성공적으로 마친 “SWAP.core” 의 기술적 감사

SWAP.Online 팀은 혁신적인 암호화폐 오픈 마켓 플랫폼의 출시에 임박하고 있습니다. 저희는 저희 플랫폼이 암호화폐 지향적인 스타트업들이 투자를 받을 수 있게 탈중앙화된 거래소 기능과 메커니즘을 합칠 것인데, 이것을 초보자들에게 알려드리고자 합니다.

아토믹 스왑(Atomic Swaps) 알고리즘을 기초로 하는 이 기술은 사용자들이 탈중앙화되고 빠른 방식으로 ERC20 ⇔ ERC20 과 ERC20 ⇔ BTC 과의 교환을 가능하게 해줍니다. REST API means 를 통해 자바스크립트 없이 코어가 프로젝트 안에서 시행될 수 있게 준비된 상태로, 이미 이 교환이 성공적으로 실시되는 것입니다. 따라서 알파버젼은 이미 실행되고 있습니다.

가장 엄격한 심사를 통한 상품 재확인

저희 팀은 b2b 와 b2c 를 포함해 모든 고객분들에게 적합한 상품을 만들기 위해 최선을 다하고 있습니다. 그래서 저희는 버그, 사기 등을 재확인하는 독립적이고 기술적인 심사를 준비하였습니다.

심사는 러시아의 선두적인 정보 감사 기업 Digital Security 에 의해 감사를 받았습니다. Microsoft, Qiwi, Sberbank 그리고 DAO Casino와 Open Trading Network 와 같이 잘나가는 암호화폐 서비스들이 대표적인 고객사입니다.

SWAP.Online은 엄격한 법정 이전에 대기업들과 협조 하였습니다. 비밀유지 위반, 정보의 진실성 그리고 정보의 유효성 이 3가지 방법으로 분석이 진행되었습니다. 가능성 있는 공격자들은 인터넷, 비트코인과 이더리움 네트워크로 접근이 제한됩니다.

무엇이 잘못됐었나 : 성장판이 공개되다

비밀 보장이 고려되는 한, 메시지를 보내는 데에 관련된 문제들은 드러날 수 밖에 없습니다. 메시지는 우선 이중인증 없이 두 유저 사이에서 전달이 되고, 미리 처리되는 과정(pre-processing)없이 JSON-objects 로부터 오픈됩니다. 또한, 사용자들의 키(key)가 보관되는 곳에 JavaScript injection의 가능성 문제가 보여졌고 수정되었습니다.

SWAP.Online 이 시스템 사용자들의 평판에 있어 관심을 가짐으로써, 악한 이들은 어떻게든 간에 다른 유저들의 평판에 악영향을 줄 수 없어야 합니다. 그래서 실제 존재하는 거래를 위해 추가적으로 체크하는 메커니즘이 시행되어졌습니다.

또한, Digital Security의 해커들은 우리가 연구하는 동안에 여러 탈중앙화 거래소들에서 우리가 접한 버그를 찾아냈습니다. 시스템에서 부정행위를 시도한 한 이가 거래 시간을 무한대로 지속할 수 있게 하였습니다. 그래서 저희는 거래소에서 시간을 한정적으로 세팅하였습니다.

마지막으로 거래 상태(BTC 와 ETH 모두)를 찾는 과정에서 사용자들이 소중하고 시간적인 부분에서 정보를 더 잘 받을 수 있게 수정되었습니다.

전반적인 감사관들과 개발자들의 의견

Digital Security 감사팀은 저희 보안 문제들을 높게 인식하고 있습니다.

저희는 SWAP.Online 팀이 보안 분제에 있어 우선하는 사실에 칭찬하는 바입니다. 프로젝트 개발 초기에서 외부 자문을 요청하는 것은 신중하고 장래성 있는 접근입니다. 저희에 의해 발견된 모든 취약성들은 빠르고 정확하게 수정되었습니다.

                  Digital Security 의 블록체인 프로젝트 분석 매니저 Andrey Ivanov

 

일부 감사 결과는 SWAP.Online의 리드 개발자 Alex B 에 의해 발견되었습니다.

