Image Ref. — Quill Audits
“Blockchain technology is no more Nascent”, rather, its immense potential is being realised by governments and enterprises all around the globe. Traditional businesses from fields like healthcare, agriculture, finance and transportation have already integrated blockchain in their supply chains, and made business records secure and immutable. The adoption of cryptocurrencies by governments of Ohio and Florida further strengthens my point.
As we adopt something new in our lives, critics too, find their way to creep in. Rather than giving facts on the how blockchain use cases have transformed a business process, media reports have highlighted the cases where millions of dollars were stolen from a blockchain ecosystem-
DAO failure was caused due to “Recursive Call bug” which also happened with Spankchain ICO, (Image Ref. — Samuel Falkon)
These are only a few instances where huge monetary losses occurred in blockchain ecosystem, and have been highlighted in the mainstream media. Blockchain is being promoted as the “next big thing in Cyber-Security” and to achieve this vision, the blockchain community needs to be tamper proof and adopt a ZERO TOLERANCE POLICY. Let’s get to the root of the problem, why did these hacks occur ?
The more Smart Contracts used in the Blockchain platform, the greater is the danger.
“Bugs”
Smart Contracts are the blocks that form the network of Blockhain. These Blocks are responsible for the transfer of millions of dollars (or sometimes assets worth millions, for Security tokens) in the blockchain network. The Smart Contracts are coded by Developers, who are humans and sometimes unknowingly leave out some bugs in their development which are not caught during final testing.
Hackers take advantage of these bugs to attack the network and embezzle the funds flowing in the network.
“Audit Process”
For auditing a Smart Contract, auditors follow a 4-step process-
Use of solidity-coverage tool is also recommended. This tool runs a process and checks how many functions have been covered by the Unit test cases. This process identifies sections of the code that are not tested, or might need more testing.
During the process of an audit, the auditor should also find if the Smart Contract is “truly decentralised”. Some Smart Contracts unknowingly give too much power to the owners- Burning of tokens, longer locking period, freezing of investor money.
“Coming back to the Critics”
Any hack resulting in monetary losses, creates a distorted image of the overall Blockchain ecosystem leading the general public (who are eager to step in this revolution) take a step back and consider this revolutionary technology still immature. To envision a future with blockchain dominate ecosystem, a structured audit across all blockchains needs to be followed.
Whenever I take an exam, I always believe that I have passed with flying colors, but an external audit of my examination paper gives a result otherwise!
“Summary”
Smart Contracts Auditing is not an easy task and obviously a single development team CANNOT catch all the bugs during the development process. I recommend audits from different auditors — Not only are you making the project secure, ensuring investors of a haven for their money, but also contributing in making the Blockchain ecosystem to be invincible.
Some of the top Smart Contract Auditors, based on the analysis of audit reports published on their respective blogs -
References —
Security - Hacker Noon_Read writing about Security in Hacker Noon. how hackers start their afternoons._hackernoon.com
Let’s discuss more on Blockchain Security, ping me on my telegram handle — @parth_agarwal !