Ciphertext-policy attribute-based encryption (CP- ABE) with verifiable outsourced decryption is a mechanism for secure fine-grained access control over encrypted data, and it is suitable for cloud computing applications. However, there exists a risk in CP-ABE with verifiable outsourced decryption that can lead to serious consequences and may limit its wide applications: the key generation center may have misbehavior. In this paper, we present BSA, the blockchain-based specification for ABE to mitigate this risk. We introduce the specification to regulate the data access control and a proof mechanism to supervise whether the key generation center has misbehavior. Also, we can provide decentralized and automated incentives with BSA by smart contracts and blockchain-based consensus.