SlowMist Team Wins the aelf Public Testnet Code Audit Bounty Program

ælf
aelf
Published in
3 min readNov 24, 2020

On October 16, aelf enterprise 1.0.0 RC 1 was officially released as a pre-launch Code Audit version of the mainnet, designed to pave the way for the launch of the mainnet. aelf believes that a high-quality project must pay attention to product security, and put network security as the highest priority. This is also the main reason why the aelf team insists on completing the code audit before launching the product.

On October 22, the Code Audit Bounty Program for the aelf public testnet was officially launched to ensure code security. The Code Audit Bounty Program has attracted many developers, technicians and security teams. The security audit team of SlowMist Technology conducted a complete security test which is closest to the real attack. The SlowMist team is the first to submit a complete audit report that meets all the audit requirements. After careful evaluation by aelf tech team, the SlowMist team won the first prize (approximately $30,000) for the code audit bounty.

SlowMist Technology is a Chinese high-tech enterprise focusing on the security of the blockchain ecosystem. It serves many global well-known projects through providing integrated security solutions from threat discovery to threat defense. The SlowMist team has worked with nearly 1,000 companies and is widely recognized by the industry.

The SlowMist team adopted three audit methods: black box, white box and gray box

  • Black Box: conduct security test as attackers. In black-box testing, a tester doesn’t have any information about the internal working of the software system.
  • Gray Box: conduct security test on code module through script tool, observe internal running state and find weaknesses;
  • White Box: based on open-source and non open-source code, vulnerability spotting is carried out on nodes, SDK and other programs.

In the black-box and gray-box testing, fuzz testing and script testing are used to test the robustness of the interface or the components’ stability by feeding random data or constructing the data with specific structure. It is also used to mine the abnormal performance of the system under some boundary conditions, such as bug or performance exception. In the white box test, through code review and other methods, combined with the relevant experience accumulated by the security team on known blockchain security vulnerabilities, the object definition and logic implementation of the code are analyzed to ensure that there are no known vulnerabilities in the implementation of key logic and key components in the codes. At the same time, for new scenarios and new technology, the team entered the vulnerability mining mode and discovered the 0day error which may exist.

Combined with the audit method, the audit team conducted a comprehensive test and analysis on the aelf public testnet from P2P security, RPC security, encrypted signature security, account and transaction model security. After a thorough security audit process, the aelf public testnet meets the security audit standards in DeFi logic, RPC, encrypted signature, account and transaction model, incentive mechanism, static code, etc. The problems found in the audit have all been corrected.

For the blockchain industry, it is critical to ensure system security. Security audit carries important information which is closely related to security and income. As an open-source project, aelf has always kept network security as its top priority. The successful conclusion of the Code Audit Bounty Program with the SlowMist team as the winner undoubtedly provided a reliable security guarantee for the launch of the aelf mainnet. It also provides users with a safe and reliable blockchain infrastructure. With security audits, mainstream exchanges will be more confident in supporting aelf token swap in the future.

Click this link to get the full audit report: https://aelf.io/gridcn/aelf_Security_Audit_Report_en.pdf

— Join the Community:

· Get on our Telegram Discord Slack and Kakao channel

· Follow us on Twitter Reddit and Facebook

· Read weekly articles on the aelf blog

· Catch up with the develop progress on Github

· Telegram community in 한국, 日本 語, русский, العربية, Deutsch, Italiano and Tiếng Việt

· Instagram: aelfblockchain

· YouTube Channel: aelf

For more information, visit aelf.io

--

--

ælf
aelf
Editor for

ælf, the next breakthrough in Blockchain.