Enterprises using blockchain applications should expect constant changes in the security landscape. New bugs, security risks, and best practices will continue to emerge over time. The cost of failure is too high to limit defensive efforts to known vulnerabilities alone.
How we can help
Our expert staff brings decades of security knowledge to the field of smart contracts, participates actively in the Enterprise Ethereum Alliance, and keeps informed about the latest developments in Ethereum security.
We have invested in building the best available tools for assessing the security of smart contracts, and the security implications of the Solidity language, its compiler, and the Ethereum Virtual Machine (EVM). We dig deeper into the construction of smart contracts than any other team because our engagements take unique advantage of:
- Manticore, a symbolic emulator capable of simulating complex multi-contract and multi-transaction attacks against EVM bytecode.
- Ethersplay, a graphical EVM disassembler capable of method recovery, dynamic jump computation, source code matching, and binary diffing.
- Slither, a set of proprietary static analyses based on the Solidity AST that detect common mistakes such as bugs in reentrancy, constructors, method access, and more.
- Echidna, a property-based tester of EVM bytecode with integrated shrinking that rapidly finds bugs in a manner similar to fuzzing.
Applied in combination with our unique expertise with static analysis, fuzzing and concolic testing, we will identify design-level risks and implementation vulnerabilities, provide recommendations on best practices, and educate your team on common and novel security flaws and testing techniques.
What you’ll receive
Deliverables will be custom to your situation, and include:
- List of discovered flaws with detailed explanations
- Attack and exploit scenarios that provide context for the vulnerabilities
- Recommended short- and long-term mitigation steps
- Testing artifacts, like pyethereum test cases and Manticore analyses
Contact us with your blockchain security needs.