchain applications in the real economy from areas including goods traceability, copyright, and supply chain application scenarios. However, there are still many significant challenges when implementing blockchain-based systems in the real world.
It is very challenging to propose an efficient system to ensure the fairness and security of the information flow, logistics, and capital flow of the supply chain at the same time, as the supply chain is fragmented, complicated, and geographically dispersed. Additionally, the feasibility and implementation of such a system remain to be solved. erefore, in this paper, we propose a blockchain-based framework (SESCF) to ensure the fairness and security of the supply chain system efficiently. First, the use of blockchain and smart contracts in the supply chain enables information to be disclosed between upstream and downstream enterprises, since blockchain is a distributed ledger, that is, the information on the blockchain is recorded and shared by various participants at the same time. Besides, the radio frequency identification (RFID) provides a unique identity of each goods, which helps to monitor quality and trace the origin of the goods in real time [13,14]. Simultaneously, we take advantage of the payment channel to solve the problem of payment defaults [15][16][17][18]. Here, SESCF allows the two parties in the transaction to put a certain amount of coins into the payment channel. Once a default or timeout occurs, the smart contract will be triggered to ensure the security of the coins of both parties. In our design, blockchain and smart contracts enable the verification of information, goods, and money, while they travel in the supply chain. We assume that honest users run a bug-free system, and smart contracts must be executed correctly. e contributions can be summarized as follows: (1) As far as we know, this is the first efficient supply chain framework based on blockchain, which guarantees the fairness and security of the information flow, logistics, and capital flow. Meanwhile, the corresponding smart contracts are given in this paper.
(2) We have improved the efficiency of the supply chain by separating goods transactions and capital transactions, specifically, placing goods transactions on the chain and, conversely, putting capital transactions off the chain by opening payment channels. (3) We run smart contracts in a simulation environment and evaluate the gas cost on the Ethereum network, and the experimental results proved the feasibility of our proposed solution. On this basis, we establish an efficient blockchain-based system SescfDapp. Furthermore, we also conduct a detailed vulnerability assessment of SESCF and discuss how the system remains secure against malicious attacks. e remainder of this paper is organized as follows. Section 2 discusses related work. Section 3 introduces the background techniques and related knowledge. Section 4 proposes a secure and efficient blockchain-based framework. Section 5 describes the implementation details. Section 6 shows the experimental results of our proposed system. Section 7 analyses the security of smart contracts in this work. Finally, Section 8 concludes this paper and proposes directions for future work.

Related Work
e blockchain was born in the Bitcoin system [19], and now more and more industries are proposing their blockchain solutions. Azaria et al. [20] proposed a decentralized system MedRec that uses blockchain processing EMRs. Zhang and Deng [21] proposed a secure billing protocol during taxi rides. Passengers and drivers use publicly verifiable twoparty blockchains to agree on taxi ride fees. Biswas and Muthukkumarasamy [22] applied blockchain to smart cities and integrated blockchain with smart devices to provide a secure communication platform for smart cities.
Furthermore, blockchain has been introduced in supply chain areas to make the chain more transparent, authentic, and trustworthy. A lot of research has been done to ensure the security and integrity of the supply chain [23,24]. A shared, consensus-based, and immutable ledger helps track the origin and transformations undergone in the supply chain. e blockchain will create a formal registry to track the possession of goods throughout the supply chain.
In the current research work, most researchers are committed to using blockchain technology and Internet of ings (IoT) devices to achieve transparency and traceability in the supply chain [4,14,[25][26][27][28][29][30]. Bocek et al. [30] proposed that blockchain can be used in various physical fields and took the pharmaceutical supply chain as an example to introduce in detail how to use blockchain in the supply chain. To achieve fair transactions between producers and suppliers, Alahmadi and Lin [4] proposed a blockchainbased supply chain management system, which uses tamperproof features of blockchain to make fair trade of goods. In [28], Marc Pilkington proposed that blockchain provides a groundbreaking method that can recreate transparency and establish new relationships with consumer products. To overcome the excessive addition of preservatives and harmful chemicals in the wine production process, Biswas et al. [26] proposed a blockchain-based wine supply chain traceability system to track counterfeit wine in the supply chain. In particular, there are many studies [14,25,27,29] combined with the development of RFID and blockchain technology to establish a supply chain traceability system. Tian [25] proposed a novel agro-food supply chain traceability system and assessed the advantages and disadvantages of the system in the article. Toyoda et al. [27] proposed a product ownership management system (POMS) that attaches RFID to goods, which can be utilized to trace counterfeit products in the post supply chain system. Cui et al. [29] implemented a traceability system for the electronic parts supply chain based on the blockchain, tracing each chip in a nondestructive manner. Mondal et al. [14] proposed a blockchain-based food supply chain traceability system, combined with RFID and blockchain to build a complete system architecture to ensure the transparency of food in the supply chain system.

