DevTeam.Space Product Development Blog

Explore our in-depth product development tutorials and new technology announcements published by our software development experts

All articles

Undertaking A Blockchain Code Audit And Its Importance

After undertaking a blockchain code audit for DDKoin, one of the largest blockchain networks in the Asian market, we at DevTeam.Space decided to write an article outlining the importance of blockchain code audits.

While blockchain is a highly promising technology, code audits are crucial for implementing blockchain-based software successfully. A thorough code audit will also serve to deter potential hackers.

You will need specialized expertise for a blockchain code audit and you should plan for it proactively when planning your blockchain project.

The first step is to understand all about how a blockchain code audit works and why it is so important to get right. Let’s start!

Contents

“Hackers! But isn’t blockchain immune from hacking?” – The obvious question!
Smart contracts: Powerful, yet vulnerable!
Smart contract bugs: A key challenge
How to mitigate the risks arising from smart contract bugs?
Testing smart contracts: Essential, however, not sufficient
Verification of smart contracts: The state of tooling support
Blockchain code audit: What, why, and how
Wondering how to go about a blockchain code audit for your project?

“Hackers! But isn’t blockchain immune from hacking?” – The obvious question!

 

This is likely the first question in your mind at this point! Well, blockchain is a software system, and no one can yet say that they have developed a software system that’s fully immune from hacking.

Experienced software project managers, IT architects, and information security specialists know this, and they try to raise the cost for the hackers. The underlying idea is that hackers will avoid attacking a software system if their cost is higher than the expected benefits.

Bitcoin, the most popular cryptocurrency employs this concept in its blockchain network. Thanks to its computation-intensive “Proof of Work” (POW) consensus algorithm, cryptographic hash functions, and data encryption, the cost of hacking this network is very high. This reduced the incentives for hackers, as I have explained in “Proof of work vs proof of stake comparison”.

Hackers don’t find it easy even if a blockchain network avoids the energy-intensive POW algorithm. Take for example the “Proof of Stake” (PoS) algorithm, where hackers will need to stake their crypto tokens for long periods to manipulate the system.

If the value of the crypto token is less, then hackers have no tangible benefit. Alternatively, if the value is high then the cost for hackers is also high. Accordingly, blockchain networks have proved their resilience against hackers.

The risk arises from the programs that run on these networks. Let’s now review how vulnerability arises from smart contracts, i.e., pieces of code that run on blockchain networks.

Smart contracts: Powerful, yet vulnerable!

While Bitcoin (BTC) is the most famous application of blockchain, you can only conduct peer-to-peer payment transactions using this network. Ethereum, with its platform to create “Decentralized Apps” (DApps) brought out the potential of blockchain in front of the world.

DApps are web apps where the backend runs on a decentralized blockchain network, and the backend consists of smart contracts. DApps must store data on a blockchain following cryptographic standards, moreover, they must use cryptographic tokens. Read more about DApps in “How to scale an Ethereum Dapp”.

Smart contracts are key components of DApps, and these are pieces of code with “If-Then-Else” statements. Their defining characteristics are as follows:

  • They are open-source pieces of code that transfer cryptographic assets based on the fulfillment of predefined conditions.
  • You must store smart contracts on a decentralized blockchain network.
  • You can’t modify smart contracts after you deploy them.
  • Their execution results are stored on the blockchain, therefore, you can view them.
  • The execution of a smart contract is irreversible.

Smart contracts can improve transparency in the business environment, moreover, they can make contract administration easier. You can read more about them in “How to deploy smart contract on Ethereum?”.

Despite their advantages, smart contracts pose some risks. One can’t modify them after deployment, therefore, it’s hard to correct bugs. Given their irreversible execution, it’s hard to recover from the impact of bugs in smart contracts.

Take the case of the 2016 hack of Ethereum DAO. The “Distributed Autonomous Organization” (DAO) smart contract had a bug, and hackers exploited it to steal Ether (ETH) worth $70 million. It took a complex, lengthy, and contentious recovery effort to restore the funds, as you can read in “The DAO hack explained: unfortunate take-off of smart contracts”.

Smart contract bugs: A key challenge

Ethereum DAO hack isn’t the only instance of smart contract bugs posing challenges. There are frequent occurrences of such bugs causing losses to users of blockchain/crypto applications. SpankChain, a crypto project suffered losses in 2018 due to a smart contract bug, as CoinDesk had reported.

Expert observers of the blockchain and crypto market contend that a significant number of blockchain projects have critical bugs in their smart contracts. Read “25% of all smart contracts contain critical bugs” for more insights.

How to mitigate the risks arising from smart contract bugs?

Blockchain development projects are software development projects, after all, therefore, the fundamentals of software quality assurance apply. How would you prevent smart contract bugs from going into your blockchain production environment?

As with any other software development project, you would need to have robust verification and validation processes. These should include the following:

  • Verification: Reviews, walkthroughs, and inspections of plans, requirements, design, code, test cases, etc.
  • Validation: Testing the application system.

Read more about these in “Verification vs validation”. You need to keenly focus on both of them since you can’t modify smart contracts after you deploy them, moreover, you can’t negate their execution. Let’s dive into further details.

Testing smart contracts: Essential, however, not sufficient

Smart contracts are software programs, therefore, you ought to test them. Given their immutable nature, the testing assumes a lot of importance, however, testing alone isn’t sufficient.

