Unleashing the Power of OrCa: A Workshop by Veridise and Secureum
This May we invited a group of hand-picked external users to interact with the cutting-edge tools developed by our team at Veridise. We were thrilled to host this workshop, and now we’re here to tell you how it went.
Security as a service
Veridise is not “just” a blockchain auditing company: We also build tools that help automate the auditing process by detecting bugs and vulnerabilities in Web3 projects. Our ultimate goal is not only to use these tools internally but also to develop a Security-as-a-Service platform that can be used by developers to secure their projects at each development stage. As we are getting ready to launch this platform to the general public, we figured now is a great time to get feedback from real users. So, we invited them to try out our tools and give us an honest opinion on how we did so far.
A fruitful collaboration
To this end, we teamed up with Secureum — an organization that aims to educate the community about Web3 security through events, workshops, and RACEs for participants to learn, develop skills and even join competitions. We organized two events: RACE #16 of the Secureum Bootcamp Epoch, and the OrCa Workshop.
RACE #16 started with a quiz on the ERC-3156 Flash Loan standard. Hundreds of Web3 security enthusiasts took part in that event, and we were thrilled to meet so many talented people! The the top 16 performers in the RACE were then invited to participate in our workshop about OrCa, Veridise’s smart contract fuzzing framework.
By the way, if you want to put your own skill set to our test, you can do that — here’s the RACE #16 quiz.
The OrCa Workshop
Our workshop was designed as a series of challenges and tasks where participants were asked to use one of our automated security analysis tools, namely OrCa, to uncover vulnerabilities in blockchain projects. The participants explored the unique features of OrCa through the interface of Veridise’s Security-as-a-Service platform which allowed them to find bugs with the push of a button.
As explained in one of our previous blog posts, OrCa is specification-guided fuzzing tool for finding bugs in smart contracts. To use OrCa, one starts with a high-level description of their contract written in our in-house specification language called [V] (see this blog post to learn more!). Then, one can use OrCa to generate inputs that violate the specification!
Hence, the workshop started with an introduction to [V], where participants got their first hands-on experience in writing [V] specs for smart contracts that implement ERC-20 and ERC-721 standards. We also introduced participants to the pre-existing OrCa specification libraries for the most common ERC standards (e.g., ERC-20, ERC-721, ERC-3156, etc.). With this specification library, devs are able to quickly scroll through the list of specifications, select one that fits their needs and let OrCa run against it. Having a set of specifications to choose from is a great feature of our platform, as it makes developers’ work much easier.
After covering [V] specifications and the basics of running OrCa, the workshop then focused on more advanced OrCa features such as how to provide deployment instructions and additional background knowledge (“hints”). As blockchain projects sometimes involve complex interactions between their contracts or require these contracts to be deployed in a specific way and order, it is important to tell OrCa how these contracts are meant to interact with each other in order for OrCa to do its job well!
One of the fun exercises of the workshop was to use OrCa to automatically find reentrancy attacks. Yes, you read well! OrCa is one of the first smart contract fuzzers that can detect reentrancy attacks! No wonder it was one of the most exciting tasks to work on — based on user opinions!
Towards the end of the workshop, participants had the chance to put themselves in the shoes of an auditor. So, the fifth and last day of the workshop was all about creating a mock audit report using OrCa. As we actively use OrCa during our audits, this was the perfect task to showcase OrCa’s capabilities and unique features!
Feedback and insights
Enough of us talking about OrCa. Let’s see what our participants had to say after the workshop!
We are grateful to get such amazing feedback as it keeps us on our way to revolutionizing Web3 security!
With hard work come great rewards
As we previously mentioned, we organized the workshop as a series of challenges. Check out the list of the 6 top performers of the OrCa workshop!
We take this opportunity to thank all the participants for their involvement and hard work! We enjoyed collaborating with all participants and we admire their Web3 security skillset!
Conclusion
At Veridise, we experienced an exciting milestone that brought us closer to our mission of enhancing blockchain security and making it accessible to developers. Many thanks to Secureum for such a fruitful collaboration!
Would you like to try OrCa yourself? Get in touch with us and get early access to the platform:
