The importance of high-level security for companies using smart contracts and blockchain

Ivan Nedeljkovic
5 min readJun 20, 2019

Smart contracts, powered by blockchain tech such as Ethereum, have already been transforming entire industries. However, their immutable nature and automatic execution place security as a number one priority. This was made clear a year after Ethereum was released by a hack of The DAO, the most noticeable hacking event.

The DAO is a decentralized autonomous organization integrated through smart contracts which designed an investor-directed venture capital fund. In June 2016, a hacker misused liability in the DAO’s smart contracts to siphon off a third of its funds — more than $50 million USD at the time. The DAO hack affected a large amount of people in the Ethereum community and led to a mounting comprehension of the importance of smart contract security.

Smart contract development is significantly diverse from traditional software development. Rather than working with a database under your own control, decentralized applications (DApps) deployed on the blockchain are immutable, visible to everyone with access to the blockchain network, usually have non-custodial payment framework, and present an immense attack exterior. Even the tiniest faults in the contract code can effect in catastrophes. It’s clear that security is of the utmost priority when developing and deploying smart contracts. To achieve security assurances, it’s essential to implement regular audits in course of projects life-cycle both after and pre-launch.

Patching the Achilles Heel

A smart contract audit is defined as a systematic assessment of an individual smart contract to help ensure that the code cannot deviate from the set norm in any way and cannot be misused by an attacker. This means eyeing not only for common liabilities such as integer overflow and memory mishandling, but also more intricate vulnerabilities usually encountered in systems software design, such as race conditions are highly important. Other than software susceptibilities, smart contract audits must also investigate game theoretical security, avoiding misalignment of incentives which could allow an actor to gain an unfair economic advantage even though they’re technically following the contract logic.

Audits by design and as a part of the quality assurance process are not a new notion, however the prospective blockchain structure has somewhat little know-how in evaluating the security of these types of distributed, highly adversarial systems. Security specialists in the blockchain universe often learn about the best security measures ad-hoc, either as an excruciating lesson after a malicious attack takes place, or from benevolent white-hat hackers who bring out vulnerabilities they discover.

Due to the complexity of performing thorough smart contract audits, most audits are done by security specialists. These specialists manually analyze smart contracts for any bugs, issues, or other unexpected behavior. Given the depth of examination required for even a single project, these manual audits are often difficult to scale.

ChainSecurity fall into this category. Through agile and robust smart contracts assessment processes they:

- detect key requirements

- assess the identified specifications behavior in all scenarios

- fix any code loopholes

- certify that the contracts are eligible for further use

After years of manual audits and many demoralizing hacks, researchers started to see common arrays to smart contract weaknesses. To hasten and secure the audit process, they began to create automated tools to assist manual auditors. These tools automate the detection of distinguished liabilities, giving human auditors the opportunity to focus on more complex security issues. Manual inspection is still necessary to help detect and eliminate false positive or negatives, and correctly interpret the findings of these automated tools.

One of such an example is Valid Network BSP which is blending Blockchain transactions with traditional enterprise systems and generates full transparency to achieve true trust internal and federated between organizations. The BSP technology stack is a mix of advanced algorithms from machine learning, data mining and distributed systems that exposes a visual stream of insights for Internal Auditors, Risk, Financial and security officers. Valid Network BSP is designed exclusively for blockchain applications and provides an end-to-end dApps (Decentralized applications) security solution, which is tightly integrated into your organization CI/CD process.

A whopping $8 million is hijacked from crypto wallets on a day to day basis. From DAO to GDAX and Mt. Exchange to Zaif, even the finest of exchanges can’t shield themselves from being hacked. As of June last year, $1.1 billion had already been stolen in cryptocurrencies in 2018. The number keeps piling up in 2019 as well. Because most people continue to rely on a 30-year-old anti-virus technology to combat threats to their devices, security is falling short. Every four seconds, hackers release a new string of malware, and by the time an antidote is created, another malware has been generated to take its place.

What we need instead is a proactive solution that protects devices inside out with features such as keystroke encryption, anti-clickjacking capability, anti-screen capture and strong password protection.

Only then can we remain a step ahead of the exploiters who are constantly devising newer, more sophisticated ways to attack wallets and exchanges by gaining access to our devices.

The security leader in this sector — Segasec has developed proprietary platform custom-built for scanning, monitoring, managing and ultimately mitigating active threats. Driven by patent pending technology, and using powerful machine learning technology, quadrillions of highly targeted scans are performed around the clock. Suspicious activities are immediately added to a watch list where they are monitored for progress.

Putting the two and two together into the marketing pattern — CoinPoint

Security and code maintenance have always been a number one priority for all decentralized ecosystems. Due to the complex nature of blockchain consensuses and smart contracts, blockchain-powered businesses have succumbed to hacking attempts on multiple occasions as a result of security mishaps and absence of auditing experts.

Through its lifespan, CoinPoint saw numerous prominent blockchain projects go down the drain simply because their smart contracts weren’t strong enough to sustain the asset extortion. Not only did the business close immediately as a consequence, but their users got inflicted as well, which cause an additional layer of discomfort.

As the title suggests, we know how to put two and two together. Establishing countless of connections in the crypto industry throughout the years by attending conferences, conducting marketing campaigns, or by sheer networking has brought great deal of accountability in our hands. The people are not only turning our way for security guidance and information, but for marketing campaign through affiliation and referral. We would therefore invite all blockchain projects that have the same challenges to turn to us — but also security companies looking for clients so that a beneficial win-win situation can be achieved.

--

--