This article was first published on Loom Network - Medium
A couple months ago, we hired an external firm to audit our PlasmaChain and Transfer Gateway code.
PlasmaChain is Loom’s mainnet, which bridges other Loom sidechains to Ethereum and other major blockchains. It is optimized for highly-scalable user-facing dapps, and enables secure asset transfers between chains.
Why Do a Security Audit?
Blockchains are no joke. The codebase is often complex, and a lot is at stake (no pun intended 😜).
Public blockchains are designed to be decentralized — meaning there is no central authority that can censor transactions. However, this also means there is no central authority you can appeal to in case of fraudulent transactions or hacks.
Hence, ensuring the security of a blockchain is paramount. And since we take security so seriously here at Loom, we made sure to have a proper security audit done by a reliable third party.
Meet Our Auditor: Trail of Bits
Trail of Bits is an information security company founded in 2012 by industry leaders Dan Guido, Dino Dai Zovi, and Alexander Sotirov.
We wanted the best security experts to test our code, and based on their track record, we hired Trail of Bits for the audit.
The PlasmaChain security audit was done from April 1 to May 3 of 2019.
The auditors did a manual code review of the loom binary, the Ethereum mainnet smart contracts that make up the Transfer Gateway, and the Delegated Proof of Stake (DPoS) system, and further tested the code as following:
- Loom binary: reviewed the loomchain repository, developed a fuzzer, and performed manual dynamic testing
- Transfer Gateway: reviewed the transfer-gateway-v2 repository, ran Slither on the code, and performed manual dynamic testing
- DPoS system: reviewed the dposv3 repository, developed ...
To keep reading, please go to the original article at:
Loom Network - Medium