Background Techniques
In this section, we first introduce the technologies used in this paper, which contain blockchain, smart contract, RFID, and payment channel. Besides, we give brief analyses on how these technologies are used in SESCF and how effective they are.

Blockchain.
Blockchain is a new application model of computer technology, such as distributed data storage, point-to-point transmission, consensus mechanisms, and encryption algorithms [9,31]. In short, it is a list of records that are linked by cryptographic techniques. Unlike centralized databases, it is a decentralized transaction and data management technology and is in an ideal state for a low trust (or trustless) exchange system, that is, information in this system does not rely on the third party. Moreover, it utilizes peer-to-peer networks to perform peer-to-peer verification on items and distributes transaction details in the ledger. As the underlying technology of Bitcoin, blockchain has been a hot topic in the field of security and finance.
According to the degree of network centralization, blockchain is divided into three types: (i) Public blockchain. People around the world can read data, send transactions, and "mine" in Public blockchain. ereby, Public blockchain is also considered to be a completely decentralized existence, as no organization or institution is able to control it. As we know, Bitcoin and Ethereum are typical Public blockchain [19,32]. (ii) Consortium blockchain: several organizations or institutions jointly participate in management in Consortium blockchain. It should be noted that, unlike the Public blockchain, only organizations in it have permission to access data. (iii) Private blockchain: an organization or institution controls the write right in Private blockchain, and nodes participating in it will be strictly restricted.
In this paper, we implement an evaluation system for SESCF, which is built upon a Consortium blockchain. If a node wants to join SESCF, it needs to apply to Certification Authority (CA). After the node passes the CA verification successfully, it can join SESCF. Each node in SESCF has the power to compete for mining, and a certification composed of multiple entities can effectively prevent problems such as illegal transactions. If a transaction entity attempts to tamper with transaction records alone or with other transaction entities, other entities may prove their misconduct based on their transaction records and remove them from SESCF.

Smart
Contract. Smart contract, as one of the Turingcomplete programming languages, was first proposed by Nick Szabo in 1994 [31]. It is digital, and the protocol is enforced using encrypted code. In other words, smart contract is a computer protocol designed to facilitate, verify, and enforce negotiation digitally. erefore, smart contract can perform reliable transactions without third parties, and these transactions are trackable and irreversible. In addition, smart contract cannot be tampered with because it has been stored and recorded on the blockchain. If anyone wants to tamper with it, he must tamper with the entire blockchain's ledger, which is costly.
Usually, an ordinary contract hinders the development of the supply chain because it takes much labour. What is more, due to the supply chain being highly open, theft, loss, and fraud are quite common. Fortunately, smart contract overcomes these shortcomings by providing parties with secure, transparent digital versions. Furthermore, it can automate tasks and transactions and even restrict behavior based on rules stored in code.

Radio Frequency Identification.
Internet of ings (IoT), or "Internet of Everything," is a huge network formed by combining various information sensing devices with the Internet.
ere are some IoT-based tracking and tracing infrastructures, such as electronic article surveillance (EAS), radio frequency identification (RFID), and QR codes, which are primarily targeted for automatic package-level tracking [33]. Among the IoT devices mentioned above, RFID is low load and small, so we use RFID to solve the problems in supply chain logistics [13,17,[34][35][36][37][38]. Sensor data and RFID information from these devices can achieve near-real-time asset tracking, monitoring, and alerting. More broadly, the data generated by these devices help produce actionable results, informs business intelligence, and helps businesses improve operations.
Furthermore, since blockchain is a distributed system, it cannot directly sense the status of logistics, such as the temperature of food during transportation. erefore, the application of blockchain to logistics must be completed in conjunction with IoT. In the actual production process, it is necessary to attach an RFID tag to each goods to store information, such as ID and product information. In particular, when transporting goods with high requirements on temperature and other conditions, such as fruits, medicines, and frozen foods, the real-time information of the RFID tag of the cargo box is read through the handheld terminal to ensure the validity of the goods. According to the goods specification information (including the inspection and quarantine information of agricultural goods) stored in RFID tags, the quality inspection can be performed on the goods. Besides, the RFID tags can be used as the carrier of anticounterfeiting traceability information.

Payment
Channel. In the current blockchain applications, such as Bitcoin [19], a new block needs to be propagated to all nodes in the network immediately before the next block is generated. is will ensure the security of the Bitcoin system. erefore, to meet this characteristic, Bitcoin uses the proof of work (POW) to control the rate of block production to one block in 10 minutes. Furthermore, to ensure the block's propagation rate, the block size is also limited [39].
Using the payment channel to achieve off-chain payment has become a promising approach to solve Bitcoin's efficiency and scalability issues [15][16][17][18]. Both parties' transactions in the payment channel do not have to be chained. In short, the payment channel is like a secure deposit box, where they lock coins into a deposit secured by a smart contract. After the transactions are completed, the channel is closed, and all transactions between them are submitted to the network. In this step, the two parties get back their own coins according to their status after the last transaction.

SESCF
In this section, we first introduce the secure and efficient blockchain-based supply chain framework (SESCF), which solves the existing problems in the information flow, logistics, and capital flow. Immediately afterward, we provide the process of generating transactions in SESCF. Figure 1 illustrates a general overview of the system architecture to solve the existing problems of information flow, logistics, and capital flow. Our system introduces a competitive bidding mechanism to ensure the transparency of information between entities in SESCF. In addition, payment channels are used to allow the security of coins of these entities. e proposed system model follows a layered architecture and is divided into three layers. e first layer is the user layer that handles the offline transportation between entities of SESCF. ese interactions involve goods along with RFID tags that store goods information. e second layer, i.e., the transaction layer, handles the online transactions of SESCF, including (i) trading event, in which the goods demander firstly publishes an order demand, then the goods suppliers bid based on it, and finally, the goods demander chooses the winning bidder to conduct the transaction, (ii) payment event, in which two parties conduct capital transactions by opening a payment channel, and (iii) delivery event, which is inspecting goods information when receiving the goods using the information stored in RFID. e third layer is the blockchain layer that stores transactions and data. Also, it tracks the source of the problematic goods involved in SESCF. It is worth noting that the blockchain layer enforces strict access control strategies to prevent unauthorized reading and writing of data.

Blockchain-Based System Model.
SESCF only allows registered users to perform specific transactions. If a node wants to join SESCF, it needs to be authenticated by Certificate Authority first. at is, Certificate Authority is responsible for registering the identity of all entities in SESCF. In addition, each function is allowed to be performed by specific entities. e entities are described as follows: Supplier, Producer, Retailer, and Certificate Authority.
Supplier (S). Suppliers are the enterprises that supply various required resources to producers and their competitors, which include the provision of raw materials, equipment, energy, and labor. Producer (P). Producers are the enterprises that supply goods to retailers. ey use raw materials or components to make a series of daily consumer goods through relatively automated machinery and production processes. When P and S reach a demand agreement, P will apply to open an off-chain channel with S. Retailer (R). Retailers are the enterprises whose sales are mainly from retail, that is to say, retailers sell goods directly to the end consumers. Compared with producers, they are in the final stage of goods circulation. Similarly, when R and P reach a demand agreement, R will apply to open an off-chain channel with P. Certificate Authority (CA). Certification Authority is an organization that issues digital certificates. Furthermore, as a trusted third party in e-commerce transactions, it is responsible for checking the legality of public keys in the public-key system.
In the following paper, since the scenario between retailers and producers is similar to that between producers and suppliers, we only take the raw material transaction between suppliers and producers as an example. In addition, the system model is divided into three parts: information flow, logistics, and capital flow.

Information Flow.
In goods circulation, the flow of all information is called information flow. Moreover, information sharing helps improve the efficiency of the system. However, due to the information asymmetry of upstream and downstream caused by factors such as time, space, and technology, the traditional supply chain information system is distributed in the hands of various participants. So far, no platform can gather all goods information with complete trust. erefore, we propose to use blockchain to solve the problems of the information flow. Here, the information flow mainly refers to supply and demand information.
Each participating entity has a pair of public and private keys and participates by invoking functions within the smart contract. To address the opacity of supply and demand information between upstream and downstream, a competitive bidding method is introduced in SESCF. Figure 2 outlines the sequence flow for a scenario where the goods demander, i.e., producer, and the goods suppliers, i.e., suppliers, complete the trading event by invoking the smart contract. When P needs a batch of raw materials, he executes the SendTender T(P, S 1 , . . . , S N , T tender ) function to release the tender announcement to S 1 , . . . , S N , i.e., N suppliers in SESCF. Here, T tender is a demand order for raw materials signed with P's private key, and its format is shown in (1). en, the event RequestedSendTender is invoked and is made available to all active participants (i.e., P and S 1 , . . . , S N ). S 1 , . . . , S N execute the SendBid S 1 , . . . , S N , P, eprice, T tender function to send bid price before the deadline for bidding, where the attribute eprice refers to the bid price encrypted with P's public key. It is worth noting that if entities do not participate in this bid, there is no need to send bid price. Once the bid deadline is reached, P uses his private key to decrypt S 1 , eprice, . . ., S N .eprice to get, price, . . ., S N .price, and then, the ComputeWinBidder (P, S 1 , price, . . ., S N ·price, T tender ) function is executed to choose the supplier with the  e RequestedComputeWinBidder event triggers the smart contract, which then automatically executes InformLetter-ofAcceptance (P, S 1 , . . ., S N , S win , T tender ) to notify the participating entities of the winning bidder. After P and S win reach an agreement through the event Reques-tedInformLetterofAcceptance, S win signs T tender with his private key and executes the BroadcastTender (S win , P, T tender ) function to broadcast this transaction. e event RequestedBroadcastTender is activated to notify the interacting entities of this transaction (i.e., P and S win ) at that specific time point: where Oname represents the order name of the tender, specifically, it means the raw materials required by P. Osize refers to the order quantity of the tender, which represents the number of raw materials required by P. Qspec refers to the quality specifications of the goods and Num max refers to the maximum number of substandard goods. Txtype refers to the type of transaction, and it should be noted that Txtype is txptos in T tender , which refers to the transaction sent by P to S. PD refers to the deposit, which is part of the price that P needs to pay to S in advance. LD represents liquidated damages, which is the amount payable to P if S does not deliver before the delivery deadline. e three times in T tender represent three deadlines: T 1 is the deadline for bidding, T 2 is the deadline for computing S win , and T 3 is the deadline for delivery.

