Image Ref. — Quill Audits “ is no more Nascent”, rather, its immense potential is being realised by governments and enterprises all around the globe. Traditional businesses from fields like healthcare, agriculture, finance and transportation have already integrated blockchain in their supply chains, and made business records secure and immutable. The adoption of cryptocurrencies by governments of Ohio and Florida further strengthens my point. Blockchain technology As we adopt something new in our lives, critics too, find their way to creep in. Rather than giving facts on the how blockchain use cases have transformed a business process, media reports have highlighted the cases where millions of dollars were stolen from a blockchain ecosystem- DAO Hack — $150 Million Stolen Parity — $300 Million Lost POWH — 2000 Ether Stolen Spankchain — $40,000 Stolen DAO failure was caused due to “Recursive Call bug” which also happened with Spankchain ICO, (Image Ref. — ) Samuel Falkon These are only a few instances where huge monetary losses occurred in blockchain ecosystem, and have been highlighted in the mainstream media. Blockchain is being promoted as the “next big thing in Cyber-Security” and to achieve this vision, the blockchain community needs to be tamper proof and adopt a ZERO TOLERANCE POLICY. Let’s get to the root of the problem, why did these hacks occur ? The more Smart Contracts used in the Blockchain platform, the greater is the danger. “Bugs” Smart Contracts are the blocks that form the network of Blockhain. These Blocks are responsible for the transfer of millions of dollars (or sometimes assets worth millions, for Security tokens) in the blockchain network. The Smart Contracts are coded by Developers, who are humans and sometimes unknowingly leave out some bugs in their development which are not caught during final testing. Hackers take advantage of these bugs to attack the network and embezzle the funds flowing in the network. “Audit Process” For auditing a Smart Contract, auditors follow a 4-step process- for an audit process to be thorough, not only the bugs present need to be identified, but also the functionalities that are absent in the Smart Contract. This is a crucial step — an efficient auditor team ensures that the Smart Contract should work along the functionalities mentioned in the Whitepaper. Gathering Specifications — A scrutiny of each line of the code. The idea here is to present the code in front of as many eyes as possible, so that no errors remain unidentified. Manual Testing — Here the auditor gets to the smallest unit in the code, by implementing Unit test cases for each function present in the Smart contract. Unit Testing — This step utilises the tools already developed tools by the blockchain community. Based on the nature of Smart contract, there are various tools that auditors use, some common ones are Mythril, Smart Check, Remix, Solhint. Automatic Analysis — Use of solidity-coverage tool is also recommended. This tool runs a process and checks how many functions have been covered by the Unit test cases. This process identifies sections of the code that are not tested, or might need more testing. During the process of an audit, the auditor should also find if the Smart Contract is “truly decentralised”. Some Smart Contracts unknowingly give too much power to the owners- Burning of tokens, longer locking period, freezing of investor money. “Coming back to the Critics” Any hack resulting in monetary losses, creates a distorted image of the overall Blockchain ecosystem leading the general public (who are eager to step in this revolution) take a step back and consider this revolutionary technology still immature. To envision a future with blockchain dominate ecosystem, a structured audit across all blockchains needs to be followed. Whenever I take an exam, I always believe that I have passed with flying colors, but an external audit of my examination paper gives a result otherwise! “Summary” Smart Contracts Auditing is not an easy task and obviously a single development team CANNOT catch all the bugs during the development process. I recommend audits from different auditors — Not only are you making the project secure, ensuring investors of a haven for their money, but also contributing in making the Blockchain ecosystem to be invincible. Some of the top Smart Contract Auditors, based on the analysis of audit reports published on their respective blogs - Zeppelin Solutions Hosho Quill Audits Decenter Quantstamp References — https://blog.zeppelin.solutions/on-the-parity-wallet-multisig-hack-405a8c12e8f7 https://medium.com/quillhash/quillaudits-smart-contracts-audit-check-list-d65a305ec1a3 https://medium.com/swlh/the-story-of-the-dao-its-history-and-consequences-71e6a8a551ee https://callisto.network/blog/post/why-do-we-need-smart-contract-auditing/ _Read writing about Security in Hacker Noon. how hackers start their afternoons._hackernoon.com Security - Hacker Noon Let’s discuss more on Blockchain Security, ping me on my telegram handle — @parth_agarwal !
