Entities which notify the Malta Financial Services Authority that they are issuing an Initial Virtual Financial Assets Offering (IVFAO), or which apply directly with the Malta Digital Innovation Authority to certify their smart contracts or DLT platforms, are required to undergo a Systems Audit. The audit will assess the suitability of the controls which the entity has to put in place in relation to its security, confidentiality, process integrity, availability, and protection of personal data, as outlined in Section 2 of the MDIA’s Systems Auditor Control Objectives – Part C
Companies which are applying for a license with the MFSA to offer a cryptocurrency exchange or similar service are required to undergo a cybersecurity audit to assess its level of cybersecurity maturity in line with the MFSA’s Guidance Notes on Cybersecurity.
Companies applying for an electronic money institution license are also required to undergo a Systems Audit in line with requirements established on an ad-hoc basis by the MFSA.
A smart contract audit is basically the same as a conventional code audit: it aims at finding security vulnerabilities before the code is deployed. Over/Underflows, Reentrancy, and Front Running are among the most widespread smart contract vulnerabilities. We follow best practice standards including the top 10 vulnerabilities of DASP and other well-known vulnerabilities gathered by SWC and check for the following:
To assure your blockchain systems are secure, we can help you identify security threats and vulnerabilities present in your commercial and in-house developed blockchain system. We will provide advice on how to remediate issues found, determine the current security stance of the systems analysed and give you overall recommendations. We carry out extensive security tests including: