glowglow

QuillAudits Docs

Walk-through: A Journey With Us to Secure Your L1 Blockchain

Hi there! Welcome onboard with QuillAudits. We are glad you chose us; let's buckle up and begin.


About us

QuillAudits is a leading name in Web3 security, offering top-notch solutions to safeguard projects across DeFi, GameFi, NFT gaming, and all blockchain layers. With six years of expertise, we've secured over 1000 projects globally, averting over $30 billion in losses. Our specialists rigorously audit smart contracts and ensure DApp safety on major platforms like Ethereum, BSC, Arbitrum, Algorand, Tron, Polygon, Polkadot, Fantom, NEAR, Solana, and others, guaranteeing your project's security with cutting-edge practices.


Banner.png

L1 Blockchain Protocol

In blockchain technology, layer 1 protocol refers to the underlying infrastructure or foundational layer that provides the basic functionality of the blockchain. It is often described as the base layer of the blockchain architecture, as it includes the core components such as the consensus mechanism, the block structure, and the transaction format.

Overall, layer 1 protocols form the foundation of the blockchain ecosystem and play a crucial role in enabling the secure and decentralized transfer of value and information across the network.

 

Why Does L1 Protocol Need Security Audit?

 

⚠️Ethereum Classic has suffered a 4,000-block-long reorganization, its second incident in five days. The first attack, which saw more than 3,000 blocks reported, had an attacker steal over 800,000 ETC, worth about $5.6 million.

The Bitcoin Gold (BTG) network suffered another 51% attacks on January 23-24, as roughly 29 blocks were removed in two deep blockchain reorganizations (reorgs). Reports indicate that over 7,000 BTG was double spent ($70,000) in two days.

According to various reports, Verge's cryptocurrency network suffered a 51% attack, leading to a massive 560,000+ block reorganization. Analysts believe the Verge network attack could be history's deepest blockchain reorganization (reorg), with roughly 200 days’ worth of verge transactions wiped.


L1 (Layer 1) blockchain protocols, also known as base protocols, are the fundamental layer of a blockchain network. They provide the underlying framework for the blockchain's operation, including its consensus mechanism, data storage, and network communication.


🚧A security audit is necessary for L1 blockchain protocols for several reasons:

Vulnerability detection: A security audit can help identify any vulnerabilities in the protocol's code that may be exploited by attackers. This is especially important for L1 protocols, as any vulnerabilities at this level can have severe consequences for the entire network.

Compliance: Many blockchain protocols are subject to regulatory requirements, and a security audit can ensure that the protocol complies with these requirements.

Trust: A security audit can increase the trust of investors and users in the blockchain network by demonstrating that the protocol has been independently reviewed for security.

Reputation: A security audit can also help protect the reputation of the protocol and its developers by identifying and fixing any security issues before they can be exploited.

Overall, a security audit is an important step in ensuring the security and reliability of a blockchain protocol, especially at the L1 level. It can help identify and fix vulnerabilities, increase trust and confidence in the network, and protect the reputation of the protocol and its developers.



Some of the potential attack vectors we examine (non-exhaustive)


1. 51% attack: A 51% attack could be used to gain control over the network by controlling the majority of the network's computing power.


2. Double-spending attack: A double-spending attack could be used to spend the same cryptocurrency twice by manipulating the network's consensus mechanism.


3. Sybil attack: A Sybil attack could be used to create a large number of fake nodes in the network to manipulate the consensus mechanism


4. Eclipse attack: An Eclipse attack could be used to isolate a node or group of nodes from the rest of the network to manipulate the consensus mechanism.


5. Forking attack: A forking attack could be used to split the network into two or more chains, causing confusion and potentially allowing for double-spending or other attacks.


6.Denial-of-service attack: A denial-of-service attack could be used to overwhelm the network with traffic, preventing legitimate transactions from being processed.


7. Timejacking attack: A timejacking attack could be used to manipulate the network's time synchronization mechanism, potentially allowing for double-spending or other attacks.


8. Consensus algorithm attacks: Attacks could be targeted towards specific consensus algorithms used by the network, such as Proof-of-Work or Proof-of-Stake, in order to manipulate the network's consensus mechanism.


Our Audit Process

 

Step 1: Defining the Scope

Define the scope of the audit, including the components to be audited, the risks to be assessed, and the objectives of the audit.

 

Step 2: Identify the Attack Surface

Identifying the potential attack surface of the blockchain protocol, including the components that attackers, such as the consensus mechanism, smart contracts, and cryptographic algorithms, could target.

 

Step 3: Review the Codebase

We Review the codebase of the blockchain protocol, looking for potential vulnerabilities or flaws that could be exploited by attackers. We use a combination of manual code review and automated tools to identify potential vulnerabilities, such as buffer overflows, unhandled exceptions, and other common coding errors.

 

Step 4: Assess the Consensus Mechanism

We Assess the security and reliability of the consensus mechanism used by the blockchain protocol, looking for potential attack vectors, such as Sybil attacks, 51% attacks, or double-spending attacks.

 

Step 5: Evaluate Cryptography

Evaluating the cryptographic algorithms used by the blockchain protocol, looking for potential weaknesses or vulnerabilities that could be exploited by attackers

 

Step 6: Assess Authentication and Authorization

Assess the authentication and authorization mechanisms used by the blockchain protocol, looking for potential vulnerabilities or flaws that could allow unauthorized access to the network.

