- Smart-contract code audit
- Web components and infrastructure penetration testing
- Oracles security
- Smart-contract reversing
Other blockchain enabled technologies.
We can ensure cyber-risk mitigation for a blockchain enabled projects:
- Crypto exchanges
- Custom blockchain implementations and their underlying crypto-algorithms and consensus principles
- Application of blockchain for grid technologies
Project case: ICO smart contract security audit
Project goal was to asses the security of the smart contracts source code which were implementing modified ERC20 token and investor web-dashboard. The Oraclize library was used by the contracts to allow for interaction with external services.
The code review was performed using a combination of manual and automated tools and techniques to identify vulnerabilities within the target environment and exploit them. The contract code was deployed to the custom blockchain testnet and every step was emulated (the time parameters were modified to speedup each ICO stage). The testnet and deployment was arranged with a set of utilities: geth, truffle, ganache and mist. Multiple vulnerabilities were identified and reported to customer:
- The wide permission for the developer role, hardcoded in the contract
- The potential stale state of the contract, where it could stuck without ability to recover the money deployed to the contract address
- The lack of input address length validation, which facilitated attacks which involves input abuse on the smart-contract web-dashboard
- Cross-site scripting (XSS) in the investor web-dashboard