Testing of smart contracts is subject to the same limitations of software testing in general, which are as follows:

  • It’s never possible to test a program completely.
  • You can test smart contracts only against their requirements, and this process doesn’t detect errors in requirements.
  • If the requirements are ambiguous, the testing process can’t remedy that.
  • Every software testing project contends with schedule and budget constraints, and it’s the same with testing of smart contracts.
  • You might not be able to test every path, moreover, it’s not possible to test every valid or invalid input.

You can read more about these limitations of testing in “Testing limitations”.

Verification of smart contracts: The state of tooling support

It’s an established practice in the field of software development to employ both validation and verification techniques for quality assurance. The software development industry has matured over decades and there are several verification tools, as you can read in “Evaluating automated software verification tools”.

Software development teams can also use code review tools like Review Assistant, Reshift, Gerrit, etc., and you can find more examples in “14 best code review tools in 2019 [static code analysis]”. Blockchain is a new technology though, and the tooling support in this area is currently limited.

VeriSol from Microsoft Research is one such verification tool for smart contracts. The name VeriSol stands for “Verifier for Solidity”, and it works with Solidity, the popular language for developing Ethereum smart contracts.

VeriSol is an open-source tool, and it’s available on GitHub. Smart contract developers can specify the desired functionality of their Solidity code, and VeriSol translates the code in the “Boogie” formal intermediate verification language.

It then mathematically verifies whether the code will correctly execute as desired. The Microsoft Azure Blockchain Service has recently integrated VeriSol within its offerings, and you can read more about VeriSol in “VeriSol: a formal verifier for Solidity based smart contracts”.

Blockchain code audit: What, why, and how

While the emergence of tools like VeriSol is good news, there aren’t too many such solutions available yet. Manual audit of code is important in blockchain development projects, and let’s now understand more about this.

1. What is a blockchain code audit?

Put simply, a blockchain code audit is a structured and systematic code review of a blockchain development project, and it’s done manually. It might use static code analysis tools, however, the main thrust is on experienced blockchain developers reviewing the code to find bugs.

2. Why your project plan must include a blockchain code audit

As observations from experts show, Ethereum smart contracts have a 3% failure rate. This is indeed a challenge, however, smart contract bugs can be prevented.

Blockchain/crypto experts have noted that it’s eminently possible to detect smart contract bugs early and prevent them from reaching the production environment. As a responsible entrepreneur or business leader planning to launch a blockchain project, you should include a blockchain code audit in your project plan. Read more about the observations of experts in “Blockchain smart contracts: more trouble than they are worth?”.

3. How to conduct a blockchain code audit?

Let’s understand the steps involved in a blockchain code audit, which are as follows:

3a. Locking down the source code

When you undertake a smart contract audit, you first need to lock down the version of the source code. This ensures transparency in the audit process.

It also helps you to differentiate the version already audited vs any further changes you make to the code. You should document the version number, commit time-stamp, etc. for the version you are auditing.

3b. Understanding the blockchain project

You need to engage an external team for auditing your blockchain project. Such an external team needs to understand the project, its use case, its architecture, etc. You should plan for sufficient time for this in your project plan.

3c. Reviewing the project documentation

The external audit team you engage needs to review various documents like the business requirements, architectural decisions, technical design, etc. This team should also review the test cases and test plans thoroughly.

3d. Preliminary code review

A blockchain code audit team needs to review the code multiple times, and a preliminary code review is the first such instance. The entire audit team needs to read the complete source code repository.

During this exercise, they understand how the development team has implemented the design. Read more about this in “How to audit a smart contract? – A guide”.

3e. Static code analysis

The audit team could use available tools for static code analysis. As I have noted earlier, there is limited tooling support for this at this point since blockchain is still a new technology.

3f. Code quality analysis

An independent audit team reviews whether the development team has adhered to the coding best practices. This review focuses on the structure of the code, the naming conventions used for the variables, comments in the code, etc. The development team should avoid using replicated code, and the audit team checks for this too.

3g. Analyzing the presence of known vulnerabilities

The independent audit team should scan the code thoroughly to find whether there are known vulnerabilities. Examples of known vulnerabilities are as follows:

  • Reentrancy;
  • Shadowing of variables;
  • Storage pointers that can be exploited;
  • Overflows and under-flows;
  • Bugs that could enable hackers to launch Denial-of-Service (DoS) attacks;
  • Incorrect cryptographic signature validation;
  • Generating random numbers in an insecure manner;
  • Timestamp dependencies;
  • Incorrect assumptions made for ordering transactions.

This is not an exhaustive list of such vulnerabilities, and you can read the “Decentralized Application Security Project (or DASP) Top 10 of 2018” for more insights.

3h. Functionality analysis

An independent blockchain code audit team should check whether the code in question will deliver the desired functionalities. They need to document all observations.

3i. Reporting and tracking

At the end of the review, the audit team should prepare a detailed report. You need to review this and work with your development team to address the issues, subsequently, you need to document the closure of the issues.

Addressing bugs in smart contracts and reviewing them again follow an iterative process. You need to ensure that all such iterations are fully documented.

Wondering how to go about a blockchain code audit for your project?

A blockchain code audit is essential for your blockchain project. As I have explained, your team must thoroughly test the smart contracts, however, that is not sufficient.

Given that there are a limited number of blockchain smart contract verification tools, you have a significant dependence on a structured code audit. It can be hard to find experts for such audits though.

You should look for blockchain development experts with deep expertise in blockchain code audit. Our guide “How to find the best software development company?” can help you find such experts.