Hackers manually find exploits in underlying smart contracts — The mass AI simulation of attacks in contracts could outsmart such tactics.
As the cryptocurrency market has grown, so too have the number of bad actors looking to exploit vulnerable decentralized finance, or DeFi, protocols, and projects for their own gain. Earlier this month, the Ethereum-Solana Wormhole token bridge suffered the biggest hack of 2022, with $321 million lost due to a signature verification vulnerability. Such exploits have become increasingly sophisticated over the years.
But blockchain security firms like HashEx are keeping up the pace just as hackers upgrade their tactics. During the past few years, HashEx has audited more than 700 DeFi smart contracts that secure over $2 billion worth of investors’ funds. One notable project that utilizes HashEx is Trader Joe, a popular decentralized exchange on the Avalanche (AVAX) blockchain. In an exclusive interview with Cointelegraph, Dmitry Mishunin, CEO and founder of HashEx, explains just how the firm is upgrading its auditing process to protect crypto enthusiasts against possible breaches.
The old-fashioned auditing method consists of a manual check and an automatic test of the underlying code. As Dmitry told Cointelegraph:
“Traditionally, a group of auditors manually tests the logic of contracts; they’re trying to imagine some inputs values, which can break their logic. It’s like an Olympic Games for programmers. But this is only good when your auditor is experienced enough.”
Sometimes, Dmitry continues, “problems cannot be conjured then tested, as they are do not arise mistakes in the logical flow of code, but from minor errors such as in the Ethereum Virtual Machine, which happens quite often.” To overcome this fault, HashEx has derived a new “stochastic (random) testing” method. Using AI, its software generates 1,000 to 100,000 randomized transactions with different trends and parameters to stress-test the smart contract.
“With random transactions, it looks like a simulation of a person with a crazy idea [commonly descriptive of hackers] creating something to break the contract.”
When asked about whether there have been any breaches in smart contracts audited by HashEx, Dmitry was very humble in his response. In 2020, none of the firm’s audited projects experienced any hacks. But in 2021, two minor incidents occurred out of hundreds of projects that went on to be secure. One project on the Avalanche network had a critical issue in the audited contract and lost about $100 thousand. Meanwhile, Dmitry explained that the other incident wasn’t a hack per se, as the contract had a bug that prevented the withdrawals of fees. “It’s the real world; sometimes we miss it,” says Dmitry.