Exclusive: Express Audit Case Study
How we approach the need for accessible and rapid security audits.
Foreword
ChainSecurity’s mission is to fundamentally advance security within the Blockchain space and thereby set the basis for the path towards a broad mainstream adoption. Our internally developed tools paired with the security expertise within the team, our experience — which is based on a multitude of audits and analyses and a clearly streamlined and outlined process — enable us to set the standards we’re known for.
We are publishing certain audit results in agreement with our partners and clients to provide some insights to how we achieve this and to demonstrate where security vulnerabilities still pop up.
In this example we’re publishing the VU token Express Audit for you to give you a better idea of what the actual results of our audits look like.
About VU Token
VU is a next generation game in Virtual Reality. Consider it VUs version of the holodeck: Driving experiences that inspire and excite. It’s a dynamic, artificial intelligence-driven world, powered by exciting storylines without end.
VU is a parallel universe where players can explore, experience, create & share, together.
The Express Audit
Our Express Audit is a security analysis by the ChainSecurity audit platform within a 24h time frame. This audit format gives any type of Ethereum projects, including ICOs, the possibility to outline any sort of security bugs on a fair budget.
Here’s a quick rundown of the issues we consider and check for in this type of audit
- Some contracts do not have proper functionality to handle the ether they receive
- Insecure coding (such as the possibility of unprivileged writes to the contract’s storage)
- Use of unsafe inputs (e.g. reflection or hashing)
- Reentrant method calls (and gas-dependent reentrancy attacks generally)
- Manipulation of ether flows via transaction reordering
The Executive Summary of this Audit
See what we discovered and learn about critical issues we found in the full report. The VU team followed our recommendations immediately and released the fixes in the latest version of their code.
