Smart Contract Auditing

Cyber Security for Blockchain Technology

Blockchain Technology is set to revolutionize the way we conduct e-commerce and transactions
    The technology itself is based on core principles of security
  • Confidentiality
  • Integrity
  • Availability
    Blockchain is based on a decentralized ledger system that promotes cyber security through;
  • Consensus (Vote of Confidence)
  • Provenance
  • Immutability
  • Finality
    Bitcoins and Ethereum fundamentally uses Blockchain as the underlying technology.
  • Although security controls within Blockchain is inherited – the attack surface on the Bitcoin, Ethereum crypto-currency network has expanded significantly targeting the blockchain security architecture
    Blockchain as a technology strategy that has an infinite set of use cases and usage models.
  • Different use cases of Blockchain introduces different cyber security threat vectors


Blockchain Technology is set to revolutionize the way we conduct e-commerce and transactions
  • The DAO hack wiped $50m of crypto-currency value of the crowd-funding venture
  • Bitfinex – Hong Kong based crypto-currency exchange cyber theft of $68s
  • Mt. Gox filed for bankruptcy post security breach where 850K Bitcoins were stolen ($450m)
  • List of all publicly known blockchain breaches and root cause;
    • BITFINEX
    • DAO
    • GATECOIN
    • COINKITE
    • MT GOX
    • COINWALLET
    • COINTRADER
    • BITQUICK
    • SHAPESHIFT
    • CRYPTSY
    • BITPAY
    • BITSTAMP
    • ALLCRYPT
    • CRYPTOINE
    • EXCOIN
    • THE LIST GOES ON….


Our Approach

AT DTS we have developed our own methodology on delivering secure-by-design blockchain technology architecture based on a multi-layer security approach as follows which involves various cyber security consulting services in their respective domains;

Blockchain Cyber Security – Defence-in-Depth


What is a Smart Contract?

  • Smart contracts can be thought of as an account without a private key
  • It cannot be governed by a group or individual
  • Solely governed by the code within the contract
  • Smart contracts are immutable

Why audit a smart contract?

  • Immutability
  • Unchanging over time or unable to be changed
  • How to make a change in a smart contract? -> "Make a new smart contract”

Attacks on a smart contract


Practical examples of flaws in SMART CONTRACTS

Example of a vulnerable withdraw balance solidity code (1)

This function gets the user's balance and sets it to the “amountToWithdraw” variable. Then, the function sends the user the amount set in the “amountToWithdraw” variable. If the transaction is successful the “userBalances” is set to 0 because all the funds deposited in the balance are sent to the user


function withdrawBalance() {
     uint amountToWithdraw = userBalances[msg.sender];
     if (msg.sender.call.value(amountToWithdraw)() == false) {
         throw;
     }
     userBalances[msg.sender] = 0;
   }

Example of a vulnerable withdraw balance solidity code (2)

The below smart contract checks if the balance of the sender is greater than the amount the sender is requesting to send (well and good).

function forwardFunds(address receiver, uint amount) public {
  require(balances[msg.sender] >= amount);
  receiver.transfer(amount); 
  balances[receiver] -= amount;
  LogFundsForwarded(msg.sender, receiver, amount);
}

Contact us to learn more about Smart Contract Auditing

Contact us