 

Step 7: Review Network Security

Reviewing the network security measures used by the blockchain protocol, looking for potential vulnerabilities or weaknesses that could be exploited by attackers, such as DDoS attacks or man-in-the-middle attacks.

 

Step 8: Evaluate Performance and Scalability

Evaluate the performance and scalability of the blockchain protocol, looking for potential bottlenecks or scalability issues that could impact the performance of the network.

 

Step 9: Initial Audit Report

Based on the results of the audit, We will Document All Findings in a Report with recommendations for improving the security and efficiency of the blockchain protocol, including best practices for code development, security measures, and risk mitigation strategies. This may include:

  • Creating a detailed report outlining the audit findings and recommendations for remediation.

  • Prioritizing the vulnerabilities based on severity and potential impact.

  • Providing guidance on how to address each identified vulnerability, including recommendations for software patches or configuration changes.

  • Delivering the report to the Client Team.

🦋How can you help?

You have to prepare an 'Updation Summary' or 'Comment Report' carrying details of the changes you've made after getting the IAR; this would help us identify the changes and test them rigorously.


Step 10: Follow Up

Follow up with the blockchain protocol team to ensure the recommended changes are implemented and provide ongoing support and guidance as needed.

 

Step 11: Final Audit Report

After Follow Up and Receiving initial audit fixes from Project Team, We Will Review the Fixes and Complete Code again, and the Final Audit Report will be delivered. Even after your fixes, some issues are still unresolved, and/or those changes have led to a few more issues.

So, after receiving the Final Audit report, you have to take a call (based on the severity table containing the unresolved issues) on whether to alter the code again or to move forward as it is.

 

🦋How can you help?

After getting the Final Audit Report, please notify us whether we can proceed to prepare the final designed draft or if you are going to fix the code again.


Step 12 - Delivery

After getting a green light from the previous step, we send the report to our designers. With their skills, they make a PDF Version of the Audit Report and beautifully showcase everything in it.

Sample PDF Report

Then, the report is uploaded to our official GitHub Repository, after which we share the link to the Audit Report and Certificate of Compliance from QuillAudits.


Post-Audit-Announcements

As per your requests, we make an Audit Announcement from our social media handles to mark the completion of the Audit.

Access to QuillAudits Ecosystem (Exchanges, IDO, KYC, Incubators, VC Partners).


🚧The completion of this step totally depends on the calendar availability of our Marketing Team. Therefore, this step might take some time to complete.


AMA Sessions

  • Expert Auditors Explaining the Nuances of the Audit Report
  • QnA and Direct Interaction with Your Audience to Build Trust in Your Project

Niche Targeted Marketing/PR Services

  • Articles & Guest Posts in Renowned Publications.
  • Cross-Platform Promotions to Give More Exposure to the Project.

Organize Product launches, Community Meetups etc.

  • QuillAudits team will help you in your product launch in India.
  • Set up community meetups, product workshops and web3 events for you.
  • QuillAudits expert team and partners will take care of everything from content creation to marketing and event location to event coordination.


What can the Project Team Expects from Us?

  • Delivery of initial report within the agreed timeline (considering a margin of +- 2 days due to unforeseen circumstances).
  • Reviewing the final version of the code before concluding the audit.
  • Following the complete audit process, i.e., Manual Review, Functional Testing, Automated Testing, and Reporting bug findings.
  • Publishing Audit Reports and Making Post Audit Announcements based on agreed-upon terms.

What do We expect from Project Team?

  • A working test suite(all tests written are executable) covering at least 90% of the project code and edge-case scenarios.
  • Structured code following reasonable naming conventions and consistent coding style.
  • Well-documented contracts/functions and updated whitepaper.
  • Fixing issues from the initial bug-finding report and providing detailed comments, stating what fixes have been implemented to the concerned issues.
  • Reviewing the final report so that QuillAudits can conclude the audit.


Feedbacks

Your feedback helps us to improve and enhance. It helps us inculcate innovations in our services to improve and serve you better.

Please click here to provide your valuable feedback - Feedback Link


🦋Survey - Kindly provide your valuable inputs by filling out the survey form to aid us in understanding the current DeFi & NFT market better. It would help us to improve upon our methodology for 𝘀𝗺𝗮𝗿𝘁 𝗰𝗼𝗻𝘁𝗿𝗮𝗰𝘁𝘀 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆. Survey Link


Join Our Referral Program: Become a part of our quest for Securing Blockchain and Get Rewarded 🥳

💡Do you know a friend who might be in need of a Smart Contract Audit? 🙋‍♂️🙋‍♀️

We have something that you might be super interested in!

Together, we can benefit many DeFi, NFT, and DAO projects by securing them with QuillAudits.

Refer anyone looking for an audit, and get up to 15% on each referral. Click on the link below to get access to exciting offers. 🚀

https://bit.ly/3hqN6ZM



Subscribe to our Newsletter

Your weekly dose of Web3 innovation and security, featuring blockchain updates, developer insights, curated knowledge, security resources, and hack alerts. Stay ahead in Web3!

Telegram