A smart contract is a type of computerized transaction protocol that, when specific criteria are satisfied, automatically carries out the terms of a contract. Stored within a blockchain such as Ethereum, smart contracts allow the contract to be executed without the need for intermediaries or human intervention.
Security flaws throughout the history of unaudited Smart Contracts
As we can read in the following CCN-CERT document, the market capitalization of the Ethereum network alone is more than 11 billion US dollars, so BSC blockchain networks and decentralized application systems, in which Smart Contracts are found, they are a very sweet target for criminal mafias who want their loot.
Examples of projects attacked by cybercriminals:
The DAO hack:
Initiative created by members of the Ethereum community
His motive was to provide a platform for financing startups without intermediaries.
Listed up to 250 million dollars
It was attacked taking advantage of a programming error in Smart Contracts
Impact:
Cost of the attack of 55 million dollars
Hard Fork to solve the loss of capital by investors
Investors lost confidence
Crypto Legions Bloodstone:
Game based on NFT tokens
Game logic resident in Smart Contracts
Security flaw in the Smart Contract logic (false randomness) caused cybercriminals to take advantage of the flaw to extract all the liquidity from the game
Impact:
Theft of market capitalization
Loss of player confidence
Loss of player investment
What is the audit of Smart Contracts?
The audit of Smart Contracts of the compatible Ethereum Virtual Machine (EVM) blockchain networks (Ethereum, BSC and POLYGON among others) consists of analyzing a smart contract at the code and dynamic level. That is, the auditor will first analyze the operation flow of the contracts exposed by the developer and, later, will carry out an analysis of the code to review possible failures that may occur in its use within the blockchain. Once possible vulnerabilities have been identified, the auditor will integrate these contracts into a private testnet with Ganache, Truffle and Remix, which will allow the auditor to analyze the dynamic behaviors of the contracts,
What type of Smart Contract do we audit?
We audit Smart Contracts based on EVM-type blockchains programmed in Solidity language, and these can be of the following types:
NFT tokens (ERC 721, 1155)
Fungible Tokens (ERC 20)
oracles
dApps logic Smart Contracts (games, generics, etc)
SAST software for assisted code analysis.
For code analysis (SAST) the auditor relies on tools supported by the Ethereum community.
Examples of vulnerabilities that we can identify
Reentrancy vulnerabilities
Integer arithmetic errors
Gas Limit Vulnerabilities
Lack of essential checks (parameters and/or transactions)
Front running
ETH send rejection
Integer Overflow
Logic bugs
