2018 Shanghai International Blockchain Week
— Let’s Start Your Journey toward Smart Contract Security & VaaS with Pro. Yang Xia
On 4th, Sep, 2018 Shanghai International Blockchain Week: Tech Open Day, sponsored by Wanxiang Blockchain LBS, is held in Shanghai W Hotel Worldwide, which serves the purpose of profoundly discussing application technology and the root causes of blockchain. This forum has got together founders, technical influencers and qualified developers from mainstreaming technology platforms worldwide to introduce the latest developments in blockchain sector and explore possible approaches to the technical difficulties.
Meanwhile, with the purpose of presenting the importance of smart contract security and corresponding preventive measures, Yang Xia, the founder&CEO of Chengdu LianAn Technology and the associate professor of UESTC, delivered a speech on the subject of smart contract security and formal verification platform VaaS.
▲Pro. Yang was addressing
Firstly, Pro Yang introduced briefly Chengdu LianAn Technology, a blockchain company obtained equity investment from renowned institutional investors such as Fenbushi Capital. Its core team members consist of more than 30 associate professors, doctors and post-doctor fellows with experience of studying at overseas leading universities and laboratories (CSDS, Yale, and UCLA). Since May, 2018, Chengdu LianAn Technology has signed strategic partnership agreements with over 10 well-known corporations such as Huobi, OKEX, Kucoin, and listed on the “2018 China Blockchain Industry White Paper” issued by the Ministry of Industry and Information Technology. The company has also won OKEx’s “Best Security Audit Partnership”award.
▲ Pro. Yang was introducing Chengdu LianAn Technology.
Then Pro. Yang reviewed some issues concerning smart contract security that caused a stir from 2016 to 2018:
l In Jun, 2016, the hacker exploited a bug in the code of the DAO and stolen around $50 million worth of ether.
l In Jul, 2017, twice incidents of Parity Multi-sig Wallets Hack allowed a theft of over $31 million and $152 million of token.
l In Apr, 2018, That the market value of over billions RMB was evaporated was reported due to the security vulnerability of BEC, EDU and BAI.
Nowadays, the security vulnerability of Ethereum contracts that have been attacked mainly include Race Condition Vulnerability-Reentrancy and Transaction-Ordering Dependence, DOS, Logical Error Checking, Return Value Checking, Call&Delegatecall, Invalid Token Authorization, Contract Authority, Tx.origin, Floating Points and Precision, False top-up.
▲Pro. Yang was analyzing the vulnerability
How can we answer to the increasing issues concerning smart contract security? According to Yang, most companies specializing in security auditing have implemented security auditing through the following methods: formal verification, manual reproduction of vulnerability, manual auditing, dynamic analysis tools, static analysis tools, compile error and warn. But theoretically, formal verification can find all known and un-known security vulnerabilities. Compared with the above methods in practice, it is superior in integrating automated verification with manual review.
▲Pro. Yang was elaborating formal verification
VaaS, researched by Chengdu LianAn, is the first formal verification supporting EOS and Ethereum around the world.
VaaS is characterized with high-efficiency verification, high degree of automation, little human involvement, easy operation, contract programming languages, and supports the underlying platform of high-capacity blockchain. By “one-button” formal verification function, it can precisely identify the location and causes of risky codes, effectively verify the regular security vulnerabilities, security attributes, the function correctness of smart contracts and blockchain application. In this way, VaaS not only prevents code from being attacked by security vulnerabilities, but ensure the correctness of contract function.
▲Pro.Yang is demonstrating VaaS platform
The function of VaaS has attracted the attention of all the delegates at present. Pro. Yang confidentially elaborated on the system framework of VaaS platform and primary competitive advantages, highlighted by the following three aspects:
Firstly, Chengdu LianAn only serves smart contract security.
Secondly, technical advantages. The formal verification we have strictly adopted provides the more comprehensive security auditing for smart contracts.
Thirdly, Chengdu LianAn scored a first by researching and developing automated security verification for smart contract VaaS. Compared with the complete manual auditing, our method integrating the automated tool VaaS and manual review is more safe and efficient in the process of auditing smart contracts.
Chengdu LianAn will release the automated security verification for smart contract VaaS_2.0, providing a more comprehensive formal verification from source code to bytecode. The speech and product planning in the future from Pro. Yang won the warm applause.
▲Pro.Yang is illustrating the system structure of the platform
In addition, it is worth noting that most of guests and attendees at present are attracted by the technological fruits achieved by our company, the demonstration of VaaS platform and on-site testing at no charge. What’s more, Vitalik Buterin, the founder of Ethereum whom we always call as V-god, also visited the booth of Chengdu LianAn Technology. Leaning the function and advantages of VaaS platform from our stuffs, he was quite satisfied and gave us a thumbs-up sign！
▲Vitalik Buterin is reading more about VaaS
During this summit, Pro. Yang repeatedly stressed that as an emerging technology, blockchain security needs time. When looking at the vulnerabilities of blockchain technology, one should take the sensible opinions. What the best way to avoid security issue is to increase the developers’ safety awareness, audit smart contract secuirty comprehensively before deployment.
About Chengdu LianAn Technology
Chengdu LianAn Technology Co. Ltd. is headquartered in Chengdu and focuses on blockchain security field. Founded by Prof. Xia Yang and Prof. Wensheng Guo of UESTC, LianAn Tech’s core team members consist of more than 30 associate professors, postdoctoral students, doctors and masters with experience of studying at overseas leading universities and laboratories (CSDS, Yale, and UCLA) as well as industry elite from Alibaba Huawei, and other famous enterprises. Using formal verification as its core technology, this team has been providing years of services for security critical systems in aerospace, military and other fields. Chengdu LianAn Technology Co. Ltd. is the one and only company in China that applies this technology to blockchain security field.
As the only blockchain security company obtained strategic equity investment from Fenbushi Capital, Chengdu LianAn Technology has signed strategic partnership agreements with well-known corporations such as Huobi, OKEX, LBank, CoinBene, Kucoin, CoinMex, Becent, JBEX, ONT, Scry, CareerOn, loTeX, DALICHAIN, Bytom, Bubi Blockchain, YUNPHANT, and BiXiaoBai. In addition, it has built partnership with Inria France, the top formal verification team in the world. LianAn Technology is on the “2018 China Blockchain Industry White Paper” issued by the Ministry of Industry and Information Technology and has also been selected for the smart contract security audit recommendation list on Etherscan.
Telegram Chinese Group：https://t.me/joinchat/IRgNDA4iCF0Rs92sg5qoVg
Telegram English group： https://t.me/joinchat/IRgNDBBpCon-695ATmbA4w