Hacken Audits the Waterfall Network for Security and Performance

As a trusted blockchain security auditor, Hacken’s mission is to make Web3 a safer and more ethical environment for entities who want to avoid scams, hacks and manipulations from nefarious actors. The new Web3 is geared to respecting the community, being honest with investors and partners, behaving responsibly, and adding value to the blockchain space. When it comes to meeting Web3 standards, the Waterfall Project fits the bill.

During a recent AMA session, the Waterfall team chatted with Hacken auditor Nino Lipartia, who shared her experience in auditing the Waterfall Network. Learn what she has to say about Waterfall, and how it stacks up against other Layer 1 Protocols in terms of security and performance.

Waterfall’s BlockDAG Architecture Sets it Apart from Other Layer 1 Protocols

Perhaps the most outstanding feature of the Waterfall Network is its unique DAG architecture, paired with fast-finality Proof-of-Stake (PoS) consensus, where directed acyclic graph technology enables the simultaneous production and finalization of multiple blocks. The Waterfall audit presented a new challenge for the Hacken team due to its unique architecture and innovative approach.

To quote Nino: “The Waterfall project itself is very interesting and really provides new ideas which we do not often see in the sphere. We had to do some research to understand how blockDAG blocks are finalized in Waterfall’s implementation. With Waterfall, we actually have two types of finalization — optimistic and final consensus — so you have to check both in terms of logic and implementation, and also how the Distributed Ledger itself gets transferred or modified to create a Blockchain that is both reliable and safe. In general, we didn’t find many issues with the blockDAG implementation, and the core implementation is pretty secure from our side.”

While the auditors found a few minor issues in terms of some small logical inconsistencies and redundancies, most of them were quickly and easily fixed, leaving the Hacken team with a positive overall impression of Waterfall’s performance capacity.

Waterfall Gets High Marks for Security

Unlike traditional blockchains whose block production is linear and therefore time-intensive, Waterfall is able to execute upwards of 10,000 transactions per second (tps), a rate that rivals and surpasses the transaction speeds of some of the world’s most in-demand financial platforms like VISA and MasterCard. For those platforms to operate securely and efficiently, decentralization takes a back seat to transaction speed.

By contrast, Waterfall is both highly decentralized and secure, with the potential to outperform existing financial platforms in terms of transactions per second. Unlike traditional blockchains, Waterfall solves the trilemma posed by Ethereum’s Buterin — the tradeoff between decentralization and scale, since blockchain security is non-negotiable.

When conducting the security audit, the Hacken team faced the challenge of checking the logic of Waterfall’s optimistic and final consensus. Auditors first needed to understand how finality is implemented, and also how the Distributed Ledger itself is modified during execution.

Common blockchain security issues include:

• Factors related to cryptography, and management of private keys and signatures
• Logical issues specific to the project regarding consistency and interpretation
• Issues related to block formation
• Validation of signatures in various parts of the code
• Data synchronization among multiple nodes
• Poorly constructed and defined finality, increasing the risk of double-spending or other attacks
• Language-related issues
• Other issues that disrupt or delay block formation

The Hacken team found Waterfall to be difficult to hack, with effective safeguards against any kind of double-spending.

Auditors Warn About Potential Future Vulnerabilities

Hacken’s auditors emphasized the importance of ongoing supervision and maintenance on the part of Waterfall’s developers as a hedge against future vulnerabilities. It was noted that the most common vulnerabilities are often the easiest to detect and fix via a routine security analysis. Frequently checking for issues, keeping the code and libraries up-to-date, and continually monitoring the system’s performance are crucial steps for ensuring a secure and reliable network.

Hacken Auditors Impressed by Waterfall

All-on-all, the Hacken team found the Waterfall Project to be challenging, interesting and innovative. They found the blockDAG architecture to be well-managed, with only minor issues that were quickly fixed. Hacken pronounced the audit itself to be quite successful, declaring that working with the Waterfall team to improve the network’s security and ecosystem was a great experience for the auditors.

**Please note that the Waterfall AMA session with Hacken is no longer available, due to technical issues.