Wednesday, June 27, 2018

"...Last Year’s ICOs Had Five Security Vulnerabilities on Average"

From Bleeping Computer:
Security researchers have found, on average, five security flaws in each cryptocurrency ICO (Initial Coin Offering) held last year. Only one ICO held in 2017 did not contain any critical flaws.
According to, a security firm specialized in ICO security audits, most of the vulnerabilities they found, they discovered in the smart contracts at the base of the ICO itself.

"71% of tested projects contained vulnerabilities in smart contracts, the heart and soul of an ICO," the company said. "Once an ICO starts, the contract cannot be changed and is open to everyone, meaning anyone can view it and look for flaws."

"Typically, these would consist of non compliance with the ERC20 standard (the token interface for digital wallets and cryptocurrency exchanges), incorrect random number generation and incorrect scoping amongst others," experts say. "Generally, these vulnerabilities occur due to lack of programmer expertise and insufficient source code testing."

All ICO mobile apps were vulnerable
Researchers also say that all the mobile apps ICO organizers have launched in 2017 contained security flaws. The good news is that not all ICO organizers have released mobile apps, but those who did, did not invest in securing it against attacks...MORE