Logistics.
Logistics is the process of integrating the functions of transportation, storage, and distribution from the supplier to the receiver. Because the structure of the supply chain is extremely complex, there are many counterfeit goods, and it is a very time-consuming and challenging task to track goods in the logistics. erefore, in SESCF, we mainly solve the problems of substandard quality and traceability in logistics. Figure 3 represents the message sequence diagram for quality inspection. at is, perform quality inspection when the goods are delivered, and refuse to accept them if the quality is unqualified. Following the offline delivery from S win to P, the function SendDelivery (S win , P, T delivery ) is executed and the event RequestedDelivery is activated. Here the parameter T delivery is a delivery note signed with the private key of S win , and its format is shown in (2). After receiving the goods offline, P calls the function InspectGoods (P, S win , RFIDInfo, Qspec, Num max ) to inspect the quality, and the parameters RFIDInfo represents the goods information that is stored in the RFID.
e Reques-tedInspectGoods event triggers the smart contract to automatically execute SendFlag (P, S win , count, flag) to notify the inspection result, where the attribute count indicates the total number of unqualified goods, and flag indicates whether it has passed the test, i.e., true or false. If flag is true, P signs T delivery with his private key and executes Broad-castDelivery (P, S win , T delivery ) to broadcast this transaction. Otherwise, P returns the goods to S win .
On the other hand, although fakes often appear in our lives, tracking fakes in the supply chain is very troublesome. erefore, Figure 4 shows the message sequence diagram in which the user uses the smart contract to track the origin of goods. Once the user finds a fake, he first scans the RFID tag of it and passes Gid and id_set which are stored in the RFID as parameters to the function TraceGoods (user, Gid, id_set). By doing so, users can trace not only the producer of the fake but also the suppliers who provide raw materials for the fake. e RequestedTraceGoods event triggers the smart contract to query transactions in the blockchain, and then, the query results are returned to the user through the function SendTraceResult (user, tx_set), where tx_set is the transaction set.
where EXhash represents the hash value of the related tender transaction. Txtype refers to the type of transaction, and Txtype is txstop in T delivery , which refers to the transaction sent by S to P. Tx is the delivery order, and Goods specifically refers to the content of the RFID tag. Moreover, the RFID tag contains Gid (goods id), id_set (the raw material id set of goods), goods name, origin, source, production date, goods specification information (including expiration date), etc. It should be noted that each Gid is unique in our system. For agricultural goods, Qspec refers to the inspection and quarantine information. Especially for goods with timeliness, such as meat and fruits, special attention should be paid to the expiration date.

Capital Flow.
Capital flow is the process of currency circulation. e efficiency and dynamic optimization of upstream and downstream capital operations are directly related to the operation quality of corporate capital circulation. However, payment defaults are common problems in the supply chain. To solve payment defaults, we consider opening a payment channel on both sides of the transaction. Moreover, placing capital transactions off-chain reduces the waste of on-chain resources. Figure 5 outlines the sequence flow for a scenario where the producer and the winning bidder pay the deposit, balance, and liquidated damages in the payment channel. Following S win broadcasts T tender , the function Open-Channel (P, S win , T tender , timelock) is executed to apply for opening a payment channel between P and S win , where timelock refers to the active time of the channel. After the channel is successfully opened, P and S win first sign it with their private keys through the event Reques-tedOpenChannel and then put some coins from the wallet into it by executing the functions InputCoins (P, coin, Channel) and InputCoins (S win , coin, Channel). In particular, in the multisignature address controlled by both parties, P is required to store not less than the price of the order, and S win is required to store not less than LD. Now, P executes the function PayDeposit (P, S win , PD, Channel) to pay the deposit to S win . If S win delivers on time, PayBalance (P, S win , balance, Channel) is executed by P to pay the balance. Otherwise, S win executes PayLiquidatedDamages (S win , P, LD, Channel) to pay the liquidated damages. In particular, if S win delivers before the deadline, both P and S win can execute the function CloseChannel (P, S win , T tender , Channel) to apply for closing the payment channel in advance. e event RequestedCloseChannel is activated to notify the interacting entities that the channel is closed successfully, and P and S win will get back their respective coins according to the status of the last transaction. Unlike digital currencies such as Bitcoin, the form of payment transaction T pay is shown in the following equation: EXhash represents the hash value of the associated tender transaction. Txin is the input address, and Txout is the output address. Txtype is the type of payment   transaction, and we determine it based on the increase or decrease of P's coins and S win 's coins after the channel is closed: (i) if P's coins increase and S win 's coins decrease, it means that S win did not deliver on time, and S win pays P the liquidated damage, and then Txtype is LD; (ii) if P's coins decrease and S win 's coins increase, it means that S delivered on time, and P pays S win the price of the goods, and then Txtype is the price of the goods. Txcount is the amount of T pay .

