RIDE security audit service

We offer service of RIDE smart-contract security audit.
We will make you sure that your project will not remain a security holes.

Persons

Ilya “buggzy” Teterin. Expert in information security since 2001, mostly “white-hat”
Artem “bodrych” Badrtdinov. Graduated information security specialist.

Case: Neutrino stablecoin

What is Neutrino stablecoin: algorithmic stablecoin project backed by WAVES founder Sasha Ivanov
Description: Attacker can predict exchange rate of stablecoin and get extremely large profit from trading
Threat: Balance of smart-contract will smoothly flow to attacker
Limitation: no
Type of attack: weak architecture solution
Proof in blockchain:
https://wavesexplorer.com/address/3P6bXu74Bf3dF4B19Y15i4rfB9BngzLFeu9/tx

Case: WAVESBET

What is WAVESBET: blockchain gambling software backed by John McAfee
Description: Attacker can create specific transaction to get 100% change of winning his bet.
Threat: Withdraw all tokens from contract by one action.
Limitation: Attacker must be mining node owner.
Type of attack: manipulation of random number generator in blockchain.

Case: Ventuary DAO

What is Ventuary DAO: crowdfunding platform backed by WAVES LABS incubator
Description: Attacker can arbitrarily multiply his account value then withdraw all tokens from contract.
Threat: Withdraw all tokens from contract by several transactions.
Limitation: Attacker should have an account with successful crowdfunding campaign
Type of attack: double spend
Proof in blockchain (triple spend, actually unlimited):
https://wavesexplorer.com/tx/AR8sqidQLukEtM9dhBMRMMZ2MjgGPtSB3Vr7jMGUnB81
https://wavesexplorer.com/tx/FY8xyob8aDZobcLo4yGRKad3uhE28wj36DH4Q2aeeTEE
https://wavesexplorer.com/tx/4xa7ViuEouVQ5JnL7ZE6gSQyNghVatSUVQPnJVRNn68K

Contacts

Telegram: @buggzy2 @bodrych

2 Likes

Nice showcase.

Did you write some tools for the audit? It looks like it’s done totally with bare hands.

How much, how long and what guarantees?

Automation was not used except the trading bot for Neutrino.

This will not be a public offer with public price. Individual conditions for each project. This will be sort of bug bounty, the customer will pay full amount only for detected issues.

It is a very interesting offer: full price for issues only.

Are you planning on presenting your results here? Just like the first three.