Bitcoin Forum
December 15, 2018, 01:33:39 AM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
   Home   Help Search Login Register More  
Pages: [1]
Author Topic: Blockchain software security report by China CERT  (Read 741 times)
Hero Member
Offline Offline

Activity: 896
Merit: 504

View Profile WWW
February 23, 2017, 09:24:01 AM

Very interesting report was published by Chinese CERT:

In December 2016, China CERT released a 17-page security audit report of blockchain software. As per the report, the audit was conducted in October 2016 and released later as “open” document. The report examined 25 open-source blockchain projects, categorizing the vulnerabilities found into 9 classes. A total of 746 high-level attack vectors are detected. Ripple is rated the most insecure one with over 223 highly risky bugs.

China CERT,  the National Computer Network Emergency Response Technical Team/Coordination Center of China (known as CNCERT or CNCERT/CC) , was founded in September 2002. It is a non-governmental non-profit cybersecurity technical center and the key coordination team for China’s cybersecurity emergency response community. The CERT lab speaks highly of the global development around blockchain technology but also reiterates the importance of blockchain software security.

Overview of 25 projects being audited:

The 9 vulnerability categories were chosen for auditing:
1. Input Validation and Representation
2. API Abuse
3. Security Features
4. Memory Management
5. Time and State
6. Error and Exception Handling Errors
7. Code Quality
8. Encapsulation and hidden defects
9. Flaws in Code Runtime Environment

Vulnerability rating:

Results: Ripple the most insecure project

It is noteworthy that among all the projected being audited this time, Ripple is likely to be the most widely used one with the most users. At the time of writing, the software company has received 100 million USD investments from Google and Accenture. Some large financial institutions have announced their joining the payment network, including Standard Chartered, Westpac, Shanghai Huarui Bank and so on. Given the fact that Ripple is directly dealing with financial assets, should these loopholes be exploited by hackers, the institutions may suffer unimaginable losses

Ethereumj comes as the second most risky project with 110 high-level vulnerabilities. Bitshares contains 4 high-risk bugs and 665 medium ones, the highest number among all projects.
Ethereum Wallet, Hlp-candidate and OmniJ are found bearing zero or only one high-level bugs and therefore considered the most secure projects among all units being audited.

It is very interesting analysis noteworthy to study accuratelly:

Create account on Liquid and get verified. Place a first trade with a minimum value equivalent to USD100. Get QASH!
Please register here:
Pages: [1]
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!