SmartBCH: Contract Security Report

0 143
Avatar for BCHPleaseOrg
Written by
1 year ago
Topics: Bitcoin Cash, Security

As we get closer and closer to the May 15th upgrade, SmartBCH is gaining a lot of attention. Mist continues to grow by leaps and bounds, Joystick Club is on-board a rocket ship to the moon and Verse is building unstoppable momentum following their recent launch.

IMPORTANT NOTE: Unlike most EVM-powered chains in crypto, SmartBCH DOES NOT have the Etherscan team as its primary data & information portal.

Since the downfall of SLP 😩 I've been patiently waiting for SmartBCH to mature to the point of being ready to support "enterprise-class" products and services. Unfortunately, we're still quite a bit a ways off from that.

I wholeheartely believe in a prosperous future for SmartBCH as well as the overall growth of Bitcoin Cash; but I struggle to understand how such basic smart contract security has been overlooked for so long.

Anyway, enough complaining, I've decided to do something about it, and I'd love to get your thoughts...

DeFi & GameFi on SmartBCH are BOOMING!

TL;DR: Introducing the Smart Bitcoin Info Center

https://sbch.info

(very much a work-in-progress, so your mileage may vary)

In addition to providing support and guidance for SmartBCH newbies, this nascent portal will also serve as an alternative block explorer to the current default https://smartscan.cash.

TOP3 Benefits & Highlights (at launch):

  1. Comrehensive smart contract analysis & verification

  2. Real-time (on-chain) contract & platform monitoring

  3. XHedge NFT management and voting

I've been developing these smart contract tools (and several others) for over a year now. There were to be used internally with my own SmartBCH projects. However, when looking at the tremendous security gap that exists today, I feel compelled to "make the time" to package and publish the most critical tools and services for use by the greater SmartBCH community of stakeholders, developers and users.

PLEASE NOTE: This portal is just a very early-stage Minimum Viable Product (MVP); and has NOT been curated and polished as yet for the decerning end-user.

Why do we need Smart Contract Verification?

Well.. when you connect your web/mobile wallet to a Web3-enabled website, you're doing so in order to interact with 1 or more smart contracts. These smart contracts are what power the explosive DeFi markets and the nascent GameFi industry.

NOTE: It's extremely easy to fuck up a smart contract, either intentionally, through incompetence and/or "zero-day" bugs. There are at least 1 or 2 MAJOR security breaches each week in the Ethereum ecosystem. Security audits and peer review (usually through bug bounties) are the ONLY defense against these financial (often life altering) disasters.

The SmartBCH team has already written a contract source code verifier, available here: https://github.com/smartbch/sourceverify

The backend is running here: https://moeing.dev:8080/contract/verify

And its front-end (user-facing portal) is deployed here: https://sourceverify.smartscan.cash

After 2 days of my own deep analysis (and reviewed by my awesome team in Atlanta), I felt it would be beneficial to open a GitHub ticket (https://github.com/smartbch/sourceverify/issues/1) as to where I believe this current solution should be improved.

So who has the TOP10 SmartBCH contracts?

We're fast approaching 100 Million Dollars being actively staked, farmed and traded via the leading SmartBCH contracts:

  1. CoinFLEX Stablecoin (FlexUSD) - $46M+

  2. GoCrypto (GOC) - $11M+

  3. BlockNG (LAW) - $5.6M+

  4. Green Ben (EBEN) - $4.5M+

  5. CashCats (CATS) - $2.4M+

  6. Mist Token (MIST) - $2.1M+

  7. TangoSwap (TANGO) - $1.7M+

  8. Goblins (GOB) - $1.5M+

  9. BCH Name Service- $1.4M+

  10. Joystick Club (JOY) - $600k+

(source: https://www.marketcap.cash/)

How many of the above contracts have been audited or verified?

Find out here -> https://sbch.info/contracts

And who are the TOP3 SmartBCH platforms?

The smart contracts run by "platforms" are usually an aggregate of MANY tokens (contracts) and are even more suseptible to attack. Thus, they should be the MOST highly scurtinized and protected contracts of ANY in the community.

Combined with their "Total Value Locked" assets, we'll soon reach $100 Million Dollars in assets actively moving through SmartBCH contracts on just the leading platforms alone:

  1. Mist - $7.1M+ TVL

  2. Tango - $3.5M+ TVL

  3. Verse - $1.2M+ TVL

Best Laid Plans for SmartBCH

As I stated early, I'm not one to talk shit without backing it up. So I've been working over the past couple weeks to identify the MOST vulnerable security issues; and I've been coordinating with other SmartBCH stakeholders & developers to plug these holes and gaps.

Introducing Smart Contract Security Analysis & Monitoring

To start, I encourage you to check out the NEW Contracts Page.

Most of my efforts leading up to the "official" launch of this new portal will be centered around curating as many SmartBCH contracts for analysis and presentation as possible.

If you're a developer and you want to verify/submit your own smart contract, you can do so here: https://sbch.info/verify.

NOTE: I'll also be prioritizing work on the NEW XHedge Voting System that just launched on SmartBCH. This feature enables 50% of SmartBCH validators (those that secure the network) to be voted on by BCH stakeholders; while the other 50% will be voted on by BCH miners.

You can see a preview of that here: https://sbch.info/validators

Donations & Support

Your feedback is invaluable to me and my team. So I ask that you leave any comments and questions below, and I'll be sure to answer each and every one.

Your financial support is also greatly appreciated. And I'm making extra efforts these days to better recognize those that are "financially" supporting Bitcoin's BUIDLers.

eg. https://sbch.info/sponsors

If you'd like to help support the efforts of protecting SmartBCH stakeholders and strengthening the security of the network, you can donate BCH to (bitcoincash:qqvl7fwcthhhntsew056t8007pw55k258vmlm053fy).

However, I MUST encourage you to use our (temporary) SmartBCH donation address (0xD6Ce323C6cbB9c1EAEd8EaCE8503C2b10ff47edA); as we'll be rewarding donations with 2x PIF Tokens when our NEW Pay It Forward (https://pif.cash) community fund launches in May.

NOTE: Our "official" SmartBCH donation address isn't being used until we've completed, tested and deployed our upcoming Smart Ledger project.

So what's coming up next...

In short, our team is committed to getting ALL of the following Bitcoin Cash services online with a Minimal Viable Product (MVP) by May 15th:

I'm actively in the process of organizing with other BCH BUIDLers in the community to work towards a more "sustainable" funding model. This centers around the launch of Pay It Forward and the recently upgraded Smartstarter platforms.

It was only 2 years ago that the BCH community took a hard stand against the IFP (Dev Tax)

I ask that you remember to support NOT only the BCH node developers, but to take notice of the BCH applications & services developers that create tremendous value with their tireless (often thankless) hard work 💪 building the "user portals" that bring greater adoption to Bitcoin Cash and greater value to its stakeholders.

Stay tuned for more service announcements & launches leading up to the May 15th upgrade. Let's #MakeBitcoinCashAgain!

Thanks for reading 😊

Cheers!
Shomari
https://twitter.com/ShomariPrince

Photos are courtesy of Unsplash

1
$ 0.00
Avatar for BCHPleaseOrg
Written by
1 year ago
Topics: Bitcoin Cash, Security

Comments

About us Rules What is Bitcoin Cash? Affiliate program Get sponsored Self-host hello@read.cash