Blockchain / Smart Contracts
Blockchain technology introduces a number of new threats to applications. Security tests allow detecting errors at an early stage of application development, the removal of which could be particularly difficult at a later stage.
The distributed ledger technologies (DLT), including blockchain and smart contracts, bring back to life already forgotten vulnerabilities (such as under and overflows) and introduce new ones (e.g. front-running). These vulnerabilities are not commonly known because the DLTs are still quite new. Moreover, the applications using these technologies are often integrated with other systems and open up new doors for intruders.
Our experience allows us to detect errors specific to these technologies at the application development stage, the removal of which in an already implemented system would be particularly difficult.
What are distributed ledger applications?
We can enumerate the following applications of distributed ledgers:
1. Custom implementations of distributed ledger (e.g. payment systems).
2. External applications integrated with distributed ledgers (e.g. cryptocurrency exchanges).
3. Smart Contracts built on the top of distributed ledgers (e.g. decentralized finance).
“Without clear understanding of the risks you may over-trust blockchain implementations.”
Our methodology developed over the years guarantees an optimal coverage of key and application-specific security threats.
At the beginning, in close cooperation with a client, we identify key threats to all technologies used by the application. We are a large team with a wide specialization, therefore we can carry out this task with high quality.
In the next step, we verify the existence of identified threats. We prepare test scenarios which are based on the threats and key assets. If a threat is found, we report it to the client together with a recommendation how to remove it.
The last step is consultation regarding recommendations. If possible, we are in constant contact with the client’s team (e.g. on Slack) so that all consultations are carried out on an ongoing basis.”
“To avoid becoming a victim, it is important to keep up-to-date with the latest DLT security issues and preventive security measures.”
The technologies are being developed every day and so appear the security bugs and attack vectors. We put great emphasis on continuous development. That is why we regularly conduct security research. Such an approach allows us to make presentations at various types of conferences. Additionally, we work by the principle of sharing our experience with the community. Based on our own research, we create open-source tools that support application testing:
* Smart Contracts Security Verification Standard
* Ethereum Responsible Disclosure Messenger
Are you interested in a broader view of blockchain technology security? Check our article: Developing Secure Blockchain Applications.
Feel free to contact us via a contact form so that we can learn more about your application. Together, we can safely implement the distributed ledger technology or analyze the threats in the existing implementation, as well as verify if it is resistant to DLT threats.