On September 29th, Beosin's senior security expert, Jasper Kanetake, was once again invited to the Monetary Authority of Singapore (MAS) to conduct a technical sharing session on the topic of smart contract security.

Previously, on August 17th, Beosin was invited by the Monetary Authority of Singapore to provide training on blockchain security and regulation, covering various key aspects of Web3 security. In this technical sharing session, Jasper Kanetake, a senior security expert at Beosin, focused on discussing the application scenarios for smart contracts, smart contract risks, and their corresponding security solutions.

In recent years, the Monetary Authority of Singapore (MAS) has actively explored emerging technologies in regulating digital assets to promote financial innovation within the Web3.0 technology landscape while ensuring the stability and security of the financial system.

According to Beosin's recent release, Q3 2023 Global Web3 Security Report, AML Analysis & Crypto Regulatory Landscape, the third most damaging type of attack in the blockchain ecosystem in the third quarter of 2023 was contract vulnerability exploitation, resulting in approximately $93.27 million in losses from 22 such incidents. Among these, reentrancy vulnerabilities were responsible for the highest percentage of losses, accounting for 82.8% of the total. Business logic vulnerabilities were the most frequent, occurring in 13 out of the 22 contract vulnerabilities. It is clear that smart contract security remains a significant concern.

During this internal sharing session, Jasper highlighted the risks and typical attack methods faced by smart contracts. In discussing reentrancy attacks, Jasper explained the principles behind reentrancy attacks and analyzed the attack process in the case of the $2,500 security breach at Lendf.Me. Jasper also provided detailed analyses of configuration errors, access control vulnerabilities, upgradable contract vulnerabilities, flash loan attacks, and business logic vulnerabilities, each accompanied by relevant case studies.

Regarding business logic vulnerabilities, Jasper emphasized the challenges of detecting such vulnerabilities due to the complexity of contract code. Drawing from past experiences and research at Beosin, Jasper shared effective smart contract security solutions.

1. Seek professional security team audits before project deployment. Developers should use mature code for their project's smart contracts, and professional security teams can conduct security audits before the project goes live. Beosin offers VaaS formal verification checks and manual audits. They use formal verification to identify security vulnerabilities in the code, followed by manual audits to quickly locate complex business logic vulnerabilities based on an understanding of the project's operations. More details can be found in Beosin Security Audit Service Fully Upgraded to Build a More Secure Blockchain Ecosystem.

2. Implement on-chain anomaly activity monitoring for smart contracts during project operation. Beosin EagleEye automatically monitors the security status of contracts, tracks contract operations and real-time transactions, identifies abnormal transactions, and comprehensively assesses the project's security. This helps project teams discover risks such as flash loan attacks, arbitrage trading, and theft due to private key compromise.

3. In the event of a hacker attack, seek professional teams for post-attack tracking. Hackers remain the biggest threat in the Web3 security domain. If a project is targeted by hackers, professional security teams can be engaged for post-attack tracking and resolution. Beosin KYT has successfully assisted numerous global VASP organizations and regulatory bodies in identifying and preventing multiple blockchain money laundering cases. KYT's on-chain AML capabilities not only analyze and track the asset transfer paths of involved addresses, mark and monitor hacker addresses, and identify the flow of stolen assets but also create an investigative evidence chain for virtual asset transactions that can be used in forensic reporting.

In conclusion, Jasper emphasized the importance of contract audits. He demonstrated the effectiveness and necessity of smart contract audits in discovering vulnerabilities by using VaaS automated formal verification tools to dissect actual contract code. This process helps rectify vulnerabilities before a project goes live, ensuring the security of user assets. He also introduced Beosin's technical advantage in audits, highlighting the multi-dimensional approach to guaranteeing smart contract security through formal verification technology and security expert audits.

This sharing provided participants with a comprehensive understanding of smart contract risks and security solutions. Beosin remains committed to advancing Web3 security technology and working collaboratively with regulatory bodies, businesses, and users to build a secure Web3 ecosystem.

Contact

If you need any blockchain security services, welcome to contact us:

Official Website EagleEye KYT Twitter Telegram Linkedin