At DAPS we believe in doing things right. We make decisions based on what’s best for the business and the community as a whole.
That’s why we decided to do things slightly differently to other projects. We are doing a security audit before releasing mainnet. Most other projects release mainnet and then scramble when someone finds an exploit, we are going the opposite way and ensuring there are no known exploits upfront.
While security is an ongoing practice, we are taking the big steps first!
With this in mind, DAPS is proud to announce that we appointed Red4Sec for the security audit of the DAPS chain and QT wallets. Red4Sec is well known for their previous work on projects including Nano, QRL, Credits and NEO.
This team is specialized in cybersecurity from different perspectives. They provide ethical hacking, penetration testing, Smart Contracts and Blockchain code audit services. As a final step of their audits, they always create a report. In this case, everything discovered in the audit covering DAPS with a focus on its source code, security protocols and cryptographic components but also regarding implementation and configuration errors will be explained in detail.
Red4Sec will evaluate the DAPS Coin security level analyzing potential external computer attacks, identifying possible configuration, design, or programming errors. Moreover, they always guarantee the confidentiality, integrity and availability of accessible, treated, and stored information in their processes.
Timeline: ± 2 months. This takes us to the end of August, which then leaves a month in Q3 in order to make any changes / fixes and have them reviewed and finalised to launch mainnet as projected in Q3.
Blockchain Source Code Audit
The specific objectives of the blockchain source code audit will be:
Analyze the source code of the project, in order to detect potential vulnerabilities affecting the project. For example:
- Input Validation
- External calls
- Coding best practices
- Exception Handling
- Control of types and default values
- Algorithms and Cryptography
- Logic of the Program
- Address control / owners
- Timestamp Dependence
- Denial of Services
- Loading charges
- Blocking user accounts/wallets
- Memory Corruptions / Buffer Overflow
- Validation of input data
- Storage and Control Management
- Transaction-ordering Dependence
- Manual analysis
- Automatic analysis
- Efficiency and Optimization
- Non-functional requirements
- Check the correct working and behavior of the code
The specific objectives of the cryptographic assessment will be:
Design soundness and security:
- Cryptographic design elements as documented in C++ implementation.
- Cryptographic analysis of whether DAPS’s theoretical design actually specifies coherent security goals and whether these security goals can and are met.
- Real-world viability: a performance analysis of DAPS real-world scalability.
- Review of cryptographic primitives and whether these are adopted in the codebase.
- Implementation design review and recommendations.
- Implementation best practices.
- DAPS defenses against common attacks.
- Study of authenticity and privacy according to the design specified in the whitepaper and provided implementation details.
- DAPS real-world security within the security model of a blockchain based Cryptocurrency.
We are thrilled to work with Red4Sec on this stage of getting DAPS to mainnet launch. Red4Sec has found vulnerabilities and have reported to big companies such as Google, YouTube, Outlook and MySQL.