With the growth of the cryptocurrency market, the number of unscrupulous players who want to take advantage of weak decentralized finance or DeFi protocols and projects for their own benefit has increased. Earlier this month, the Ethereum-Solana Wormhole token bridge suffered its biggest breach of 2022, losing $321 million due to a signature verification vulnerability. Such companies have become more sophisticated over the years.
But blockchain security companies like HashEx are in line with hackers refining their methods. Over the past years, HashEx has reviewed more than 700 DeFi smart contracts that provide $2 billion in investor funds. A popular project using HashEx is Trader Joe, a popular decentralized exchange based on the Avalanche (AVAX) blockchain. In an exclusive interview with Cointelegraph, Dmitriy Michonin, CEO and founder of HashEx, explains how the company is improving its vetting process to protect crypto enthusiasts from potential breaches.
The legacy verification method consists of manual verification and automated testing of the base code. As Dmitriy told Cointelegraph:
“Traditionally, a group of accountants would check contract logic manually, and try to provide some input values that could break their logic. It’s like an Olympiad for programmers. But that’s only good if your accountant is experienced enough.”
Sometimes, Dmitriy continues, “problems cannot be invented and then tested, since they arise not because of errors in the logical code flow, but because of small errors, as in the case of the Ethereum virtual machine, which happen quite often.” To get around this bug, HashEx has developed a “randomized (random) test method”. Using artificial intelligence, the software generates between 1,000 and 100,000 random transactions with different directions and criteria to confirm the smart contract test.
“With random transactions, it feels like a simulation of someone with a crazy idea (which usually describes hackers) creating something to break the contract.”
When asked if there were any violations of the revised HashEx smart contracts, Dmitriy answered very modestly. In 2020, none of the company’s verified projects have been hacked. But 2021 saw two minor accidents with hundreds of projects still safe. One project on the avalanche network ran into a critical problem in a renegotiated contract and lost about $100,000. Meanwhile, Dmitry clarified that the second incident was not a burglary per se, as there was an error in the contract that did not allow the shipment. “This is the real world, and sometimes we miss it,” says Dmitriy.
