Fremantle Lighthouse 1887, Julian Rossi Ashton

Today I continue to review “LocalCrypto” (former “LocalEthereum”) by applying “System” (Security- Velocity- Engineering- Transparency) sub-rating.

According to their white paper this platform consists of three layers: the “centralised”, “cryptography” (end‐to‐end encryption) and “blockchain” (escrow smart contracts).

One of the reasons I’ve noted this white paper is that its authors openly pointed out some of their platform’s shortcomings.

Extract: “LocalEthereum is not a completely decentralised system. Instead, it’s a blend of centralised and decentralised components to construct a cocktail of security and usability. … The Centralised layer is mainly used to store and transport encrypted payloads and metadata.”

Trending Cryptocurrency Hub Articles:

1. Blockchain for Dummies in 4 minutes

2. Introduction to Cryptocurrencies: Dogecoin, the Most Bizarre Coin in the Cryptocurrency World

3. Google Enters The Blockchain Sector Through A Partnership

4. Blockchain use case: Trade Finance

Their “centralized component” consists mainly of servers, DBs and, of course, of API. Authors remarked: “(we keep) in mind that centralised systems can be compromised or replaced.” To avoid that “LocalEthereum is designed so that no sensitive information is disclosed to the centralised layer” (f.e. the sender signature is verified each time the front‐end is showing messages).

Authors elaborate: “The primary attack vector we need to consider when managing keys in the browser is the possibility of malicious code being injected into the website.” To prevent this they naturally restrained themselves from using third‐party‐hosted scripts (like Google Analytics or Google Maps) and utilize “all the HTTP and BGP security mechanisms available” (f.e. x509 public key pinning and DNSSEC). Not sure, however, that those standard measures can really interfere with dedicated attackers plans.

Additionally, as this paper goes authors continuously warn their users from violating basic security protocols (like using weak or reused passwords)

However, when authors pointed out that they engage the smart contracts based escrow account to avoid the risk of that “some clients may be scammers”, while users are allowed “to trade directly with each other without any third party”, they neglect to mention that smart contracts themselves present the large attack surface.

Overall, despite of all those major and minor defects, I still think that “LocalCrypto” / “LocalEthereum” can be rated “b” on the “Engineering” scale, because it, basically, designed “to do its job”. As to security, I think that authors have compromised it for usability. Hence, “c+”.

As to “Transparency” I appreciate very much the fact that authors boldly expose protocol’s deficiencies and lack of decentralization. However, I’m not ready yet to issue them a credit of my confidence and rank “c+”. System’s “Velocity” is, simultaneously, enhanced by first layer’s mostly centralized character and slowed downed by its “blockchain” layer (“b”).

Result for “System” (Security- Velocity- Engineering- Transparency): c+/b/b/c+

For detailed blockchain industry reports and projects analytics visit our platform: https://svetrating.com

For more information and community talks on this subject join our Whitepapers analysis Telegram group: https://t.me/joinchat/I5eQ-A6FSC2vXg_PNgFwJw

or my Twitter: https://twitter.com/SvjatoslavSedof

… also if you’re residing somewhere in the South Bay, CA, please, join our meetup group: https://www.meetup.com/South-Bay-Decentralized-Finance/

--

--

--

SVET Rating (svetrating.com) is the Decentralized analytics and DeFi portfolios trading platform for value investors in digital assets.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Recently Unearthed Russian Operation reinforces why public-facing government websites need EV

How to Create and Use an Auth0 Account

How to fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH error?

Pastel Network Partners with onXRP.com

How to hack an Android phone using Kali Linux

Several Ways of Securing Your API Endpoint

Omni — HackTheBox

In Your Mind “Act two”

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SVET Rating

SVET Rating

SVET Rating (svetrating.com) is the Decentralized analytics and DeFi portfolios trading platform for value investors in digital assets.

More from Medium

DAPP v3 changes

[Notice] DUCATO Announcement : 2022 DUCATO Roadmap

Aleo — Real Web 3.0?

A Guide On How to create BEP-777 Smart Contract on Creator Mainnet Successfully