The biggest risks a blockchain projects including when carrying out ICO, are in mechanisms of smart contracts and also in operation of web applications. The inattention to existence of such errors can lead to an interference in ICO of cyberswindlers and to multimillion losses.
The Positive Technologies company in which the main risks when carrying out Initial Coin Offering are analyzed (ICO, primary placement of tokens for attraction of financial resources in projects of the cryptomarket). Experts checked 15 projects, in particular utrust.io (a capitalization of $21 million), trade.io ($31 million) and Blackmoon ($30 million). Following the results of it was clarified that the greatest security risk (32% of total number) is posed by vulnerabilities in smart contracts (digital algorithms which determine terms of the exchange by assets between the sides), in web applications of projects and especially in their mobile versions.
"If it is wrong to determine terms of the exchange by assets, it is possible to lose everything" — the security director of the Positive Technologies applications Denis Baranov emphasizes. According to a research, because of mistakes in smart contracts most often there are possible such types of cyberfraud as frontrunning (allows to foresee future condition of the contract, and, for example, to get profit from tokens when there is a big purchase), thefts because of incorrect definition of area of visibility (for example when the function establishing the owner of a purse is available to a call to any user of the platform) and breakings because of the wrong generation of random numbers in a code
So, the mistake in definition of area of visibility in July, 2017 became the theft reason about $30 million from a purse of Parity on which means of a great number of clients were stored, including several large ICO. In November because of critical vulnerability of the new version of the smart contract more than $285 million clients of Parity have been frozen.
According to authors of a research, vulnerability in smart contracts arise because of the shortage of knowledge at programmers and insufficiently careful testing of the source code. The problem is that the technology only begins to develop, the director of global communications of Waves Platform Natalya Maleva reads. "The most part of smart contracts is written in the Solidity language which is owned up to standard by a small number of programmers
The cost of qualitative developers is high that induces owners of projects with the limited budget to address experts without experience" — the investment expert of BGP Litigation Vladimir Rusakov confirms. According to the head of analytical department of Aurora Blockchain Capital Georgi Ehrman, many customers don't know what vulnerabilities can be in their smart contracts therefore don't order additional audit. All community is traditional acted as the auditor of quality of a code, it occurs on the GitHub service, mister Rusakov specifies. But in process of promoting of technology of a blockchain the number of projects has grown therefore you shouldn't count on audit of a code, he is sure.
Also in Positive Technologies found out that the majority of web applications of projects, and especially mobile applications for investors is exposed to serious risks. So, vulnerabilities were found in 100% of mobile versions, in general they contain 2,5 times more vulnerabilities, than normal web resources. "Among the most widespread shortcomings — unsafe data transfer, storage of user data in backup copies, the control footing left by developers in an application code, disclosure of the identifier of a session" — mark authors of a research.
Such mistakes allow to receive additional data on the project, organizers and investors and can be used during the further attacks. In case of gaining access to the mobile phone of the victim the malefactor can get access to the application and perform operations from his face, including remove means. But these conclusions are confirmed by not all experts. Georgi Ehrman believes that mobile applications which are used for attraction of assets and the translations of tokens and cryptocurrency "are protected very carefully". If the application is used only for communication with target audience, he adds, it is possible and to save on protection.To know more visit: “https://www.engadget.com/2018/01/22/hackers-stealing-millions-cryptocurrency-ico/”
"SORRY IF I MADE MISTAKE .SUGGEST ME PLEASE "