Implementation Details of SESCF
In this section, we implement SESCF from three parts: information flow, logistics, and capital flow. In particular, specific smart contracts for each part are given.

Information Flow.
As discussed earlier, we propose to use a competitive bidding mechanism to ensure the symmetry of upstream and downstream supply and demand information. at is, P issues a tender announcement, then S 1 , . . ., S N bid, and finally, P chooses the lowest bidder as S win . According to these processes, three primitives are defined: Tender, Bid, and Compute. e process is described in Algorithm 1.
Tender. In the tender stage, P first sends T tender signed with P's private key sK P to the smart contract. en, the smart contract forwards T tender to S 1 , . . ., S N after receiving T tender . Bid. In the bid stage, after receiving T tender forwarded by the smart contract, S 1 , . . ., S N choose to bid or give up according to T tender . If they choose to bid, they need to use P's public key, i.e., pK P , and a random number r to encrypt the bid price and then use NIZK to compute a zero-knowledge proof π to prove that eprice is constructed correctly. It is worth noting that each user does not know others' bids before committing to their own, so that the user's bid is independent of others'. As long as P does not disclose the bid information, users' bids remain private even after bidding. After receiving the message from S 1 , . . ., S N , the smart contract first determines the current time is less than T 1 , ensures that S 1 , . . ., S N conduct bidding exercises for the first time, and then verifies their commitments are correct. If verifications are passed, the smart contract automatically forwards their bid messages to P. Compute. In the compute stage, S 1 , . . ., S N first call for computing. If S 1 (i ∈ 1, . . . n { }) has not called for computing before T 2 , it means that it has abandoned the bid. en, P decrypts their bids withsK P and compares them with the price cycle to select S win (S win ∈ S 1 , . . . , S N ) with the lowest price. After that, the smart contract sends the message whether they are the winning bidder to S 1 , . . ., S N . Finally, S win uses sk S to sign and broadcast T tender .

Logistics.
At the time of delivery, the buyer first scans the RFID and then uses RFIDInfo, Qspec, and Num max as inputs to trigger the smart contract for quality inspection. We define a primitive to complete the quality inspection: Inspect. e process is described in Algorithm 2.
Inspect. S win first sends T delivery signed with sk S to the smart contract before the latest delivery time T 3 , and the smart contract forwards T delivery to P. en, after P receives the goods offline, he scans the RFID tags. Meanwhile, Qspec, Num max , and RFIDInfo are passed as parameters to the smart contract for quality inspection. Specifically, the smart contract traverses the information of the goods and compares them with Qspec. ere are two cases in the inspection result: (i) if the number of substandard goods is not greater than Num max , then P will sign T delivery with sk P and broadcast T delivery . (ii) If the number of substandard goods is greater than Num max , the smart contract will notify P and S win of the number of substandard goods, and P will return the goods to S win offline.
Algorithm 3 describes the process of tracking the origin of fakes in SESCF. Similarly, we define a primitive to complete the traceability: Trace.
Trace. Using a unique Gid to identify the goods can achieve traceability. In Section 4.3, we have introduced Gid and id_set. Once a problem is found with the goods, the user can scan the RFID to obtain the unique Gid and id_set. e goods information contained in T delivery is stored on the blockchain so that users can locate the corresponding T delivery and further locate the supplier of the problem goods according to Gid and id_set.

Capital Flow.
Algorithm 4 describes the process of solving payment defaults in the supply chain. Specifically, after S win broadcasts T tender , a payment channel C < P, S win > with a time lock of T 3 is opened between P and S win immediately. We define three primitives to complete the payment: Open channel, Payment, and Close channel. Here, txhash refers to T tender 's hash value.

