VeChain’s Collaboration With SlowMist and Other Private Firms To Secure the VeChainThor Blockchain
VeChainOfficial last edited by VeChainOfficial
Originally published on June 1th, 2018.
The VeChainThor Platform bas been undergoing a series of third-party blockchain security testing, alpha testing, code audits, code testing, and mobile wallet security testing over the last month. These tests will be ongoing until mainnet release and, so far, the tests have been running smoothly.
We at VeChain take security seriously, and have placed the highest priority upon it. We believe true security requires the collaboration with outside forces, and to that extent we have begun working with multiple security firms during our mainnet testing. Some of these companies include:
Secureware is a blockchain security firm supporting secure software development lifecycle and security assessments. Secureware uses a broad network of skilled software and security experts from industry, academia, and venture capital to assist with clients’ technical engagements and time-sensitive delivery.
Hosho is the global leader in blockchain security, specializing in enterprise-grade security services for Fortune 500 and early-stage companies alike. Entirely focused on the blockchain industry, Hosho is setting the standard for blockchain security, providing state-of-the-art smart contract auditing and penetration testing services.
SlowMist focuses on blockchain ecosystem security. They were created by a team of founders with extensive experience in the frontlines of offensive and defensive cyber security. They have shared security expertise with such companies and government bodies as Google, Microsoft, W3C, the China Ministry of Public Security, Tencent, Alibaba and Baidu. Slow Mist’s core capabilities include security auditing, deploying defensive systems, and underground hacker tracking and prevention. Recently, the Slow Mist Security Team observed an automated piracy attack. The hacker used the authentication flaw of Ethereum node’s Geth/Parity RPC API to maliciously steal tokens via eth_sendTransaction. The attack lasted for about two years, the value of the stolen Ethereum (which has not yet been transferred) is around $20 million in total. In addition to that, there are also 164 types of tokens involved, and the total value of which is difficult to estimate (many tokens have not yet been officially issued on the exchange). This event became known as ETH BLACK Valentine’s Day.
HackenProof is a crowdsourced vulnerability rewarding platform which is the part of Hacken Ecosystem. It enables businesses to cooperate with a global community of bug hunters and security researchers to identify possible vulnerabilities and prevent the cyberthreat ahead of time.
These security firms and community developers are actively monitoring the security of the VeChainThor Blockchain. At this stage, there are two sections under the most intensive testing:
1)VeChainThor mainnet source code review:
Thorough testing of the VeChainThor mainnet source code, node communication security audit, node consensus algorithm security, and virtual machine security audit.
2)VeChainThor mobile wallet security testing:
This testing includes open source intelligence gathering, app security audit, server security configuration audit, identity management audit, certification and authorization audit, session management audit, input security audit, business logic audit, and cryptographic security audit.
In addition to private firms, we have utilized the HackenProof to invite over 100 developers to the private bug bounty program to conduct similar analyses. Many of our strategic partners and dApps projects are also very active in participating in the alpha testing in an effort to secure the ability to run their applications on the VeChainThor Platform as quickly as possible after mainnet launch.
Through this work, we have established a collaboration with SlowMist to set up the Authority Masternode security standard. The security standard would include recommended masternode hosting architecture, RPC security, Masternode configuration audit, security log, network security, DDoS protection, and other related services. The intent is to to help Authority Masternodes set up a secure environment and mitigate risks of tampering while reviewing the inner workings of viewing, creating, and verifying blocks.
The known value of business processes, assets, and documentation that will rely on the integrity of the VeChainThor Blockchain requires a system that is near faultless, and every effort must be taken to secure it. With trillions of expected transactions, the VeChainThor Blockchain will continuously collaborate with these security firms for peak performance. As companies continue to onboard post mainnet launch, in due time the VeChainThor Blockchain will be the most heavily used blockchain globally.