버그들은 대부분 코드의 논리에 관한 것이였습니다. 저희 라이브러리에서 일부 과정들은 이제 더 빠르고 안전하게 인식됩니다. 저는 그것이 저희 로드맵에서 중요한 단계라고 생각하는데, 제품이 보통 소비자들에게 준비가 되는 거에요. 저희 프로젝트는 단계별로 빠르게 진전됩니다. 개인간에 직접적으로 가상화폐를 거래하는 것이 훨씬 더 안전합니다 왜냐하면 우린 많은 중앙화된 거래소가 무너지고 해킹 당하는 것을 보았으니까요.

                                                                                                                                                                   Alex B. 드림

SWAP.Online이 암호화폐의 b2b b2c 영역에서 돌파하는 종합적인 해답이라 해도 과언이 아닐 것입니다. 두번째 단계인 저희 스마트 바운티 프로그램은 일주일 전에 마감되었습니다. 저희 바운티 부서는 모든 소셜 미디어 플랫폼의 바운티 참여자들의 성과에 대해 감사하게 생각합니다. 스마트 에어드랍이 2018 6 30일에 예정되어 있으니 가상화폐 분야에 계신다면 참여해보세요. 2018 8월에 최종 제품 출시가 계획되어 있으니, 최초로 참여해보세요.

아래 링크에서 종합 감사 보고서를 볼 수 있습니다.

Swap.online_audit_fin.pdf

항상 당신의 곁에 머물겠습니다.

SWAP.Online 팀 올림.

Technical Audit of “SWAP.core” Finished Successfully

SWAP.Online team is getting closer and closer to the release of revolutionary cryptocurrency marketplace platform. For the newbies we need to mention that it will merge the functions of decentralized exchange and the mechanism for the acceptance of investments in the crypto-oriented start-ups. The technology itself is based on the Atomic Swaps algorithms and allows the users to execute the ERC20 ⇔ ERC20 and ERC20 ⇔ BTC swaps in the instant and decentralised manner. The swaps are already successfully conducted, the core is now ready to be implemented even in the projects with no Java Script via the REST API means, so the alpha version of product is live.

Product Double Check by the Strictest Judge

Our team is doing its best to make the product suitable for all the clients of b2b- and b2c- directions. So, we organised independent technical audit of the code double-checking bugs, frauds etc. The audit was performed by the Digital Security – leading Russian information compliance group. Microsoft, Qiwi, Sberbank as well as breaking-through crypto services – DAO Casino, Open Trading Network are among their clients. SWAP.Online fell right in the line with the giants being brought before the strict court. Analysis was organized in three ways – violations of confidentiality, integrity or availability of information. Potential attacker has only the access to Internet, Bitcoin and Ethereum networks.

What was wrong: The growth plates discovered

As far as confidentiality is concerned, some issues with message processing were disclosed. Messages were, firstly, send between the users without two-way authentication and then – opened from the JSON-objects without pre-processing. Also, the problem of potential JavaScript injection into the users’ key localstorage was showed and fixed.

As SWAP.Online pays attention to the reputation of the system users, malefactor shouldn’t have an option to somehow corrupt the other user’s reputation. So, the extra check mechanism for the real existence of deal has been implemented.

Also, the hackers from Digital Security found the bug we met on the multiple DEXs during our research. One willing to cheat on the system had been able to prolong the deal time ad infinitum. So, we set the definite limit to the time of exchange.

Finally, the process of seeking the deal status (with both BTC and ETH) was fixed in the way allowing the users to get more precious and timely updated information.

All in All: Auditors and Developers’ Opinion

Digital Security auditors team highly appreciated our position the security issues.

We commend the fact that SWAP.Online team gives priority to the security issues. To request an external consultancy on the early stage of project development is a marker of prudent and provident approach. All the vulnerabilities found by us were promptly and properly fixed.

Andrey Ivanov, blockchain project analysis manager in Digital Security.

Some results of the audit are disclosed by SWAP.Online lead developer Alex B.

Mostly, the bugs were about the logic of code. Some processes in our library are now to be realised fastly and more safely. I consider it to be an important milestone in our roadmap: the product is ready to meet with the customers for the most part. Our project goes forward quickly steps. It’s much safer to exchange crypto directly peer-to-peer: we saw a lot of centralised exchanges collapsed and being hacked.

Alex B. concluded.

It would be no exaggeration that SWAP.Online is now on the threshold of becoming the breaking-through complex of solutions in crypto for b2b and b2c spheres. The second round of our Smart Bounty program is over one week ago. Our Bounty department appreciated the outstanding work of the bounty-hunters on all the social media platforms. Smart Airdrop is scheduled on Jun 30, 2018: be our guest if you’re inside the crypto issues. The August, 2018 is planned to be a date of final product release, so, don’t hesitate to try it among the first.

See full text of Audit Report here: Swap.online_audit_fin.pdf

Always on your side,

SWAP.Online team

Swap.Online. What is ready for June

What we planned to do

March 2018. Launching Alpha-version of OTC market based on Atomic Swap protocol: Registration function, list of orders, BTC-ETH swapping, text description of the protocol, the easiest version of rate system of market-makers.

April 2018.

First release, beta version: swap between Bitcoins (BTC), Ether (ETH) and ERC-20 tokens; Launching the website of the project Swap.Online with a beautiful design and user-friendly description of the project.

May 2018. Adding node.js library; testing; primary audit, launching Bounty campaign

June 2018. Launching MainNet. Support of Nimiq coin, launching telegram bot, Airdrop.

August 2018. Release of the project

The Autumn of  2018. Continuation of researches offchain and full-scale output.

 


 

Perpetual plans: researches about offchain; for example, the opportunity of interaction with Lightning Network

What we did for June 2018

Swap.core

The core with authorization services, orders, events is released. There is a communication between clients occurs through IPFS.

The authorization service allows you to create wallets and initialize existing ones.

Order service allows you to work with a collection of orders: create, store, delete and request any data. This service uses IPFS for communication between clients to notify new users about existing orders (a glass), about changing the status of orders and their removal.

The core functionality of the core is the presence of a Flow abstraction that allows you to create any direction of swaps between any coin/token: a person with technical knowledge can describe lots of variations in the exchange of two pairs, adding steps to execute exchanges between people. That gives more flexibility and does not bind the core users to the core developers – they can develop it as much as they want.

Support for the implementation of their services and changing existing ones is released as well: so a developer can describe his authorization service and replace an existing one without having fork of whole core.

The website testnet.swap.online was launched with following tools:

  • creating wallets of ETH, BTC, NIMIQ, EOS, they are being created when you go to the website first time
  • search for currency pairs you need exchange offers,
  • transfer of all the above currencies to other wallets,
  • output of the list of conducted transactions with the possibility to sort them

In the site header it is possible to create offers for swap, and to see notifications of new swap offers, it is possible to swap between the following currency pairs: ETH <> BTC <> ERC-20 TOKEN.

  • The history of orders has been added,
  • The history of swaps has been added,
  • The button for refund has been added (for unfinished swaps in order to get refund),
  • Counter of connected peers has been added.

Research

Comments of Vladislav Sopov, our business analyst:

A comprehensive study of the DEX market and related projects (April-May 2018) was carried out, technical, marketing, commercial aspects, Internet presence and social networks were covered. ⇒ vision of the commercial offer in this market was formed (who and what offers, how much for it is requested)

A comprehensive study of airdrops and bounty campaigns was done (May 2018), the main algorithms and trends, strengths and weaknesses of competitors are revealed.

The study of the profitability and capitalization of crypto-currency projects is conducted, the results are summarized (June 2018).

Comments of Alexey Bikhun, developer and researcher of new technologies:

Now I’m developing a bot to communicate with the exchange. At this point, the REST API interface is ready, which means that anyone can start writing logic for the bot in their favorite programming language, and details of implementing swaps will be hidden inside my interface. A bit later we will introduce a bot that will implement the simplest arbitration logic through the same API. This is convenient for those who have an account on another exchange and some amount of liquidity. With the help of my bot, he will be able to place pairs of buy / sell orders simultaneously on two exchanges, and earn a small difference in the rate.

How to translate Project and Token Concept Summary in another language

1) Read our presentation. https://wiki.swap.online/en.pdf

2) If you think that you can translate our presentation into another language, write @sashanoxon and state the language.

3) The original unformatted text can be found here – use it as a basis for translating.

4) Download the trial version of Adobe Illustrator here

swap online translate

5) Install Adobe Illustrator

6) Download the original source file of our presentation and open it with Adobe Illustrator.

7) Press the T key, select the required text area and replace it with translated text.

translate presentation swap online

8) After you have replaced all the original text with your own, save the file in PDF(CTRL+SHIFT+S) and send it @swapanton along with your ERC-20 wallet.

