「RECAP」AMA About How to Keep Your Smart Contract Secure During Development With Beosin VaaS

Host: Andrew

Speakers:

Beosin Technical Adviser: Malcolm

Partner of Negentropy Capital: Billy

Andrew: We’re going to kick off our AMA today! First of all, welcome Beosin Technical Adviser, Malcolm!

Malcolm: Thank you, Andrew. First, let me do a short introduction!

I have worked with software engineering for 10 years with the last 5 years in crypto. I have seen all kinds of different security issues over the years, but it takes a whole other level when working with blockchain and irreversible transactions. Everything needs to be 100% correct from start, and it’s a bit scary that not everyone do proper security audits. I am very happy to support the crypto industry together with Beosin.

Q1

I just joined the group. Are you a security software company that offers some security products. Or do you have other services?

A: We’re Beosin, a leading global Web 3.0 blockchain security company co-founded by several professors from world-renowned universities. We provide integrated blockchain security services and products to serve 1 million+ users in the global blockchain ecosystem. You can find more about our product and services on www.beosin.com.

Q2

Okay. Any Specific and advantage of your team?

A: The team consists of 100+ security experts, including 40+ PhDs and postdocs. The core team members have accumulated over 20 years of experience in formal verification technology, cybersecurity, artificial intelligence & big data mining technology.

Q3

That’s fantastic👍🏻 And is there any performance about Beosin so far?

A: Beosin has conducted security audits on more than 2,000 smart contracts and projects in the global blockchain and Web3.0 ecosystem, identified 85,000+ code vulnerabilities and has successfully protected over $500 billion in assets with zero security incidents for all audited projects, which are fully recognized by our partners and the their users.

Q4

I would like to know what is the necessity of security audit for smart contracts.

A: As one of the cores of the blockchain ecosystem, smart contracts have developed rapidly in the past few years, and they have significant advantages in scenarios with multiple participants and complex transactions. In recent years, with the frequent outbreak of security incidents in the blockchain ecosystem, the security of blockchain platforms, especially smart contracts, has become an obstacle to the forward development of this new technology.

And according to statistics monitored by Beosin EagleEye, in the first quarter of 2022, losses from global blockchain attack-type security incidents were up to about $1.2 billion, nearly nine times from $130 million in the same period last year. It is also higher than the amount lost in any quarter of 2021.

As all transactions on the blockchain are final, funds cannot be retrieved should they be stolen. A smart contract security audit provides a detailed analysis of a project’s smart contracts. These are important to safeguard funds invested through them.

Q5

If you are doing such great Audit job, why launch this detection tool VaaS. What is VaaS?

A: VaaS was developed by the Beosin for the security of smart contracts. It is the worlds first WEB3.0 smart contract security detection tool with the capability of NFT ERC721 and other ERC’s conformance checking, code vulnerability detection and business logic correctness proof. Now with 100,000+ users, it supports multiple public blockchains such as ETH, BNB, MATIC, AAVE, ONT, EOS, etc. At the same time, it can greatly improve the efficiency of smart contracts audit, and reduce the potential security risk caused by incomplete manual audit.

Q6

Sounds great. What other services can I get with Vaas besides code checking?

A: There are four feature functions of VaaS:

1. One-click automatic detection

Just upload the contract and the platform will automatically detect.

2. Customized configuration

Customized configuration for different blockchain platform parameters.

3. Contract-to-contract verification

Support inter-call between multiple contracts, able to verify the properties between contracts.

4. Vulnerability report

The vulnerability report presents the vulnerabilities details including types and severity and also modification suggestions.

Q7

Why should I choose VaaS? What advantages does it have compared to other brands?

A: There are four advantages of VaaS:

1. Expert in formal verification

Beosin is one of the first companies in the world to apply formal verification to the blockchain. With over 20 years of experience in formal verification technology, we have audited thousands of smart contracts.

2. High-accuracy security testing

Automatic testing to locate the code vulnerabilities with an accuracy up to 97%.

3. Support multiply mainstream blockchain platforms

Supporting ETH, BSC, MATIC, AAVE, ONT, EOS, etc.

4. Easy formal specifications

Formal specifications are written directly in contract language. No additional efforts in learning specification language.

Q8

How should I use VaaS to audit smart contracts?

A: You can use it in your browser, just navigate to VaaS from our website: www.beosin.com. Let me paste a few screenshots here that shows how to use the platform. The general flow can be described in 5 steps：

Step 1 Create a new project

Step 2 Upload your smart contract

Step 3 Fill in the contract name of the contract

Step 4 Start detection

Step 5 Generate report

We have a free trial now, feel free to try it out. You can also find link to documentation there: https://vaas.beosin.com/#/main

Q9

Hi, why are you capitalists also concerned about the security detection and auditing of smart contracts?

A: Hi, okay, thanks for the invitation. It’s my turn. First of all, let me introduce myself. I am the partner of Negentropy Capital, We focus on the web3 Investment. You guys can call me Billy.

We also go through and observe the products of the projects, such as DAPPs for example, smart contracts, in the early stages of venture capital. So we also pay attention to the price stability and security of these products. If there is a product like VaaS, which can give the corresponding detection file, it will help us a lot to evaluate the products in our early investment.

Of course, if the project comes online at a later stage, there will be an audit report, and we will consider whether to continue to invest or disinvest based on some data from the audit report to determine the true technology, development level and vulnerability of the project.

Q10

Hi, I am a TribeOne follower. I saw your AMA announcement and found that you have invited them as well. And I want to know, what are the audit points during the auditing process for TribeOne? And will your tool be available to project owners to use?

A: Hi, this project has two main contracts. The first contract is the Tribeone main contract, which is mainly responsible for lending to purchase NFT. The second contract is the landworks adapter contract, which is mainly responsible for pledging the NFTs that have not yet completed their loans to landworks for leasing and making profits for the lender.

After auditing, only 1 medium-risk and 1 info items were identified in the TribeOne project. No critical-risk or high-risk issues were found during the auditing process.

For your second question, we suggest that project could use VaaS whether they come to us for auditing or not.

At the same time, we also recommend using VaaS at any time during the developer’s development process.

End

We will try to do this more often to keep our community up to date with all the progress work. Thank you !

More

1. VaaS — Automatic Detection Tool , Make Your Smart Contract Secure In Web3.0

2. How to Ensure the Security of NFT Under the Web 3.0 Boom?

3. DEUS Finance Suffered its Second Flashloan Attack This Year: Beosin’s Detailed Analysis

4. Beosin Has Completed Security Audit Service of Crypto LEGO ALG

5. Beosin Has Completed Security Audit Service of MasterChefV2 and cake-pool Contracts in PancakeSwap

Contact

If you have need any blockchain security services, please contact us:

Website Email Official Twitter Alert Telegram LinkedIn