Introduction to End-to-End DApp Security Assessment Service
For Decentralized Applications (DApp), developing smart contracts securely is one of the most critical parts. Nevertheless, off-chain components are also frequently used together with smart contracts to provide further functionalities for the users.
In many occurrences, even when the smart contracts are properly assessed or audited, the platform can still be attacked through insecure off-chain components, causing massive damage. This can be seen in multiple past incidents, such as:
- Ronin Network being attacked through the validator RPC nodes, causing over $624,000,000 in damage (https://roninblockchain.substack.com/p/community-alert-ronin-validators)
- BadgerDAO being attacked through the creation of unauthorized API key, causing over $121,000,000 in damage (https://badger.com/technical-post-mortem)
- PancakeSwap being attacked through DNS Hijacking (https://medium.com/pancakeswap/dns-incident-recap-36a183a2aee6)
- Pirate X Pirate being attacked through an insecure implementation of an off-chain conversion feature (https://medium.com/@PirateXPirateNFTsGame/pxp-statement-regarding-the-hacking-incident-and-remedies-44dc97ee0352, https://twitter.com/BlockSecTeam/status/1501474711599198211)
In order to perform a security assessment to cover the smart contracts and all off-chain components from end-to-end, security professionals with understanding and experience in all of the components are required. If any of the components are left unchecked, that part can be a room for the attacker to exploit and cause damage to the platform and its users.
Inspex, as one of the leading Blockchain and Smart Contract Security firms, was founded by a team of cybersecurity experts highly experienced in various fields of both off-chain and on-chain cybersecurity. We are providing the End-to-End DApp Security Assessment Service to support DApp projects on all sides, making sure that the platform is safe from both on-chain and off-chain attacks.
What is End-to-End DApp Security Assessment Service?
End-to-End DApp Security Assessment Service is a service that combines Smart Contract Audit Service with Penetration Testing Service.
The Smart Contract Audit Service covers the on-chain components, which are the smart contracts of the platform. Whereas the Penetration Testing service covers other off-chain components, including website, server, API, or other services being used on the platform.
With the coverage of all components, we can inspect and determine the risks from all possible angles in order to provide the best solutions to resolve or mitigate those risks for our clients.
What Will You Get From Using Our End-to-End DApp Security Assessment Service?
The clients of Inspex’s End-to-End DApp Security Assessment Service will have a security assessment performed on their platform by cybersecurity professionals at the highest quality. This assessment will cover all the agreed components of the platform, including the smart contracts and off-chain components.
After the first assessment is finished, a preliminary report, with detailed descriptions of the risks and the recommendations to resolve those risks, will be provided. During the remediation of the issues by the project team, consultation with Inspex’s professionals can always be done in order to make sure that the solution used is best suited for our clients.
When the issues are fixed, Inspex will perform a reassessment to make sure that the risks found in the first assessment are properly fixed and resolved without any complications. A full report will then be prepared and delivered to our client.
Moreover, if issues with medium severity or above are all resolved, that project will be marked as “Verified by Inspex”, and a badge will be issued to confirm that the components within the assessment scope are properly secured for the users.
Furthermore, Inspex can help our clients announce the assessment result publicly through Inspex Library, allowing the platform users to access the information about the assessment and view the report.
Inspex Library: https://app.inspex.co/library
For inquiries on our End-to-End DApp Security Assessment Service, please contact us through our Telegram and email: @InspexCo (https://t.me/InspexCo) and contact@inspex.co
About Inspex
Inspex is formed by a team of cybersecurity experts highly experienced in various fields of cybersecurity. We provide blockchain and smart contract professional services at the highest quality to enhance the security of our clients and the overall blockchain ecosystem.
For any business inquiries, please contact us via Twitter, Telegram, contact@inspex.co