 

 

Swap.Online. Что готово на июнь

Что мы планировали сделать

March 2018. Launching Alpha-version of OTC market based on Atomic Swap protocol: Registration function, list of orders, BTC-ETH swapping, text description of the protocol, the easiest version of rate system of market-makers.

Запуск OTC Market на протоколе Atomic Swap (альфа-версия):

Функция регистрации; список ордеров; свап между Биткоинами (BTC) и Эфиром (ETH); текстовое описание протокола; простейшая версия рейтинговой системы маркет-мейкеров.

Апрель 2018. Первый релиз, бета-версия: свап между Биткоинами (BTC), Эфиром (ETH), токенами ERC20; запущенный сайт проекта Swap.Online с красивым дизайном и понятным для пользователей описанием проекта.

Май 2018. Добавление библиотеки node.js; тестирование; первичный аудит. Старт баунти-кампании.

Июнь 2018. Старт в Мейннете. Поддержка криптовалюты Nimiq, запуск телеграм-бота, Airdrop.

Август 2018. Релиз проекта!

Осень 2018. Продолжение исследований по оффчейну и выход на полную мощность.

 


 

Планы без даты: проводятся исследования по оффчейну; в частности, изучаем возможности взаимодействия с Lightning Network.

Что мы сделали на июнь 2018

Swap.core

Реализовано ядро с сервисами авторизации, ордерами, ивентами. Общение между клиентами происходит через IPFS.

Сервис авторизации позволяет создавать кошельки и инициализировать имеющиеся.

Сервис ордеров позволяет работать с коллекцией ордеров: создавать, хранить, удалять, запрашивать любые данные. Этот сервис использует IPFS для общения между клиентами, чтобы оповещать новых юзерах об уже имеющихся ордерах (стакан), об изменении статуса ордеров и их удалении.

Основным функционалом ядра является наличие абстракции Flow, позволяющей создавать любые направления обмена между любыми коинами / токенами: человек, обладающий техническими знаниями, может описать огромное множество вариации обмена двух пар, добавляя шаги исполнения обмена между людьми. Это дает большую гибкость и не привязывает пользователей ядра к разработчикам ядра — они сами могут развивать его сколько угодно.

Реализована поддержка внедрения своих сервисов и изменение существующих: так разработчик может описать свой сервис авторизации и заменить существующий без необходимости форка целого ядра.

Swap.Online

Запущен сайт testnet.swap.online со следующими возможностями:

  • создание кошельков ETH, BTC, NIMIQ, EOS, создаются при первом заходе на сайт,
  • поиск по валютным парам необходимых вам предложений обмена,
  • перевод всех выше перечисленных валют на другие кошельки,
  • вывод списка проведенных транзакций с возможностью сортировки.

В шапке сайта возможно создавать офферы на обмен, и видеть уведомления о новых предложениях обмена, обмен возможно провести между следующими валютными парами: ETH <> BTC <> ERC20 TOKEN.

  • The history of orders has been added,
  • The history of swaps has been added,
  • The button for refund has been added (for unfinished swaps in order to get refund),
  • Counter of connected peers has been added.

Research

Комментарии Владислава Сопова, нашего бизнес-аналитика:

Проведено комплексное исследование рынка DEX и смежных проектов (апрель-май 2018), охвачены технические, маркетинговые, коммерческие аспекты, присутствие в Интернете и соцсетях ⇒ сформирована картина коммерческого предложения на данном рынке (кто и что предлагает, сколько за это просит), определены конкуренты

Проведено комплексное исследование аирдропов и баунти-кампаний (май 2018), выявлены основные алгоритмы и тенденции, сильные и слабые стороны конкурентов.

Проведено исследование доходности и капитализации криптовалютных проектов, подводятся итоги (июнь 2018).

Комментарии Алексея Быхуна, разработчика и исследователя новых технологий:

Сейчас я занимаюсь разработкой бота для общения с биржей. На данный момент готов REST API интерфейс, это значит, что любой может начать писать логику для бота на своем любимом языке программирования, а детали реализации обменов будут спрятаны внутри моего интерфейса. Чуть позже мы представим бота, который через это же API будет реализовывать простейшую арбитражную логику. Это удобно для тех, у кого есть аккаунт на другой бирже и какой-то объем ликвидности. С помощью моего бота он сможет выставлять парные ордера на покупку/продажу одновременно на двух биржах, и зарабатывать на небольшой разнице в курсе.