Hyperledger Auditing Services

QuillAudits offers Hyperledger Fabric chain code Security & performance testing to validate, scale and secure your core business logic.

Importance of Audit(security)


Chain code hold transaction logic , all the issues and security flaws must be solved before deploying on hyperledger network.

If your hyperledger network & chain code Verified by 3rd party Auditor, it gain trust in participants involved in private permissioned consortium .

Our Hyperledger Audit Services



Blockchain/Platform Audit :

It is generally of the combined nature (chain codes + hyperledger network + backend). We identify and research on best optimisations possible with the chain code and hyperledger network configuration to achieve maximum TPS. We focus to make platform more efficient and secure overall.



Chain Code Audit:

A Chain code audit is a process to test the source code against all known vulnerabilities and attacks A Smart Contract audit identifies and prevents the deployment of security vulnerabilities that may cause to loss. Both business case logic and security point of view are considered.

Samsung Nexledger Accelerator

Samsung Nexledger Accelerator :

Nexledger Accelerator is developed by Samsung SDS to improve the performance of a blockchain network, in terms of transaction throughput. Accelerator enables the blockchain network to deal with explosive transaction requests from applications. With Nexledger Accelerator the TPS can be increased upto 10 times .

View Full Report

Hyperledger Caliper

Hyperledger Caliper:

Hyperledger Caliper is a blockchain benchmark tool, it allows users to measure the performance of a blockchain implementation with a set of predefined use cases. Hyperledger Caliper will produce reports containing a number of performance indicators to serve as a reference when using the blockchain networks.The report includes the transaction throughput and resources used by all components in the network.

View Full Report

Our Hyperledger Audit Items


Non-determinism Arising From Language Instructions

Global Variable

KVS Structure Iteration

Reified Object Addresses

Concurrency of Program

Generating Random Number

System Timestamp

Non-determinism Caused From Accessing Outside of Blockchain

Web Service

System Command Execution

External File Accessing

External Library Calling

State Database Specification

Range Query Risk (Phantom reads)

Fabric Specification

Field Declarations

Cross Channel Chaincode Invocation

Read Your Write

Common Practices

Unhandled Errors

Unchecked Input Arguments


Process

quillaudits process

Process

quillaudits process

Frequently Asked Questions


1What is Hyperledger Fabric?

Hyperledger Fabric is a permissioned blockchain infrastructure providing enterprise-grade blockchain solutions.The configurable consensus and modular architecture enables Hyperledger Fabric a best choice for a broad range of industry use cases.The business logic or the smart contract is called as chaincode in Fabric network which is executed in the peer nodes.The channel configuration supports endorsement policies to be enabled which provides additional security and privacy.The certificate authority provides various levels of certificates and it is used by the Membership Service providers to enable various capabilities for the Fabric network components.Due to this modular architecture the Fabric network is highly scalable.

2Why Hyperledger fabric security is important?

Hyperledger fabric contains sensitive data about the consortium. Hyperledger auditing eliminates the possible vulnerabilities before it could be exploited.The chain code sometimes contains personal information as well as confidential business logic.Fabric network can be hacked in many ways and once the network is taken down by a malicious entity depending on the level of attack one will able to steal sensitive data, making illegal transaction which will lead the company to shutdown the entire network.Once the attacker has control over the fabric network depending on the node security , all the services connected to the node can be taken down.Hyperledger fabric security helps to eliminate most of the security loopholes.

3Why do I need performance testing for my Hyperledger project?

Hyperledger fabric network have more complex configuration and it should be taken care.Some developers exclude some configuration for simplicity and to save time.If the block size and time ,the network components ,state database and logging are not taken care of properly it will affect the network performance to go down.By performing performance test for the network the ideal configurations for the network can be known.The performance test will help to increase the throughput of the network significantly.

4What do I need for the Hyperledger fabric security audit?

Following are the things you need to know before starting Hyperledger Fabric Auditing:

1. Correct Functions Visibility:- Functions in solidity can have four visibility specifiers.Absent specifiers can be dangerous especially in the case of functions where the default is public accessibility. If such a function has critical logic then it can be triggered from any external address to potentially misuse the contract.

2. Oracle calls:- Blockchains cannot access data outside their network. An oracle is a data feed provided by third party service designed for use in smart contracts on the blockchain.

3. Check for re-enterancy and ensure state committed before external call:- Reentrancy occurs when external contract calls are allowed to make new calls to the calling contract before the initial execution is complete.

4. Don’t delegatecall to untrusted code:- The delegatecall function is used to call functions from other contracts as if they belong to the caller contract

Read More...

COMMUNITY AUDIT

We choose One Project each month for a Free Detailed Audit

  • - The selected project has to embed our QuillAudits Widget & mention us their partners on their website and social media platforms.

  • - Applications are accepted between the first 2 weeks of every month.

  • - In the 3rd week of the month, projects will be reviewed on the bases of the different selection processes and on the 21st we will announce a project for the Community Audit.

  • - Detailed Audit Report is made live on 30th of the following month.