Cryptronics Diligence

Process and Methodology

Deploying smart contracts on a permanent public blockchain is risky. There are plenty of examples of incidents in which funds have been stolen or permanently locked, because of programming errors, unexpected user behavior or oddities of the underlying blockchain protocol implementation.

For some prominent examples and common vulnerabilities read our recent article on Ethereum smart contract security. We offer detailed audits of smart contracts for a number of platforms, including Ethereum. If you are planning an ICO, an ERC-20 token, a non-fungible token representing your assets or any other smart contract-based application, contact us for a competitive quotation.

Our workflow is as follows: After understanding the intended functioning of the contract, we start by using static code analytics tools. We then proceed to manually scan the contract for certain types of vulnerabilities. Depending on the complexity and type of contract, we then deploy the contract on a test blockchain and either perform a series of manual tests or generate and execute specific unit tests. Finally, we prepare a report with issues in three levels of severity and a section on general recommendations.

The following is an example audit report shared with the client’s permission: 20180601_Audit_Report_CryptoFights

Portfolio

We have performed audits for various projects, including tokens based on ERC20, ERC223 and ERC721 specifications.

Full Stack Security Auditing

Blockchain systems do not stop at the smart contract level. Other issues to consider are:

  • Key generation
  • Key storage
  • Wallet security,
  • Regulatory compliance and data protection
  • Traditional Web cybersecurity

To this end, we offer full stack auditing and consulting services including pentesting and code reviews.