Review of RealBig Smart Contract Security Audit

Join our Social Media

Telegram Channel, Group, Twitter, Discord, Facebook, Instagram and Linkedin

As a result of of several cyber attacks on crypto projects and Exchanges, currently most of established centralized and decentralized (IDO) exchange require smart contract security audit report as a part of their listing application. Indeed, they even vet the security auditor’s credentials to ensure the report is thorough and performed in a professional manner. As such, the RealBig project was designed by including latest blockchain security best practices into its token smart contracts.

Smart Contract Weakness and Vulnerabilities

Behind RealBig project are blockchain veterans known around the world for their book publications and expertise in blockchain cybersecurity. Specifically, in designing and developing our smart contracts, we following the list of 37 known smart contract weaknesses (as mentioned below), each of which is registered under Smart Contract Weakness Classification (or SWC) with a specific code. Blockchain cybersecurity specialists will use them for auditing a blockchain smart contract before it goes to the production. The application and priority of the following list varies from one platform to another. For instance, Ethereum or a public blockchain application is more vulnerable than a private platform like Hyperledger.

• ID => Title

1. SWC-136 => Unencrypted Private Data On-Chain
2. SWC-135 => Code With No Effects
3. SWC-134 => Message call with hardcoded gas amount
4. SWC-133=> Hash Collisions With Multiple Variable Length Arguments
5. SWC-132=> Unexpected Ether balance
6. SWC-131=> Presence of unused variables
7. SWC-130=> Right-To-Left-Override control character (U+202E)
8. SWC-129=> Typographical Error
9. SWC-128=> DoS With Block Gas Limit
10. SWC-127=> Arbitrary Jump with Function Type Variable
11. SWC-126=> Insufficient Gas Griefing
12. SWC-125=> Incorrect Inheritance Order
13. SWC-124=> Write to Arbitrary Storage Location
14. SWC-123=> Requirement Violation
15. SWC-122=> Lack of Proper Signature Verification
16. SWC-121=> Missing Protection against Signature Replay Attacks
17. SWC-120=> Weak Sources of Randomness from Chain Attributes
18. SWC-119=> Shadowing State Variables
19. SWC-118=> Incorrect Constructor Name
20. SWC-117=> Signature Malleability
21. SWC-116=> Block values as a proxy for time
22. SWC-115=> Authorization through tx.origin
23. SWC-114=> Transaction Order Dependence
24. SWC-113=> DoS with Failed Call
25. SWC-112=> Delegatecall to Untrusted Callee
26. SWC-111=> Use of Deprecated Solidity Functions
27. SWC-110=> Assert Violation
28. SWC-109=> Uninitialized Storage Pointer
29. SWC-108=> State Variable Default Visibility
30. SWC-107=> Reentrancy
31. SWC-106=> Unprotected SELFDESTRUCT Instruction
32. SWC-105=> Unprotected Ether Withdrawal
33. SWC-104=> Unchecked Call Return Value
34. SWC-103=> Floating Pragma
35. SWC-102=> Outdated Compiler Version
36. SWC-101=> Integer Overflow and Underflow
37. SWC-100=> Function Default Visibility

RealBig Security Audit Report

RealBig smart contracts have been audited by two blockchain security experts: Dr. Mike Mu and Rajneesh Gupta. You can go here to see our detailed smart contract security audit report.

Dr. Mike Mu- Blockchain Security and Cryptography Expert

Mike is a software developer and security researcher with over fifteen years of direct experience, of which the last seven have been focused on blockchain and advanced cryptography. His scope of work has included high throughput blockchain projects, consensus protocols, privacy transactions, Solidity smart contracts, custom Substrate pallet, and ink! Smart Contracts.

Mike’s ongoing research is focused on post quantum cryptography (PQC) primitives and the feasibility of using PQC for blockchain digital signature schemes. Prior to his work with blockchain, Mike developed and supported a large-scale, real-time, Internet voice communication system that supports 100,000 simultaneous voice calls.

Rajneesh Gupta- Blockchain Security Specialist

Rajneesh has CISA, CPISI, Cobit 5, ISMS LA, CDPO-GDPR, CEH, and CHFI certifications. He is the author of Hands-on Cybersecurty with Blockchain. He has 13 assertive years of experience in information security. He has a diverse security leadership experience, including roles in operations, system integration, security architecture, project management, Identity, and Access management, business continuity planning, IT risk management and information security.

He has delivered multiple assignments on Cyber Security, Payments, PCI DSS, SSAE16, ISO20000, BS25999, ISO 27001, Secure Architecture Design & Solution Implementation, IT Security & Risk Management, IT Audit, Advisory & Assurance and Business Process & Controls Improvement for enterprises in United States, Singapore, India, UAE & UK.

Join our Social Media

Telegram Channel, Group, Twitter, Discord, Facebook, Instagram and Linkedin