Open channel.
In the open channel stage, P releases the coins not less than the order price into the channel, and S win releases the coins not less than LD into the channel. As well as, the time lock is set to T 3 . Finally, both parties use their private keys to sign the channel C < P, S win > . e role of the time lock is to set the latest closing time of the channel. In simple terms, after T 3 , if C < P, S win > is not closed yet, it will automatically close, at the same time, the coins in the channel are redistributed and submitted to the blockchain.
Payment. In the payment stage, P pays S win PD after the channel is opened. If S win fails to deliver to P before T 3 , he will pay LD to P automatically through the smart contract at T 3 . On the contrary, if S win successfully delivers to P before T 3 , P will pay S win the balance through the smart contract.
(1) inspect: S win inputs T delivery signed with sk S (2) assert current time T < Exhash.T 3 (3) N :� Goods.count (4) assert N � Exhash.Osize (5) Smart contract forwards T delivery to P (6) P scans and inputs the RFID tag of the goods (7) P inputs (Qspec, Num max ) (8) count :� 0 (9) for i ∈ [N] do (10) compare Goods i .information with Qspec (11) if the quality of Goods i is not up to standard then (12) count++ (13)  S win sign off C < P, S win > and submit the balance of their coins to the blockchain.

Evaluation
In this section, we first discuss the assumptions of SESCF and use simulation tools to prove the feasibility of the smart contracts. en we implement an efficient blockchain-based supply chain system. Our system runs on the Windows operating system. Finally, we give a comparison between SESCF and the existing blockchain-based supply chain frameworks.

Simulation and Results.
We test the smart contracts proposed in this paper in the simulation mode. Specifically, we use Remix, MetaMask, and Ganache to test the feasibility and performance of smart contracts. Remix is the official online integrated development environment (IDE) of Ethereum. e Solidity language can be used to complete the online development, compilation, testing, deployment, debugging, and interaction of Ethereum smart contracts in the web page. Ganache provides virtual users with a certain number of virtual cryptocurrencies.
rough the visual interface, users can intuitively set various parameters, browse, and view accounts and transaction data. MetaMask is a Chrome plug-in, so it is very convenient to use it to (1) trace: N i scans the RFID tag of the goods (2) N i inputs Gid and id_set (3) total :� id_set.length +1 (4) num � 0 (5) for tx.Txtype � txstop and num � total do (6) if Gid � tx.Goods j .Gid or id_set.id � tx.Goods j .Gid then (7) send tx to N i (8) num++ (9) end if (10) end for ALGORITHM 3: Trace() for user N i .
Ethereum stipulates two accounts: ordinary accounts and smart accounts. For ordinary transfer transactions, that is, calling ordinary accounts, the required gas is a fixed 2.1 × 10 4 . However, if users call smart accounts, the required gas is different because the complexity of the smart contracts is different. e more resources the transaction takes up, the more gas is required. Following are the performances we tested to evaluate the proposed solution: (i) the gas cost required to deploy smart contracts, (ii) the total amount of gas consumed by different numbers of nodes on the competitive bidding mechanism, (iii) the total amount of gas consumed by different quantities of goods when inspecting the quality of goods, and (iv) the total amount of gas consumed by different numbers of transactions when tracing goods. Figure 6 shows the gas consumption of the four smart contracts deployed in SESCF. As we can see from the figure, the Competitive bidding() consumes the most gas and the Inspect() consumes the least gas. In Ethereum, gas needs to be converted into ETH for payment. Here, we set gas price � 1 Gwei � 10 − 9 Eth, and then, the total cost of deploying smart contracts is 7.69 × 10 − 3 Eth.
In Figure 7, the amount of gas consumed by different numbers of suppliers in the competitive bidding mechanism is shown. e competitive bidding mechanism consists of three functions, i.e., Tender(), Bid(), and Compute(). In SESCF, as the number of suppliers increases, the resources (calculation, memory, etc.) occupied during bidding also increase. It is obvious in the histogram that as the number of supplier nodes increases, the more gas is required to run the smart contract. In addition, the Bid() function consumes the maximum amount of gas for execution and transaction as compared to the other functions because the Bid() function not only needs to encrypt bids but also needs to calculate and verify π.
In the delivery stage, P needs to perform quality inspection on the goods first. Figure 8 shows the amount of gas consumed by different numbers of goods in the Inspect() function. rough a large number of experiments, we have found that the gas consumption in the inspect phase is proportional to the number of goods, that is, as the number of goods increases, the more gas is required.
To compare the number of transactions in SESCF with the amount of gas required for tracing goods, we add different numbers of transactions in SESCF for testing. e results are shown in Figure 9. We stipulate in the smart contract Trace() that once the transactions are queried, it will stop running. erefore, the gas consumed by the Trace() function is not only related to the number of transactions in SESCF but also related to the ID of the block where the goods is located. However, by drawing these histograms, we concluded that more transactions in SESCF will cost more than fewer transactions.

