1. Home
  2. security audit

security audit

Tether Announces Completion of ‘Gold Standard’ Security Audit in Push for Regulatory Compliance

Tether Announces Completion of ‘Gold Standard’ Security Audit in Push for Regulatory Compliance

The firm behind the leading USD-pegged stablecoin is releasing the results of a recent security audit. According to a new blog post from Tether, the firm behind USDT, is taking steps toward “achieving the highest level of security compliance an organization can demonstrate.” “Tether, the largest company in the cryptocurrency industry, announced a significant security update today. […]

The post Tether Announces Completion of ‘Gold Standard’ Security Audit in Push for Regulatory Compliance appeared first on The Daily Hodl.

Korean Hackers Lose Big Trading on Hyperliquid: Are They Poking for Holes?

Ethereum layer 2 zkEVM ‘Scroll’ confirms mainnet launch

Blockchain data from Etherscan suggest Scroll’s mainnet was live over a week ago.

Scroll, a new contender in the zero-knowledge Ethereum Virtual Machine (zkEVM) space that works to scale the blockchain, has confirmed the launch of its mainnet.

The team behind Scroll announced the launch in an Oct. 17 post and added that existing applications and developer tool kits on Ethereum can now migrate to the new scaling solution.

“Everything functions right out of the box,” the Scroll team said.

A zkEVM solution such as Scroll’s aims to provide lower transaction costs at a higher throughput for decentralized applications running on Ethereum.

It works by batching thousands of transactions off-chain into one, then submitting a proof consisting of a minimal data summary to Ethereum’s mainnet.

Blockchain data suggests Scroll had withheld the news that its mainnet was live since Oct. 8 — the date at which the first smart contract was deployed on thScroll mainnet, according to Etherscan data.

Scroll said the mainnet launch came after 15 months of extensive testing and security audits across three separate testnets.

“Our bridge and rollup contracts were audited by OpenZeppelin and Zellic,” Scroll added. Its zkEVM circuits were reviewed by Trail of Bits, Zellic, and KALOS.

Across its three testnets over 450,000 smart contracts were deployed enabling over 90 million transactions across 9 million blocks. 280,000 ZK-proofs were also generated the firm said.

About a month ago, Scroll co-founder Ye Zhang told Cointelegraph Scroll would launch with centralized features but plans to increasingly decentralize over time.

“We will have a centralized sequencer and the central approver button,” Zhang said. He added a plan is in place to remove that button, however.

“We have a roadmap [...] To solve the single point of failure and to incentivize the community to build better proving hardware.”

Zhang said the Scroll team will also pitch several proposals to let the community discuss what’s best for Scroll moving forward.

Related: ConsenSys launches Linea zkEVM to further scale Ethereum

Scroll was founded in 2021 with the goal to be more community-driven. Other zkEVM solutions working to scale Ethereum include Polygon, zkSync, StarkWare and Immutable.

Jordi Baylina, technical lead of Polygon Hermez zkEVM, recently told Cointelegraph that such competition in the zkEVM space is only going to make the Ethereum ecosystem more robust:

“Having different projects adds a lot of experience, and it’s also a way to test different approaches, ways of handling things or solving things,” he said.

Magazine: Attack of the zkEVMs! Crypto’s 10x moment

Korean Hackers Lose Big Trading on Hyperliquid: Are They Poking for Holes?

Coinbase layer-2 network Base closes in on mainnet launch

While a date for mainnet wasn’t announced, the Base team said it’s now fulfilled 4 out of 5 of their criteria for launch.

Base, a new layer 2 application-focused protocol by Coinbase has just one criteria left to fulfil  before being ready for mainnet launch.

On June 29, the team said the Optimism-powered, Ethereum-secured network has been subject to six months of rigorous security audits — both internally and externally — its second-last criteria required for launch.

“With the completion of these audits, we’ve now fulfilled ⅘ of our criteria for mainnet launch,” Base said, adding that they feel confident after not finding any critical code bugs:

“Completing these in-depth security workstreams without discovering critical severity bugs gave the Base team confidence to proceed towards mainnet launch.”

The other three criteria passed included a “Regolith” hard fork in testnet, a successful infrastructure review with OP labs — the team behind Optimism — and Optimism’s “Bedrock” upgrade.

Coinbase officially launched Base on February 23, which aims to be a low-cost, secure, developer-friendly network for building decentralized applications.

