Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Blockchain Security

Blockchain Security

Section titled “Blockchain Security”

3 automated security scanners

Wallet Security Assessment

Section titled “Wallet Security Assessment”

Purpose: The Wallet Security Assessment Scanner is designed to evaluate and assess the security posture of a domain by evaluating key management practices, backup procedures, and recovery seed handling. This tool aims to identify potential vulnerabilities in wallet security through various checks including cryptographic protocols, secure storage mechanisms for private keys, backup procedures, and more.

What It Detects:

  • Key Management Practices: The scanner checks for the presence of strong encryption protocols, verifies secure storage mechanisms for private keys, and detects weak or outdated cryptographic algorithms.
  • Backup Procedures: It evaluates the existence and accessibility of backup procedures, tests for the regularity and integrity of backups, and identifies potential risks in backup storage locations.
  • Recovery Seed Handling: The scanner analyzes the presence and security of recovery seeds, verifies secure transmission methods for recovery seeds, and detects vulnerabilities in seed storage or retrieval processes.
  • Security Headers: It inspects HTTP responses for essential security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.
  • TLS/SSL Configuration: The scanner examines SSL/TLS certificates for validity, expiration, and issuer, checks for deprecated or insecure cipher suites, and ensures compliance with modern TLS protocol versions.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)

Business Impact: Assessing the security posture of a wallet is crucial as it directly impacts the integrity and confidentiality of digital assets. Weaknesses in key management, backup procedures, or recovery seed handling can lead to significant financial losses and data breaches if not addressed promptly.

Risk Levels:

  • Critical: Conditions that pose an immediate threat to system security and must be remediated immediately.
    • Example: Detection of weak encryption protocols used for private keys.
  • High: Conditions that significantly impact the functionality or performance but do not necessarily threaten overall security.
    • Example: Discovery of outdated cryptographic algorithms in key management practices.
  • Medium: Conditions that may lead to minor issues, potentially impacting efficiency without compromising critical functions.
    • Example: Incomplete or poorly documented backup procedures.
  • Low: Informational findings that provide context but do not directly affect security or functionality.
    • Example: Presence of deprecated TLS versions in SSL/TLS configuration.
  • Info: Conditions that are purely informative and do not indicate any immediate risk.
    • Example: Detection of a well-documented, secure method for recovery seed handling.

Example Findings:

  1. The domain acme.com uses weak encryption algorithms for private keys which could be exploited by attackers to gain unauthorized access.
  2. The backup procedures for the wallet are non-existent, leaving digital assets vulnerable in case of system failure or cyber attack.

Smart Contract Audit

Section titled “Smart Contract Audit”

Purpose: The Smart Contract Audit Scanner is designed to identify and report common vulnerabilities in smart contracts that could lead to financial loss or unauthorized access. It scans for issues such as reentrancy attacks, integer overflows, logic flaws, unchecked low-level calls, and default function visibility, providing a comprehensive analysis of potential security risks.

What It Detects:

  • Reentrancy Vulnerabilities: Identifies patterns indicative of reentrancy attacks where malicious actors can repeatedly call a function before the previous call is completed.
  • Integer Overflow and Underflow: Detects code that may lead to integer overflow or underflow, which can result in unexpected behavior or loss of funds.
  • Logic Flaws: Identifies logical errors in the contract logic that could be exploited by attackers.
  • Unchecked Low-Level Calls: Detects low-level calls that do not check for success, which can lead to silent failures.
  • Default Visibility: Identifies functions and variables with default visibility (public) that could be exploited.

Inputs Required:

  • domain (string): The primary domain of the smart contract project to analyze, providing a context for scanning across all contracts hosted on this domain.

Business Impact: This scanner is crucial for maintaining the security and integrity of decentralized applications by proactively identifying and addressing vulnerabilities in smart contracts. It helps mitigate risks associated with financial loss or unauthorized access that could arise from common coding errors and design flaws.

Risk Levels:

  • Critical: Conditions where a vulnerability directly compromises contract state, allowing theft of funds or bypassing security mechanisms without user interaction.
  • High: Conditions where vulnerabilities can lead to significant disruptions or losses if exploited by attackers, such as through reentrancy attacks affecting critical functions like withdrawals.
  • Medium: Conditions where vulnerabilities may lead to minor issues but do not significantly impact the core functionality of the contract.
  • Low: Conditions that indicate non-critical issues which might affect usability but are unlikely to be exploited for malicious purposes.
  • Info: Conditions that provide informational insights about potential improvements or areas for better security practices without immediate risk.

Example Findings:

  • A smart contract with a function withdraw(uint amount) allowing withdrawals before checking balance could potentially lead to reentrancy, where an attacker could exploit this by calling the function multiple times within the same transaction.
  • An implementation of balances[msg.sender] += _value without any overflow checks could result in integer overflow, leading to unexpected behavior or loss of funds.

Consensus Mechanism Analysis

Section titled “Consensus Mechanism Analysis”

Purpose: The Consensus Mechanism Analysis Scanner is designed to identify potential vulnerabilities in blockchain consensus mechanisms by detecting signs of 51% attacks, sybil attacks, and eclipse attacks. These threats can undermine the integrity and security of blockchain networks, making this tool crucial for maintaining network stability and trust.

What It Detects:

  • 51% Attack Indicators: The scanner identifies unusual concentration of mining power or staking that could indicate a potential 51% attack. This includes high transaction fees indicative of control over the majority of network hash rate, as well as consistent block production by a single entity.
  • Sybil Attack Indicators: It detects multiple nodes with identical or similar characteristics, which is a sign of a sybil attack. Examples include multiple IP addresses sharing the same ISP or geographic location and identical user agent strings in node connections.
  • Eclipse Attack Indicators: The scanner identifies isolated nodes that do not receive accurate network information, such as nodes only receiving transactions from a single source or inconsistent block heights among nodes.
  • DNS Anomalies: It checks for suspicious DNS configurations, including TXT, MX, NS, CAA, and DMARC records with unexpected values or patterns, as well as open mail relays indicated by SPF records containing v=spf1.*[\\+\\-\\~\\?]all.
  • TLS/SSL Vulnerabilities: The scanner identifies weak encryption protocols and cipher suites, including the use of TLSv1.0, TLSv1.1, RC4, DES, and MD5 in SSL/TLS configurations.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., blockchain.com)

Business Impact: This scanner is essential for maintaining the security and integrity of blockchain networks. By identifying potential vulnerabilities associated with 51% attacks, sybil attacks, and eclipse attacks, it helps prevent significant financial losses and trust issues that could arise from such compromises.

Risk Levels:

  • Critical: Conditions where a single entity controls more than 50% of the network’s computing power, leading to potential manipulation of transactions and block creation.
  • High: Presence of multiple nodes with identical or similar characteristics, which can be indicative of sybil attacks and may lead to unauthorized control over the network.
  • Medium: Weak TLS versions or insecure cipher suites that could expose the network to cryptographic vulnerabilities and data leakage.
  • Low: Minor DNS anomalies or inconclusive evidence of attack indicators that do not pose significant security risks but should still be monitored for potential future threats.
  • Info: Informal findings related to normal variations in network activity, which are generally considered safe unless they show signs of escalating risk.

Example Findings:

  • A blockchain network where a single miner consistently produces more than 50% of the blocks, raising concerns about potential manipulation and security risks.
  • Multiple nodes identified with identical user agent strings, indicating possible sybil attacks that could lead to unauthorized control over the network’s consensus mechanism.