Connect with us

FEATURED

Halborn’s Director of Security, Piotr Cielas shares key insights on Web3 security

Published

on

Security is of utmost importance when it comes to developing Web3 decentralized applications (dApps). These dApps, which operate as code snippets on blockchains, pose distinct security challenges that developers and users need to tackle.

Key security risks and considerations include phishing attacks, vulnerabilities in smart contracts, frontend and API vulnerabilities, among others.

Speaking at Breakpoint, 2023, Piotr Cielas, Director of Security, Halborn spoke on how developers can create Dapps that are efficient to avoid security breaches at the Breakpoint event organized by Solana.

Halborn is a blockchain security firm that provides full-stack security solutions for Web3 and blockchain projects. The company, which has partnered with Chainalysia, offers a range of services, including smart contract audits, penetration testing, code reviews, and incident response. 

Halborn’s expertise in security architecture and research-backed insights provide proactive and adaptive security frameworks for Web3 projects. 

The company’s preventative solution includes initial risk assessments, architecture security reviews, cloud configuration, DevOps, logical network segmentation, smart contract and infrastructure audits, and pen testing. 

Piotr highlighted the significance of data in bug forecasting and drew parallels to Bayesian probability in mathematics. By analyzing historical data, security experts can detect patterns and predict the likelihood of future bugs in projects.

He emphasized that traditional scoring systems used by security providers may have limitations in terms of effectiveness. This underscores the need for a more nuanced and sophisticated approach to enhance security measures.

Redesigning the System: Blockchain Vulnerability Scoring System

Recognizing the limitations of existing systems like the Common Vulnerability Scoring System (CVSS), the director introduced a new approach: the Blockchain Vulnerability Scoring System. 

The Common Vulnerability Scoring System (CVSS) is an industry-standard method for assessing the severity of computer system security vulnerabilities, providing a numerical score and qualitative representation to help organizations prioritize and manage their vulnerability remediation processes.

The Blockchain Vulnerability Scoring System combines the structure of CVSS with blockchain-specific metrics to provide a more tailored and accurate assessment of vulnerabilities. The key metrics include exploitability, impact on deposit and yield, reversibility, and scope.

He also noted that vulnerabilities have varying impacts on deposit and yield, with 80% of projects remaining unaffected. However, when vulnerabilities do influence yield, the repercussions can be substantial, significantly impacting project treasuries. 

This analysis offers developers valuable insights, allowing them to prioritize and address potential vulnerabilities based on their severity and impact.

Piotr mentioned common business logic-related vulnerabilities, providing bug and fix examples. He covered issues such as account owner check missing, arbitrary program invocation, PDA signature hijacking, account type confusion, remaining accounts, and account info in contexts.

Read also; Etherfuse’s CEO introduces blockchain bonds; US and EU bonds coming soon

0 0 votes
Article Rating
Advertisement Earnathon.com
Click to comment
0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments

Latest Episode on Inside Blockchain

Crypto News Update

Crypto Street

Advertisement



Trending

ALL Sections

Recent Posts

0
Would love your thoughts, please comment.x
()
x