To “battle-test” Optimism’s tech stack, Coinbase’s protocol security team conducted its own internal audit to identify any vulnerabilities that may emerge on layer 1, layer 2 and on the bridges.

In addition to Coinbase's internal audit, Base invited the broader community to partake in a public smart contract audit test via Code4rena to report bugs found in the Optimism’s tech stack:

“We engaged over 100 security researchers as part of this contest, and are happy to report there were no significant vulnerabilities discovered.”

Among the audits investigated by the security researchers included Optimism’s node software, Ethereum Virtual Machine (EVM) equivalence vulnerabilities, bridge vulnerabilities and miscellaneous smart contract issues.

The community audit ran from May 27 to June 10 with a maximum of $100,000 in rewards handed out to successful bounty hunters.

Demonstrating “testnet stability” is the final criteria that needs to be passed prior to mainnet launch, according to a previous post from Base.

The five criteria required for Base to launch on mainnet. The timeline provided by Base was published on May 25. Source: Base

While Base didn’t state how the final criteria would be fulfilled exactly, the team said that they’re still reviewing submissions from the 100 researchers that took part in the public smart contract audit in addition to reviews from past audit programs — namely “spearbit” and “sherlock.”

Base added that they’ve built Pessimism, an open source monitoring tool which aims to notify builders of any anomalies that may arise in the protocol, such as account balance irregularities, contract events, or disparities between L1 and L2 states.

Related: Coinbase CEO says Bitcoin Lightning is 'something we’ll integrate'

In late March, Coinbase said they want to see an inflation-pegged “flatcoin,” an on-chain reputation system and an on-chain limit order book exchange built on Base.

Many considered the development of Base to be a “massive vote of confidence for Ethereum” when the news was first announced in late February.

Secured on Ethereum and powered by layer-2 network Optimism, Base aims to eventually become a network for building decentralized applications.

Magazine: ’Account abstraction’ supercharges Ethereum wallets: Dummies guide

Korean Hackers Lose Big Trading on Hyperliquid: Are They Poking for Holes?

This AI chatbot is either an exploiter’s dream or their nightmare

The crypto community has come across an AI-powered chatbot that can be used to audit smart contracts and expose vulnerabilities.

The online crypto community has discovered a new Artificial Intelligence (AI)-powered chatbot that can either be used to warn developers of smart contracts vulnerabilities or teach hackers how to exploit them. 

ChatGPT, a chatbot tool built by AI research company OpenAI, was released on Nov. 30 and was designed to interact “in a conversational way” with the ability to answer follow-up questions and even admit mistakes, according to the company.

However, some Twitter users have come to realize that the bot could potentially be used for both good and evil, as it can be prompted to reveal loopholes in smart contracts.

Stephen Tong, co-founder of smart contract auditing firm Zellic asked ChatGPT to help find an exploit, presenting a piece of smart contract code.

The bot responded by noting the contract had a reentrancy vulnerability where an exploiter could repeatedly withdraw the funds from the contract and provided an example of how to fix the issue.

This similar type of exploit was used in May by the attacker of the Decentralized finance (DeFi) platform Fei Protocol who made off with $80 million.

Others have shared results from the chatbot after prompting it with vulnerable smart contracts. Twitter user devtooligan shared a screenshot of ChatGPT, which provided the exact code needed to fix a Solidity smart contract vulnerability commenting “we're all gonna be out of a job.”

With the tool, Twitter users have already begun to jest they’re able to now start businesses for security auditing simply by using the bot to test for weaknesses in smart contracts.

Cointelegraph tested ChatGPT and found it can also create an example smart contract from a prompt using simple language, generating code that could apparently provide staking rewards for Ethereum-based nonfungible tokens (NFTs).

ChatGPT’s example Solidity smart contract for NFT staking rewards from a simple prompt. Image: Cointelegraph.

Despite the chatbot's ability to test smart contract functionality, it wasn’t solely designed for that purpose and many on Twitter have suggested some of the smart contracts it generates have issues.

The tool also might provide different responses depending on the way it’s prompted, so it isn't perfect.

Related: Secret Network resolves network vulnerability following white hat disclosure

OpenAI CEO Sam Altman tweeted that the tool was “an early demo” and is “very much a research release.”

He opined that “language interfaces are going to be a big deal” and tools such as ChatGPT will “soon” have the ability to answer questions and give advice with later iterations completing tasks or even discovering new knowledge.

Korean Hackers Lose Big Trading on Hyperliquid: Are They Poking for Holes?