Hartej Sawhney
(Source: YouTube)
Sawhney is one the rare participants exhibiting in the conference who was not there to pitch his ICO. He currently serves as the President of Hosho, a company which specializes in blockchain security analysis and smart contracts auditing. His is the only business card of more than a 100 at the conference to have a PGP key, making a bold statement about cybersecurity.
The security team at Hosho has observed over the course of one year that the quality of smart contracts has improved, and much of it is due to accessibility to prewritten smart contracts and the education provided in the industry. However, most of the vulnerabilities and flaws they have found were not in the technical implementation but the business logic.
Sawhney told BTCManager:
“It is perhaps potentially because of the gap between the people writing the white paper and the team implementing the smart contract. It’s important for the words in the white paper to be married to the code in the smart contract.”
Some interesting errors or vulnerabilities observed while auditing smart contracts were:
Exchanges can avoid being hacked by regularly conducting regular penetration testing. Every time code changes, they are potentially opening doors to the outside world.
Sawhney narrates the CoinDash hack, an exchange which was hacked of millions within 24 hours of its launch. The website was built with WordPress which is highly insecure for a product like a cryptocurrency exchange. Hosho also estimates almost ten percent of the funds raised through ICOs are hacked or lost.
Finally, he explained that Investments should go to products which value security and audits. Having more sophisticated engineers with a background in security and a quality assurance mindset is also a huge plus.
Article comments