Services / SECURITY AUDITS
Even a highly talented and experienced tech team can gain from independent third-party advice.
All projects security requirements evolve over their lifecycle. Jita developed its audits offering to meet these requirements.
Jita offers a wide range of security audits: smart contracts, new Layer-1 and Layer-2 protocols, architecture reviews, full product security audits, penetration testing.
You can find some of our audits here.
Smart Contracts Security Audits
Jita Digital has a long experience in developing, testing, deploying and auditing smart contracts in the following programming languages: Solidity, Rust, C++.
Smart contracts are highly exposed to security attacks. By their nature, they are directly accessible to any attacker with an Internet connection. They are difficult to develop as they often use domain specific and complex programming languages. Their execution environment is unfamiliar for most developers. Finally, they often store and manipulate large amount of financial assets, and their actions are final and immutable.
Focus: conditional access control procedures, input validation, system architecture, anti patterns, test coverage evaluation, reentrance checks, upgrade risks, assembly.
New Layer 1 and Layer 2 Protocols Security Audits
Are you sure your system is secure? Can it protect all its users, now and in the future? Will timeliness and security promises be met in all cases? What if a hostile client connected to the system?
Focus: system design, verification of consensus algorithms, identification and audit of all possible attack vectors, defense in depth.
During your project development, we provide early feedback on your architecture choices. This helps to reduce the attack surface and minimize the cost of design and coding mistakes by catching potential problems early on.
Focus: identify architecture risks before all code has been implemented, to eliminate many risks as early as possible.
Product security audits
full in-depth product audit. Especially useful for complex systems, to verify interactions between all components, all actor actions and operational risks. This type of audit considers the frontend, the backend, the micro services architecture, the deployment mechanisms.
Focus: identification of all components and review of individual specifications. Verification of each component functional conformity to specification. Control of third party dependencies and review of build and deployment systems. Identification and risk evaluation of all potential attack vectors.
Is your system safe from third parties? What would happen if one of your users lost their password? Can an end-user take unauthorized actions?
Focus: conditional access control procedures, API endpoints, information confidentiality, checks for known vulnerabilities