Blockchain Code Audits Aim to Thwart Security Vulnerabilities
New York-based technology company, Jibrel Network, recently announced that it has signed on with security auditing firm New Alchemy to conduct a full in-depth security audit and code review of its platform.
The announcement comes just weeks after a potentially critical vulnerability left $200 million worth of Augur tokens at risk. This intrusion was on the heels of a $32 million hack on the Parity Wallet in July.
The Jibrel Network, which allows anyone to tokenize traditional real-world assets, recognized its potential vulnerability to a similar attack. Yazan Barghuthi, Project Lead at Jibrel Network expects more technology companies to follow suit in proactively addressing these issues. Says Barghuthi:
“Most organizations don’t spend pre-emptively on preventing attacks; they typically wait until a breach occurs before investigating a fix. But given the technology is in its infancy, security must be a priority, which means engaging independent code reviewers.”
New Alchemy, the security audit and tokenization advisory firm founded by Peter Vessenes, founder of the Bitcoin Foundation and the expert who broke down the DAO exploit, excels in carrying out third-party audits of code functionality and security, giving detailed feedback on efficiencies, threats, testing results, and recommended action.
When asked about the DAO exploit and how it informs what we know about token vulnerabilities today, Vessenes had this to say:
“The market is very different than a year ago. At that time, the concerns were largely with smart contract vulnerabilities. Today customers understand that these sorts of security assessments are required in large part because attackers have moved on to more sophisticated attack vectors, like compromising emails and social media accounts to redirect interested token purchasers.”
He goes on to note that this arms race will continue as long as people are doing tokenizations, and recommends to clients that they undergo thorough internal security assessments in addition to smart contract audits.
Vessenes says software code audits are a requirement in many industries and thus believes that smart contract code reviews should also be mandatory, “Vulnerabilities are frequently discovered long after a smart contract is implemented. This is particularly important because these contracts are handling serious money.”
“The alarming number of vulnerabilities that have been exposed in recent months have demonstrated the absolute need for heightened security. Performing smart contract audits is a significant part of a complete security plan. Jibrel’s doing the right thing with their proactive approach to undertake compiler and code audits.”
The DAO hack of 2016 has understandably resulted in companies, financial institutions, and regulators becoming increasingly diligent about smart contracts to avoid similar mishaps in the future.
Concludes Vessenes: “These audits are already mission critical! They protect billions of dollars of value globally right now. Luckily for token buyers, smart contract publishers have been taking this side of the business extremely seriously since The DAO, and I expect that to continue in the future.”