audit

CYBER SECURITY OF SMART CONTRACTS AND PLATFORMS

In accordance with the current research of specialists from Positive 71% of the projects analyzed by them contained vulnerabilities in smart contracts, what is called the heart and soul of the ICO.

From the research, it also becomes obvious that almost every ICO project launched in 2017 and associated with the development of mobile had a significant number of shortcomings in the field of security, due to the fact that the organizers did not pay due attention to the security of their platforms and did not provide a means of protection against possible attacks.

Continuing the review of statistics, it should be noted that every third project had vulnerabilities that allowed hackers to access data and crypto assets of the organizing companies.

Among the identified problems is to highlight:

– non-compliance with ERC-20 standard,

– incorrect generation of random numbers;

and some others.

Such vulnerabilities often arise due to not high competence of programmers in the field of information security and insufficient quality testing of the source code

 

The most common disadvantages that are identified in mobile applications include the following:

– the use of insecure methods of data transmission;

– storage of user data in phone backups;

– disclosure of session IDs that an attacker can capture and use against a user.

The critical vulnerabilities of web applications include:

– entering code;

– disclosure of confidential information by the web server;

– insecure data transfer;

– arbitrary reading of files.

We urge the ICO organizers not to consider the unprofessional way and entrust the cyber security of their projects to experts in their field!

BLOCKSANE PTE. LTD. provides wide range of blockchain-related services from security audit to hardware development. But, first of all, we are unique experts in information security with reach experience in this field. Originated from industrial security, our competences reach all branches of blockchain, providing enough skills for complex software development, security audit of smart contracts and web platforms, and even for specific hardware development.