Deja Vu Security, a Seattle based company has published a recently concluded case study on Ethereum Network. Ethereum had entrusted the company involved in information security research and consulting to conduct a security assessment for their platform. In a press release, Deja Vu Security has published an overview – case study of the different reviews conducted by the company on Ethereum platform.
The main reason for conducting security analysis of Ethereum was to ensure the users about the platform’s security and to test the underlying system used to track smart contracts and other digital assets.
Deja Vu conducted multiple security assessments which included design review, protocol review and quasi-Turing -complete virtual machine of clients and other tests. The company used Peach Fuzzer platform for testing the parameters.
Deja Vu Security was responsible for conducting design review, Solution review, Protocol, P2P and Network Review, Code review and Fuzz testing. As part of the design review, the Ethereum virtual machine accessible by clients was reviewed along with integrity test of all the components of Ethereum network. The solution review was focused more on the incorrect usage of encryption protocols and cryptographic components associated with Ethereum.
As Ethereum is a decentralized peer-to-peer platform, the existence and performance of the whole network depends upon the security and integrity of all the systems connected to the network. The Protocol, P2P and Network Review was part of the security assessment to examine any vulnerabilities in the network which might expose the machines connected to the network to cyber-attacks and whether any form of cyber-attack including DDoS attacks can degrade or compromise the whole Ethereum network.
Any software platform or a program is only as good as the code that goes into building it. The code review conducted by Deja Vu Security was focused on the overall health of Ethereum codes, data structures, network communication infrastructure etc. Also, the Ethereum platform was subjected to fuzz testing using Peach Fuzzer, a standard fuzzing platform capable on operating on any data consumer.
The extensive testing procedure was followed by weekly status report on issues and risks associated with Ethereum network. Any reported issues were acted upon and rectified by the Ethereum team.
The press release also claims that the Ethereum was very happy about the services rendered by the company and they are excited to launch the platform soon.
