We offer service of RIDE smart-contract security audit.
We will make you sure that your project will not remain a security holes.
Ilya “buggzy” Teterin. Expert in information security since 2001, mostly “white-hat”
Artem “bodrych” Badrtdinov. Graduated information security specialist.
Case: Neutrino stablecoin
What is Neutrino stablecoin: algorithmic stablecoin project backed by WAVES founder Sasha Ivanov
Description: Attacker can predict exchange rate of stablecoin and get extremely large profit from trading
Threat: Balance of smart-contract will smoothly flow to attacker
Type of attack: weak architecture solution
Proof in blockchain:
What is WAVESBET: blockchain gambling software backed by John McAfee
Description: Attacker can create specific transaction to get 100% change of winning his bet.
Threat: Withdraw all tokens from contract by one action.
Limitation: Attacker must be mining node owner.
Type of attack: manipulation of random number generator in blockchain.
Case: Ventuary DAO
What is Ventuary DAO: crowdfunding platform backed by WAVES LABS incubator
Description: Attacker can arbitrarily multiply his account value then withdraw all tokens from contract.
Threat: Withdraw all tokens from contract by several transactions.
Limitation: Attacker should have an account with successful crowdfunding campaign
Type of attack: double spend
Proof in blockchain (triple spend, actually unlimited):
Telegram: @buggzy2 @bodrych