The world is going postal; and by that, I mean people are getting restless and, dare I say it, angry that Uncle Sam, Joe blogs, and everyone in between are so unequipped for the digital age. In September 2021 alone, IT Governance estimates that there were over 91 million breached records [1], a statistic compounded by Fortunes estimations that by October 2021 the number of total security breaches had already surpassed that of 2020 [2].
The response has been an exponential growth of decentralised projects that use blockchain technology to remove a central point of weakness and disperse information across a network. On the most part, these networks have been highly successful at fulfilling their purpose — improving security and trust — but is this actually any better than the older more centralised method?
We certainly think so, but the truth is it’s not perfect every time, and some systems — for example The DAO and Poly Network hacks — are still being put through the ringer; however those that get hacked typically have one thing in common, they haven’t had their code audited.
KlimaDAO, just thought you should know that.
But besides the obvious, why spend the money on an audit? There are lots of reasons and I’m going to share them with you:
– Standard checks. This is great if you’re a seller and need to confirm that your codebase meets the necessary standards, as well as to check — even if you’ve used open-source code — that there is no copyright infringement [3].
– Get your questions answered. From a buyer or consumer perspective, audits are frankly an opportunity to check that what you are buying isn’t s**t and answer questions like: How much of the codebase is from an open-source third-party? And what are the security vulnerabilities or functional gaps??? [3].
– Are there any bugs. Checking for bugs is important, because the sooner it is found the less expensive it is to fix [3].
– Check for outdated tools. Just like us humans, code gets old. Your code could be relying on outdated tools, which could pose security threats because the code wont mesh with newly published security updates [3].
So, for all you developers out there, bottom line is, unless you want to make like Mt. Gox and get all your crypto stolen, make sure you get your code audited; and for those of you investing, trading, or whatever y’all are doing with crypto, make sure you’ve done your background and look for the audit!
A special thanks to Charlie Terry who works as our chief of staff at Changeblock for writing this article. The Views and opinions expressed in this article are the authors own and may or may not be shared by Changeblock.
References:
[1] Graham, A. 2021. List of data breaches and cyber-attacks in September 2021–91 million records breached. Available at: https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-september-2021-91-million-records-breached
[2] Morris, C. 2021. The number of Data breaches in 2021 has already surpassed last year’s total. Available at: https://fortune.com/2021/10/06/data-breach-2021-2020-total-hacks/
[3] Clear Launch. 2021. Why a code audit is critical for buying or selling your business. Available at: https://www.clearlaunch.com/code-audit/
