EOS.CYBEX’s Response to the New Criteria for EOS BPs: A Three-pronged Strategy

It is widely acknowledged that EOS could greatly enhance the current performance of blockchain and hence result in mass adoption. The global blockchain community is extremely excited about the potential of EOS becoming the “decentralized operating system” for future decentralized applications development. Fierce competitions among deep-pocketed, highly technically capable supernode candidates are clear evidences. Block.one has issued clear guidelines around voting rules and key attributes of the supernode candidates. EOS.CYBEX has earned full marks previously against the six original check mark criteria. With regards the two new criteria released recently, we will take a three-pronged strategy in order to build a secure and sustainable EOS ecosystem.

Ⅰ. Build sound technical solutions around security to ensure a stable EOS ecosystem

(1) The First Hardware Cold Wallet Bespoke For EOS
A wallet carries both public and private keys and the confidentiality of the latter is one of the most key factors in the security of crypto-assets. The hardware cold wallet developed by EOS.CYBEX stores the private key in off-the-grid physical gadgets. Private keys in the wallet, which integrates fingerprint identification and Bluetooth transmission, will only be invoked under certified circumstances.

A potential risk that may jeopardize user’s transactions is that the transfer address displayed on the online client wallet may be tampered by hackers even when the hardware cold wallet suffers no pilferage. To tackle this problem, EOS.CYBEX hardware wallet employs a user confirmation process. To be more specific, users will match the transfer address with the address shown on the screen of the cold wallet instead of the one displayed on the online client wallet. This methodology eradicates the possibility of address replacement root and branch.

In the near future, EOS.CYBEX will launch a multi-signature hardware wallet, the security level of which will match that of an institutional grade banking account. Furthermore, it also enables majority-party simultaneous transaction validation, providing additional security protection.

(2) The Formal Verification Tools Platform
EOS.CYBEX integrates 3 major formal verification players into one formal verification platform which dedicates to solving smart contract security issues. The platform applies a variety of formal verification methods to provide highly-automated and comprehensive security verification services for smart contracts on multiple blockchain platforms (Such as EOS, Ethereum). Its services encompass vulnerability inspection, satisfaction verification of security properties, certification of functionality correctness and consistency. The platform can also develop secure smart contracts and provide secure contract models.

Before deploying the smart contract to the blockchain platform, users can submit the smart contract code and functional description document to the online platform; then it formalizes the code into a mathematical specification, and conducts a series of security and functionality correctness verification through highly-automated tools; Finally, a verification report will be generated. For failed verification, the exact location of the code errors and vulnerabilities will be clearly marked.

The platform adopts “military-grade” strict formal verification methods that can anticipate and prevent smart contract security vulnerabilities. Taking EthereumParity Multisig Wallet version 1.5+ incident as an example, because the hacker repeatedly invoked the initWallet function that was supposed to be called only once, the contract owner was altered to the attacker. Therefore, the hacker obtained the contract control permission to perform illegal transfer operations. The vulnerability is caused by codes that do not properly implement user requirements (initWallet can only be executed once). For such code logic vulnerabilities, the platform first performs a mathematical description of various user-defined functional requirements (such as initWallet can only be executed once) and their corresponding implementation codes. And then through a strict proof method, the platform checks whether the code correctly meets the user’s requirements. If the result fails, it can directly locate the code error and find out the reason for the vulnerability. In a nutshell, the platform can prevent contract security holes in advance effectively through strict formal verification methods, thus improve the security level of blockchain platforms such as EOS.

(3) Security Inspection in Alliance with Chaitin
It is said that most pioneering enterprises worldwide were subject to hacker attacks. If the platform were attacked, all dApps will bear grave losses. How to anticipate and deal with intrusions are increasing important. Cybex pays special attention to the security of exchanges, thus went into partnership with Beijing Chaitin Technology Co., Ltd., the world's leading network information security company. Chaitin focus on providing professional network information security solutions to enterprise-class users
The security service team once conducted an all-around safety test for CYBEX decentralized exchange by simulating hacker intrusion, getting to the bottom of potential safety risks (including system vulnerabilities and unsafe factors in websites). The whole process is as following

1. Gathering information
2. Scanning TCP/UDP port
3. Infiltrating the systemic applications provided by the user
4. Infiltrating the operating system of the host
5. Infiltrating database and network devices (e.g. firewall, intrusion detecting system)
6. Extranet test (testers base extranet, simulating a blind attack to the internal system)
7. Intranet test (simulating attacks initiated by delinquent staff)
8. Generating Optimization Advisory

Chaitin Technology has served a set of top-echelon blockchain enterprises, detecting hundreds of security problems, in which remote code execution vulnerabilities abound. As for blockchain-related customers, Chaitin focuses on problems underlying security design, including account system security, platform transaction logic problems, defects in multi-factor authentication in the trading system, and so forth.

II. Strong community engagement: “Technology is only as strong as the community”
We plan to build a global network of incubators across 9 key cities by end of the year (3 established by the end of April 2018). Our network of incubators will serve as the key supporting network to incubate EOS Dapps, to organize EOS meet ups, to engage/integrate local communities.

Roadmap of Community Development Plans, After June 3rd
● Dedicated zone for EOS digital assets on Cybex exchange
● Continue a meetup in the global range
● Special zone for developers’ community on Longhash
● Special zone for EOS developers’ community on ChainB
● Establishing a EOS developers’ community inside the incubators
● Releasing the official website for the EOS project, and continuing to update the progress made in all areas in addition to the EOS activity notices

EOS.CYBEX pledges to make relentless endeavor to build a sustainable and vibrant EOS community/ecosystem. We believe that security is a key pillar for EOS platform. As EOS ecosystem grows, more security risks might potentially show up. Therefore we will keep upgrading our security-related strategy. Please support EOS.CYBEX.