Hacknet Review

0 views

Skip to first unread message

Millicent

unread,

Aug 3, 2024, 4:59:33 PM8/3/24

to erunchirba

This post may contain affiliate links. If you use these links to buy something, CGMagazine may earn a commission. However, please know this does not impact our reviews or opinions in any way. See our ethics statement.

CGMagazine may earn a portion of sales from products that are purchased through our site as part of our affiliate partnerships with retailers. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of CGMagazine. By using this website, you signify your acceptance of these Terms of Use.

All immediately addressable findings and recommendations from the audits have been incorporated. The Trail of Bits audit also made recommendations regarding more long-term concerns such as test coverage and documentation, which will be addressed post-mainnet.

Our team holds security and transparency as top priorities. When commissioning thorough reviews from reputable firms, it is expected that audits will find areas for improvement, oversights, and other gaps. We have worked diligently to address these findings and we are pleased to report that the audits did not present any major blockers to the delivery of mainnet.

Overview: Cure53 conducted a penetration test and code audit of ChromaWay's Postchain EIF project in response to ChromaWay AB's request in May 2023. The assessment spanned CW22 and CW23, comprising 15 workdays.

Methodology: Cure53 utilized a white-box approach, accessing sources and detailed documentation, including test-user credentials. A team of three senior testers executed phases from preparation to finalization, focusing on smart contracts, Kotlin, and Rell codebases.

Conclusion: Despite finding some areas for improvement, Cure53 commended ChromaWay for robust security measures in the Postchain EIF project, highlighting a solid foundation for future enhancements.

This summary encapsulates the key aspects and findings from Cure53's penetration test and code audit of ChromaWay's Postchain EIF project, emphasizing both strengths and areas for improvement in security practices.

Overview: Trail of Bits conducted a comprehensive security assessment of ChromaWay's blockchain components from April 29 to June 7, 2024. The assessment focused on the EBFT consensus system, networking stack, and Directory Chain implementation. It involved three consultants and totaled 13 engineer-weeks of effort.

Conclusion: The evaluation highlighted opportunities for enhancing node syncing accuracy, improving block commitment under asynchronous conditions, and refining consensus management. Recommendations include addressing identified vulnerabilities, expanding test coverage, adopting a more secure messaging system, and documenting risks to bolster transparency and system resilience. This assessment underscores ChromaWay's commitment to proactive security measures and readiness for future blockchain challenges.

Conclusion: The Chromia Token Bridge audit highlights both its strengths in facilitating cross-chain token transfers and areas where improvements were made to enhance security and functionality.

Overview: This audit report by Quantstamp, focused on the FT4 library within the Chromia ecosystem from April 19, 2024, to June 6, 2024. The audit covered both Rell backend and Typescript client implementations.

Conclusion: The FT4 library audit highlights its foundational strengths in supporting Chromia's decentralized applications while underscoring areas for refinement to bolster security and reliability in blockchain operations.

Summary of Reports: The HackNet program elicited 10 reports from 8 distinct users. Of these, 3 reports were security focused while the other 7 were suggestions for improved UI and UX. The three security focused reports related to:

Chromia is a Layer-1 relational blockchain platform that uses a modular framework to empower users and developers with dedicated dapp chains, customizable fee structures, and enhanced digital assets. By fundamentally changing how information is structured on the blockchain, Chromia provides natively queryable data indexed in real-time, challenging the status quo to deliver innovations that will streamline the end-user experience and facilitate new Web3 business models.