‘Projects Must Consider a Complex Set of Actions That Can Help Prevent Bugs,’ Says Dmitry Mishunin
BeinCrypto spoke to Dmitry Mishunin, CEO and Founder of HashEx. He discusses the significance of crypto initiatives testing and auditing their code.
Much like every know-how, blockchain is vulnerable to errors. One tiny bug in a code can undermine a platform’s safety and functioning.
Most not too long ago, an algorithm bug on Binance crashed the worth of bitcoin on the platform to $8,200. This incident was shortly resolved. It occurred simply after BTC reached its newest all-time excessive of $66,930 on October 20.
This highlights how even the largest platforms are nonetheless fighting bugs of their code.
Making code clear and comprehensible
Code bug incidences will not be a shock within the crypto and blockchain world. However, they nonetheless trigger a variety of ache for individuals who are affected by them.
Mishunin explains that initiatives are put underneath extreme strain to maintain up. This is as a result of the area is rising at such an intense price. All whereas sustaining anticipated requirements.
“The most important thing to bear in mind with this technology is that everything is public, which means a lot of people will be scrutinizing your code. And unfortunately, not all of them will be doing it with good intentions. The industry has no shortage of bad actors who would try to take advantage of any and all errors and vulnerabilities in a project’s code for their own gain, and you shouldn’t forget about this,” he says.
“Blockchain is immutable, which basically means that your code is exposed to everyone’s eyes and stored live. When you make changes to it, you can’t edit the original data. You can only move it to a new address with the new adjustments. This is something project creators should think of before they write even the first line of code.”
The satan is within the (code) element
As such, the necessity for clear and comprehensible code is much more vital. For blockchain initiatives, the satan is within the element. This is very so as a result of the price of failure might be within the thousands and thousands of {dollars}.
“It is crucial to write clear and understandable code from the very beginning and make sure it has as little in terms of vulnerabilities as the creators can possibly make it. It’s like going on a train ride with no brakes – once you are on, there is no getting off it, and the pace of things only continues to pick up as time goes on.”
“Remember – one wrong symbol in the code, one unwritten unit of information, or not well-documented feature may cost millions of dollars. Every step must be carefully considered because often after deployment, you can’t change things, and the cost of making a mistake is very high,” he says.
Code audits are taken severely
From Mishunin’s perspective, initiatives and platforms within the area are taking auditing of their code severely.
“We can see that based on the increasing demands in security audits. Security should be a top priority for any blockchain project from the very beginning. And today, audits have become not just good practice, but a must-have for every project,” he says.
“Most teams do their best to take every precaution in order to make their products as safe as possible and retain the trust of their customers. Projects that take security most seriously order several audits from independent companies, open source their code, invest efforts in documenting it well, hire white-hat hackers, and start bug bounty programs.”
Never going to be 100% protected
However, even when initiatives are placing within the work to ensure they’ve clear, protected code, there may be nonetheless room for bugs to slide in.
“There can be a variety of reasons for this. Unfortunately, no matter how much you invest into testing and audit, it does not guarantee 100% freedom of bugs,” he says.
“Sometimes, if the project is simple enough – for example, it’s a fork of another popular project – the team can skip some phases or decide not to order an audit. In some cases, the project sacrifices time on testing in favor of going live earlier. This is one of the mistakes that you can and should avoid – because even a single typo can lead to serious bugs and massive loss of funds.”
To illustrate how this occurs so shortly, Mishunin turns to the Uranium Finance challenge exploit from April 2021. A basic math bug within the code throughout the migration to V2.1 resulted in $57 million misplaced.
Security key points
Another hack vector is compromised safety keys. So even when a challenge has ensured its code is protected, improperly storing these all-important keys can turn out to be an issue.
“To avoid this and keep your crypto funds safe, it is always safer to store keys in cold wallets that are not connected to the Internet. But while a cold wallet is the safest bet, it may not be convenient to use for some people,” Mishunin explains.
“Therefore, another option for securing accounts would be using multi-signature wallets. With those, a transaction needs to be signed by several accounts, and even in the event that one account gets compromised, it won’t become a problem. Because other multisig wallet owners won’t sign off on a malicious transaction.”
Putting within the effort and time
Mishunin’s recommendation to groups primarily revolves round placing within the required effort. He explains that taking shortcuts and never staying on prime of the state of affairs is the place issues can start.
“Projects often have to consider using a complex set of actions that can only help prevent bugs when all the measures are taken together.”
He explains that it begins with choosing the proper group.
“It may sound like something obvious, but actually accomplishing it is not easy. Intensive onboarding and training are crucial. Hire talented professionals eager to develop quality code and solutions. It takes the right mindset and specific skills to develop a solid blockchain project,” he says.
In addition, protecting on prime of what the trade is doing means you gained’t be caught unawares by new assault vectors or hacks.
“Be sure to stay on top of what’s going on with other projects in the industry, keep an eye on known attacks and bugs, review known attacks and share best practices inside your team. Participating in bug bounty programs and contests is also a good idea, as it puts you in the shoes of a potential hacker and could yield insight that you wouldn’t get otherwise.”
Do not skimp on design and testing
It is likely to be simple to miss this a part of the method, as many groups need to concentrate on the precise product they’re making. However, Mishunin strongly warns towards taking shortcuts.
“As far as the developing phase is concerned, projects should not cut down on time for design and testing. I would suggest using automated software testing, always aiming at 100% code coverage. Code coverage helps greatly in determining how comprehensively the project’s software is verified and, in turn, where the team should focus their testing,” he says.
“For design, coding, and testing I would recommend leveraging existing or preparing your own checklists. Or even do both in tandem, so that nothing gets missed.”
Ensuring a correct sign-off on code
Finally, he emphasizes the necessity for a correct launch course of. This is the ultimate stage however shouldn’t be the top of the street for challenge code safety.
“A proper release process is also important, as it includes the final sign-off. Using automated scripts for deployments would be preferable here to avoid human errors. And it doesn’t end with the release,” he says.
“Be sure to pay attention to matters of support and incident handling, think in advance, what you should do when hackers come for you. Because chances are – they will at some point.”
Disclaimer
All the knowledge contained on our web site is revealed in good religion and for common info functions solely. Any motion the reader takes upon the knowledge discovered on our web site is strictly at their very own threat.
