“The main idea behind blockchain Technology is to provide security and redundancy through consensus to the applications in which it hosts. For example, if a blockchain is hosting a banking application and a node is hit with a DDoS, all other nodes would keep the application running.”
If a node is hacked and an attacker tries to falsify the blockchain to show the attacker has more money in their account, it would not work as there would not be consensus. Security testing a blockchain starts with the nodes that run the blockchain and can be broken down to each individual part that provides the overall solution. Each function has its own role to play in the solution and needs to be tested to provide a secure implementation.
New York-based technology company,Jibrel Network, recently announced that it has signed on with security auditing firm New Alchemy to conduct a full in-depth security audit and code review of its platform.The announcement comes just weeks after a potentially critical vulnerability left $200 million worth of Augur tokens at risk. This intrusion was on the heels of a $32 million hack on the Parity Wallet in July.
The Jibrel Network, which allows anyone to tokenize traditional real-world assets, recognized its potential vulnerability to a similar attack. Yazan Barghuthi, Project Lead at Jibrel Network expects more technology companies to follow suit in proactively addressing these issues. Says Barghuthi:
“Most organizations don’t spend pre-emptively on preventing attacks; they typically wait until a breach occurs before investigating a fix. But given the technology is in its infancy, security must be a priority, which means engaging independent code reviewers.”
When asked about the DAO exploit and how it informs what we know about token vulnerabilities today, Vessenes had this to say:
“The market is very different than a year ago. At that time, the concerns were largely with smart contract vulnerabilities. Today customers understand that these sorts of security assessments are required in large part because attackers have moved on to more sophisticated attack vectors, like compromising emails and social media accounts to redirect interested token purchasers.”
He goes on to note that this arms race will continue as long as people are doing tokenizations, and recommends to clients that they undergo thorough internal security assessments in addition to smart contract audits. Vessenes says software code audits are a requirement in many industries and thus believes that smart contract code reviews should also be mandatory,
“Vulnerabilities are frequently discovered long after a smart contract is implemented. This is particularly important because these contracts are handling serious money.”
“The alarming number of vulnerabilities that have been exposed in recent months have demonstrated the absolute need for heightened security. Performing smart contract audits is a significant part of a complete security plan. Jibrel’s doing the right thing with their proactive approach to undertake compiler and code audits.”
The DAO hack of 2016 has understandably resulted in companies, financial institutions, and regulators becoming increasingly diligent about smart contracts to avoid similar mishaps in the future.
Concludes Vessenes: “These audits are already mission critical! They protect billions of dollars of value globally right now. Luckily for token buyers, smart contract publishers have been taking this side of the business extremely seriously since The DAO, and I expect that to continue in the future.”