Construction and Results.
e experimental results in the previous section show that the smart contracts we proposed are feasible. Next, we develop an efficient blockchain-based supply chain system SescfDapp. SescfDapp runs on the Windows operating system, and it is implemented using the C++ language. Furthermore, we assume that no entity on the network has enough computing power to destroy more than half of the network nodes, and only registered entities can buy and sell goods in SescfDapp.
First, the user runs SescfDapp and then enters the port number and selects the identity on the login interface. After the login is successful, SescfDapp automatically obtains the current user's IP address and generates a pair of a public key and private key and initializes a wallet for the user. Next, SescfDapp sends the user's IP address, port number, identity, and public key to the CA for verification. If the verification is successful, the system will receive a certificate binding IP address, port number, identity, and public key. But in our simplified supply chain system, the CA server verification step is omitted. erefore, we consider the IP address, port number, and public key as certificates.
After the user logs in SescfDapp, the home page displays the IP, port number, and identity of the user. Further, he can operate on the competitive bidding, inspect, trace, and payment pages. It is worth noting that nodes have only three different identities: supplier, producer, and retailer. Following are the running times of SescfDapp. We proved the efficiency of SescfDapp by analyzing them. Figure 10 shows the time cost on the competitive bidding mechanism. We provide different numbers of nodes in SescfDapp and run multiple times to study the impact on bidding time cost. It is clearly visible from the graph that the Compute() function consumes the maximum amount of time cost for execution as compared to the Tender() function. is is because the Compute() function not only needs to broadcast the calculation result to S i but also needs to perform decryption and logically complex operations. e Tender() function only needs to broadcast T tender to S i . erefore, the time cost of Tender() is relatively low. When running the Bid() function, we found that the average running time of bidding for a user is 3.08×10 −1 seconds. e execution time of the Bid() function mainly includes two parts: (i) the time for S i (i ∈∈ { 1, . . ., N }) to send eprice and π and the size of each proof π is 1.25 MB; (ii) the time for the smart contract to verify π.
We first open a payment channel between P and S win in SescfDapp and perform the payment operations. We observe that the channel can be opened between any two users in SescfDapp, and it only takes 4 ×10 −2 seconds to make a payment operation on the path of P and S win . is greatly reduces the overhead on the blockchain.
In Figure 11, the time cost on inspecting and tracing goods in the logistics phase is shown. We test the changes in the execution time of the Inspect() function as the number of goods increased, and the changes in the execution time of the Trace() function as the number of transactions increased. It is observed from experiments that the Inspect() function is   e above time is sufficient for the provenance scenario.

Comparison.
In Table 1, we give a comparison between SESCF and the existing blockchain-based supply chain systems in terms of functionalities [14,23,25,29]. Although current work uses blockchain to solve problems in the   supply chain, most research work has focused on only one aspect of the supply chain. As we know, the supply chain is a complex system consisting of information flow, logistics, and capital flow. erefore, we first proposed an efficient supply chain framework based on blockchain, which guarantees the fairness and security of the information flow, logistics, and capital flow of the supply chain at the same time. In addition, we compare the efficiency of SESCF and Scheme [23]. In comparison, we only consider primary operations with significant overhead and ignore operations with low complexity. We implement Scheme [23] based on SescfDapp. Figure 12 indicates the evaluation of the quality inspection and traceability function in the experiment. As we can see, the quality inspection time of both schemes increases as the number of goods and SESCF achieves more optimized performance. Both two schemes must check whether the parameters of the goods meet the requirements of production indexes. Scheme [23] needs to verify the current node information first and then upload and package the goods information. Meanwhile, SESCF does not need to perform these operations.
It should be noted that the goods ID is unique in both schemes. For the traceability function, the difference between the two schemes is the way to search using ID. Scheme [23] needs to traverse all transactions, while SESCF sets a keyword total, that is, when the number of query results equals to total, the smart contract will terminate. As a result, SESCF is faster for the same number of transactions. e difference in their efficiency has become more and more evident as the number of transactions increases.

Security Analysis
In this section, we first introduce the vulnerability and security issues of smart contracts which allow malicious users to exploit smart contracts. en, how SESCF is resilient against these attacks is proposed.

