Blockchain Audits

fact technologies services.

MDIA – Systems Audits

Entities which notify the Malta Financial Services Authority that they are issuing an Initial Virtual Financial Assets Offering (IVFAO), or which apply directly with the Malta Digital Innovation Authority to certify their smart contracts or DLT platforms, are required to undergo a Systems Audit. The audit will assess the suitability of the controls which the entity has to put in place in relation to its security, confidentiality, process integrity, availability, and protection of personal data, as outlined in Section 2 of the MDIA’s Systems Auditor Control Objectives – Part C

MFSA – Cybersecurity and EMI Systems Audits

Companies which are applying for a license with the MFSA to offer a cryptocurrency exchange or similar service are required to undergo a cybersecurity audit to assess its level of cybersecurity maturity in line with the MFSA’s Guidance Notes on Cybersecurity.

 

Companies applying for an electronic money institution license are also required to undergo a Systems Audit in line with requirements established on an ad-hoc basis by the MFSA.

Smart Contract Auditing

A smart contract audit is basically the same as a conventional code audit: it aims at finding security vulnerabilities before the code is deployed. Over/Underflows, Reentrancy, and Front Running are among the most widespread smart contract vulnerabilities. We follow best practice standards including the top 10 vulnerabilities of DASP and other well-known vulnerabilities gathered by SWC and check for the following:

  • Expert Code Analysis: Have a smart contract expert perform a review
  • Control Flow Analysis: Generate a graph of the program’s control flow and look for anomalies
  • Dynamic Code Analysis: Run the program to see how code works and look for anomalies
  • Manual Code Analysis: Line-by-line review of the smart contract code for logical or programming languages
  • Vulnerability-Based Scanning: Scan the code for known smart contract vulnerabilities
  • Symbolic Execution: Determine the inputs that cause certain parts of the code to execute
  • Taint Analysis: Check what variables within the smart contract are controllable by the person or smart contract executing it
  • Test Coverage: Ensure that unit tests cover all of the smart contract’s code
  • Linting: Ensure that the contract meets style requirements and has no grammatical errors

Blockchain System Audit

To assure your blockchain systems are secure, we can help you identify security threats and vulnerabilities present in your commercial and in-house developed blockchain system. We will provide advice on how to remediate issues found, determine the current security stance of the systems analysed and give you overall recommendations. We carry out extensive security tests including:

  • double-spent attack
  • 51% attack
  • Eclipse attack
  • DOS
  • Network-based weak configuration

Language »