Code Audit

Pirate Chain is happy to announce a Light Code Audit by 3rd-party cybersecurity firm Cyber Unit Technologies.

The peer review was ordered earlier this year and was completed in the middle of May 2021. A full copy can be found at the end of this article.

About The Review

This assessment aims to understand Pirate Chain implementation's current state. In general, this includes the ability to maintain the consistent state of the distributed ledger on a large number of the nodes as well as the ability to process state updates in the form of transactions sent by users, the ability to resist common attack patterns, and continuous operations under a heavy load.

The scope of this assessment (both black-box and white-box) was limited to components specific to the Pirate Chain blockchain node implementation, stored in the following git repositories:
https://github.com/PirateNetwork/pirate

Executive summary

Consultants performed a discovery process to gather information about the target and searched for information disclosure vulnerabilities. With this data in hand, we conducted the bulk of the testing manually, which consisted of input validation tests, impersonation (authentication and authorization) tests, and session state management tests.

The purpose of this penetration testing is to illuminate security risks by leveraging weaknesses within the environment that lead to the obtaining of unauthorized access and/or the retrieval of sensitive information.

Audit Results

Conclusion

Blockchain protocols within the scope were manually reviewed and analysed with static analysis tools. For the protocols, a high-level description of functionality was presented in the report's Testing approaches section.

Blockchain protocols report contains all found security vulnerabilities and other issues in the reviewed code.

The overall quality of reviewed blockchain protocols is well­ secured Security engineers didn't find issues which could have significant security impact during testing.

Note

Whilst 95% of the Pirate Chain code has already been audited directly or indirectly the community is dedicated to providing occasional reviews to reaffirm the highly secure nature of the blockchain.

It is also worth noting that these reviews are complimentary and optional as the technology is open source, therefore open to constant peer reviews.

This review is named Light Code Audit because it is not a comprehensive search into everything but a type of review that looks at fundamental cybersecurity principles in regards to wallet commands and general daemon commands.

The Open Source Model

The open-source model which Pirate Chain supports, is a decentralized software development model that encourages open collaboration. A main principle of open-source software development is peer production, peer editing and peer review. The source code, blueprints, and documentation are freely available to everyone.

Open source promotes universal access via an open-source or free license to a product's design or blueprint, and universal redistribution of that design or blueprint. The open-source software movement solves copyright, licensing, domain, and consumer issues.

About Cyber Unit Technologies

Cyber Unit help organizations to introduce digital innovation and improved performance using strategic cyber security. Cyber Unit’s highly skilled team helps protect critical infrastructure, critical data and assets for large companies, and training people who protect Presidential Offices, Central Banks, Ministries of Finance, and other at risk organizations.

Cyber Unit has done work for Cisco, Elrond, FTX and CRDF Global amongst others.

Further Reviews

Pirate Chain is currently in the process of undergoing a major code review. This is likely to last up to 12 months and it is dependent on the completion of the fundraising round.

Read The Full Audit Summary

https://piratechain.com/light-audit

Donate For More Security Reviews 🏴‍☠️🏴‍☠️🏴‍☠️

https://piratechain.com/donations/peer-review-code-audit/

External Resources:

https://cyberunit.tech/