Vulnerability and Attack.
As we all know, blockchain data are secure and immutable, and the enforceability of the code on smart contracts makes it impossible for accounts to be breached. Moreover, the use of smart contracts can update in real time and reduce human intervention to improve the efficiency of the supply chain. However, if there are security bugs in smart contracts, the adversary can manipulate the execution of smart contracts to gain profit.  Figure 11: Time cost of inspecting and tracing goods.
As a result, the security of the entire system will be undermined. Here, we introduce several vulnerabilities in smart contracts which are proposed in paper [40]: Transaction-Ordering Dependence (TOD), Timestamp Dependence, Mishandled Exceptions, and Reentrancy Vulnerability. Transaction-Ordering Dependence is a bug that may be exploited by malicious users. Usually, it takes some time for a transaction to be broadcasted and packaged in a block. Assume that an attacker A monitors the transaction of the corresponding contract in the network and then immediately sends a transaction to change the current contract status. By doing so, the later-released transaction may be ranked before the first-released transaction. For example, A submits a prize-winning quiz contract C quiz and a transaction TX a that promises to give generous rewards, allowing other nodes to find the correct answer. After submitting C quiz and TX a , A continues to monitor the network to see if anyone submits the transaction TX b with the correct answer. Once someone submits TX b , A immediately submits a transaction TX c that reduces the bonus before TX b is confirmed. Moreover, A provides a higher gas so that TX c is processed by the miner first. Finally, when the miner processes TX b , the bonus becomes extremely low, and A can get the correct answer almost for free.
Ethereum stipulates that when a miner packs a new block b 1 , if b 1 's timestamp is greater than b 0 's and the difference between the timestamps is less than 900 seconds, b 1 's timestamp is also legal. Timestamp Dependence means that the execution of smart contract depends on the current block's timestamp. Different timestamps will result in different execution results of the contract. Assuming the following scenario, there is a lottery contract C lottery that requires a value n to be calculated from the current timestamp and other variables which can be known beforehand. Moreover, C lottery indicates that participants with the same number as n will receive prizes. While mining a block, A tries different timestamps in advance to calculate n, so as to give prizes to the designated participants.
In Ethereum, smart contract C 1 can call another contract C 2 through the send() command. If an exception is thrown in C 2 (low battery or call stack limit exceeded, etc.), C 2 is terminated. However, exceptions in C 2 may not be propagated to C 1 . e above are Mishandled Exceptions. For example, A intentionally exceeds the depth limit of the call stack to attack smart contracts. It is stated that the implementation of the Ethereum Virtual Machine limits the depth of the call stack to 1024 frames. Moreover, if C 1 calls C 2 , the depth of the call stack increases by one. So, A submits a smart contract C stack and calls itself 1023 times and then sends the transaction to Bob. In doing so, A ensures that Bob's call stack depth reaches 1024, which causes Bob to fail to send instructions.
Reentrancy Vulnerability, just as its name implies, is that the adversary can repeatedly enter the smart contract. In Ethereum, smart contracts can call other external contracts's codes. Consider the following contract that sends ETH to an external address. is function requires calling the code of the external contract. At this time, by hijacking external calls, A can repeatedly enter the transfer() function of the contract to transfer funds.

Security Proof.
In terms of the four attack methods mentioned in Section 7.1, this section proposes security theorems to prove that SESCF is secure and effective.

Theorem 1. SESCF does not rely on Transaction-Ordering.
Proof. In SESCF, P submitted T tender and reached an agreement with S win through a competition mechanism. e probability of reducing S win 's contract rewards by releasing another transaction to change the current contract status is nearly impossible. On the one hand, T tender is cosigned by P and S win and broadcasted by S win . On the other hand, once T tender is broadcast, C < P, S win > is opened immediately. P is required to release coins not less than T tender .price, and S win is required to release coins not less than T tender .LD into C < P, S win >. Furthermore, P and S win will automatically pay T tender .PD, T tender .balance, and T tender .LD according to S win 's delivery status.

Theorem 2. SESCF does not rely on the timestamp of block.
Proof. In the competition mechanism, P selects the supplier with the lowest bid price as S win by comparing S 1 .price, · · ·, S N .price. Consequently, there is no situation in which P selects a designated supplier for a transaction by continuously calculating the block's timestamp. In addition, the bids of S 1 , . . ., S N are encrypted by pk P , so that the bids of S 1 , . . ., S N are independent of others'.

Theorem 3. SESCF does not cause Mishandled Exceptions and Reentrancy Vulnerability.
Proof. e exception in the callee's contract is not propagated to the caller can cause Mishandled Exceptions. Besides, in Ethereum, when a contract calls another contract, the current transaction waits for the call to finish. is issue can lead to Reentrancy Vulnerability when a transaction makes use of the intermediate state of the caller. It is quite clear that these two bugs are caused by calls. In SESCF, Competitive bidding(), Inspect(), Trace(), and Payment() are independent of each other, i.e., there is no calling relationship between them.

Conclusion
We proposed SESCF, a secure and efficient supply chain framework. As far as the authors' knowledge, it is the first system to guarantee the fairness and security of information flow, logistics, and capital flow in the supply chain system simultaneously by exploiting blockchain. Due to space limitation, since the scenario between retailers and producers is similar to that between producers and suppliers, only the latter has been illustrated in this paper. Specifically, we provided the algorithm flow and discussed the smart contracts in detail. Moreover, simulation was performed, and the results showed that the deployment and execution of SESCF only requires a certain amount of gas, which indicates the feasibility of SESCF. Based on this, we developed an efficient blockchain-based supply chain system SescfDapp. In the end, we evaluated SESCF and proved that it is robust and secure for entities acting maliciously.
In this paper, we put multiple types of transactions in a single chain. In reality, this may reduce the search efficiency. It is an interesting problem how to extend our framework into a multichain structure, that is, we will consider putting different types of transactions on different side chains in the future. By doing so, not only the search efficiency but also the system throughput will be improved.

Data Availability
e data used to support the findings of this study are included within the article.

Conflicts of Interest
e authors declare that they have no conflicts of interest.