1 / 11

EOS Smart Contract Audit I Somish Blockchain Labs

Smart contracts on the EOS platform are emerging in the market. As this platform is fairly new, the audit of the smart contracts should be done with care.<br><br>Historically, a single bug in smart contracts has lead to irrecoverable loss of funds or locking up of millions of dollars

manishluvv
Télécharger la présentation

EOS Smart Contract Audit I Somish Blockchain Labs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smart Contract Audit

  2. ABOUT SOMISH Established in 2006, we dived into Blockchain Technology back in 2016. Ever since, we have worked with Fortune 500 companies, governments and startups across the world to build award-winning, validated products

  3. What is Smart Contract Audit? Smart contract audit is the process of identifying vulnerabilities in a smart contract code prior to its deployment on production systems of blockchain platforms like Ethereum, Tron, EOS, Hyperledger and others. It involves automated and manual testing of the smart contracts to highlight commonly encountered technical, security vulnerabilities and patterns that could be exploited by malicious parties. A smart contract audit also includes suggestions on best practices of writing smart contracts, improving code efficiency, logic and overall optimization. There are two types of audit – Technical Audit and Full Security Audit

  4. EOS Smart Contract Audit Goals(1 of 2) • Smart contract built on the top of EOSIO blockchain allow for a lot of features to be covered by tests, but the turing completeness of C++ programming language and it’s flexibility leaves some space for unexpected runtime exceptions. • Our audit ensures the reliability of your smart contract by complete assessment of your application architecture and your smart contract code base. • Through our manual and automated analysis, we provide complete solution to identify and determine vulnerabilities and violations of logic in smart contract. • We will check whether the developed source code is compatible with the contents described in whitepaper. • How efficiently CPU utilized, RAM usage.

  5. EOS Smart Contract Audit Goals(2 of 2) • Auth checks, numeric overflows, buffer overflows, transfer prompt errors, rollback attacks, random number attacks.• Dangling pointers and references and memory management • Mapping of actions to roles and permissions • Persistent data on RAM and usage of index tables • DoS attacks • whoever deploys the contract does not have access to user funds

  6. 3rd Party - Smart Contract Audit Hiring an external smart contract audit company is a crucial step in ensuring that your smart contracts work as intended. Historically, a single bug in smart contracts has lead to irrecoverable loss of funds or locking up of millions of dollars. See as under: The DAO Hack in 2016 resulted in loss of 3.6 million ETH, worth ~ $750 million as on July’19 The Parity Wallet Hack in July’17 resulted in loss of 150,000 ETH, worth ~ $31 million as on July’19 The Parity 2 Hack in Nov’17 resulted in freezing of 513,774 ETH, worth ~ $107 million as on July’19

  7. 5 Signs You Need Help With Smart Contract Audit Worried about the intended behavior of smart contracts written by your developers? You’ve heard about various smart contract hacks like (The DAO Hack and Parity Hack) and are worried that your smart contract might have bugs? Are you launching a tokenized crowdfunding campaign and want to get your smart contracts audited before exchange listing? Your blockchain developers are unable to write comprehensive unit test cases for your smart contracts and you’re worried about the functionality of the contracts? Your investors are asking for 3rd party security audit of your smart contracts but you are unable to find experienced team of auditors?

  8. What Can We Do For You? Check For 125+ Vulnerabilities Report on Critical, Major, Minor Bugs Security Audit within 48 Hrs Audit for Major Protocols Unlimited Re Audits Audit by 2 Unbiased Experts

  9. 4 Steps Of Conducting Smart Contract Audits (1 of 2) Our unbiased and independent blockchain aficionados assess and identify the technical and security vulnerabilities and glitches in the smart contract, basis the provided code and business, technical documentation specifying behavior of the contract. At times, developers find it difficult to write unit test cases for the smart contracts and our team can help in liaising for the same. Assessment Post-assessment, the contract undergoes a 360° verification process to ensure that it fulfills the required specifications as per the provided documentation Verification

  10. 4 Steps Of Conducting Smart Contract Audits (2 of 2) The results of the first two phases are shared with the contract owners with brief suggestions on how to improve. The contract owners then engage in rectifications of the anomalies in a pre-decided time window, post which, our team undertakes one-time code re-verification. Testing Finally testing is followed by a detailed technical / security audit report which is provided to the contract owners for their reference and usage. Reporting

  11. Types of Tools Alongside manual review, code audit shall be done by using applicable tools as per the following list: Mythril Oyente Manticore Solgraph Solidity-coverage Slither

More Related