Smart contract security audit for Allbridge Classic
Allbridge's Tezos Project audit results
In the public report, we summarised the security assessment of Allbridge's Tezos Project: the process, a list of findings, theoretical and practical concerns. We would like to note the efforts that the Allbridge team has put into the security & reliability of smart contracts code and their infrastructure. The team has implemented not only 'band-aid' fixes but refactored and improved significant pieces of code based on our recommendations.
Typical fintech security requirements
Immutable smart contracts
A bridge works across several blockchains
Support of token standards
Keen understanding of blockchain threats
Pragmatic security, proven methods
Comprehensive security review and analysis
We started the audit by analysing, threat modelling, and assessing the risks associated with smart contracts and off-chain entities:
Keeping the bridge context in mind, we reviewed its design and use cases:
We conducted a security audit of smart contracts core and transactions:
Besides all the above, we provided recommendations for security improvements aligned with the “defence in depth” approach:
The article Smart contracts security audit: tips & tricks by Nazar Serhiichuk
gives even more details about intricacies of smart contracts based
on our boring cryptography engineering experience.
Smart contract security audit: tips & tricks
Smart contract security audit is very different from traditional application security audit. Smart contracts are immutable, they interact with each other and transfer user funds between accounts. Unique threat landscape brings unique challenges.
Products and services involved
Blockchain security solutions
We combined deep understanding of cryptography with data, application, and product security expertise to verify and ensure the correctness of cryptographic primitives and their usage.Read more
Security engineering & architecture
Our team went above and beyond just code: we provided recommendations related to the smart contract lifecycle, transactions data flows, and compatibility between parts of the Tezos Project.Read more
Results and outcomes
Security for innovative industries
Emerging industries don't have established security recipes. We combine years of experience, software, and creative vein to protect innovations. Talk to us if you are looking to take your data security to the next level.