Skip content

LRQA at 2024 FS-ISAC APAC summit: Blockchain and smart contract security for protecting digital assets in finance

In July, the Financial Services Information Sharing and Analysis Center (FS-ISAC) hosts the 2024 Asia-Pacific FS ISAC summit. LRQA is honoured to have the opportunity to present on blockchain and smart contract security for this edition.

Blockchains have frequently made headlines, both for positive and negative reasons. One crucial point to understand about blockchains is that, for the first time in human history, it is possible to exchange value without relying on a central authority. While this might not seem significant at first, it is a fundamental aspect that underpins the transformative potential of blockchain technology. This breakthrough was made possible through decentralisation and advanced cryptographic techniques. For instance, if we consider Bitcoin as a blockchain, despite having no single entity in control, it has operated without failure for over 14 years.

The invention of the Internet profoundly changed our society, revolutionising how we exchange information. Now, we stand on the brink of a similar transformation in the realm of value exchange. The way we transfer and manage value is undergoing a significant shift.

Beyond decentralisation, blockchain technology enables the attachment of rules to transactions, paving the way for the development of complex applications in the form of smart contracts. While usage for financial products represents a prominent example, the potential use cases extend far beyond. Encompassing supply chain management, proof management, digital identity, ownership verification, voting, governance, and a myriad of other applications.

However, while blockchains offer efficiency in solving certain problems, they also introduce new challenges, particularly concerning security, especially when dealing with significant amounts at stake. Given that most blockchains operate on a permissionless basis, they are susceptible to the influence of both benevolent actors and those with less noble intentions. New classes of security vulnerabilities have emerged in this new paradigm.

LRQA is actively developing expertise in evaluating smart contracts and decentralised applications and has already assisted clients in identifying and rectifying critical issues before their deployment.

This was made feasible through the adoption of various testing methodologies, including:

  • static and automated source code reviews
  • dynamic code reviews involving direct interaction with smart contracts, crafting proof-of-concept code and code coverage
  • parameter fuzzing, invariant fuzzing, and differential fuzzing techniques

The FS-ISAC APAC event presents an invaluable platform to illustrate prevalent smart contract vulnerabilities that have gained prominence. Highlighted bugs that are exclusive to the blockchain ecosystem and necessitate expertise tailored specifically to this domain.

Real-world bugs that will be showcased in the presentation:

  • Weak random number generation
  • Flash loans attacks
  • Governance hacks
  • Various cases of re-entrancy attacks
  • Access controls issues

Blockchains are poised to make a significant impact on society, akin to the transformative influence of the internet. However, this potential comes with concerns, including the expanded attack surface, complexities in code, and the major repercussions of vulnerabilities. Similar risks were encountered with the adoption of the Internet, exposing companies and intellectual property to global accessibility. Yet, despite these risks, few would consider abandoning the internet.

Considering these challenges, LRQA invites financial industry stakeholders to leverage our specialised cybersecurity in financial services to safeguard your blockchain and smart contract implementations. Join us at the FS-ISAC APAC summit to learn more about how we can help protect your digital assets in this evolving landscape.