Technical Audit of “SWAP.core” Finished Successfully

SWAP.Online team is getting closer and closer to the release of revolutionary cryptocurrency marketplace platform. For the newbies we need to mention that it will merge the functions of decentralized exchange and the mechanism for the acceptance of investments in the crypto-oriented start-ups. The technology itself is based on the Atomic Swaps algorithms and allows the users to execute the ERC20 ⇔ ERC20 and ERC20 ⇔ BTC swaps in the instant and decentralised manner. The swaps are already successfully conducted, the core is now ready to be implemented even in the projects with no Java Script via the REST API means, so the alpha version of product is live.

Product Double Check by the Strictest Judge

Our team is doing its best to make the product suitable for all the clients of b2b- and b2c- directions. So, we organised independent technical audit of the code double-checking bugs, frauds etc. The audit was performed by the Digital Security – leading Russian information compliance group. Microsoft, Qiwi, Sberbank as well as breaking-through crypto services – DAO Casino, Open Trading Network are among their clients. SWAP.Online fell right in the line with the giants being brought before the strict court. Analysis was organized in three ways – violations of confidentiality, integrity or availability of information. Potential attacker has only the access to Internet, Bitcoin and Ethereum networks.

What was wrong: The growth plates discovered

As far as confidentiality is concerned, some issues with message processing were disclosed. Messages were, firstly, send between the users without two-way authentication and then – opened from the JSON-objects without pre-processing. Also, the problem of potential JavaScript injection into the users’ key localstorage was showed and fixed.

As SWAP.Online pays attention to the reputation of the system users, malefactor shouldn’t have an option to somehow corrupt the other user’s reputation. So, the extra check mechanism for the real existence of deal has been implemented.

Also, the hackers from Digital Security found the bug we met on the multiple DEXs during our research. One willing to cheat on the system had been able to prolong the deal time ad infinitum. So, we set the definite limit to the time of exchange.

Finally, the process of seeking the deal status (with both BTC and ETH) was fixed in the way allowing the users to get more precious and timely updated information.

All in All: Auditors and Developers’ Opinion

Digital Security auditors team highly appreciated our position the security issues.

We commend the fact that SWAP.Online team gives priority to the security issues. To request an external consultancy on the early stage of project development is a marker of prudent and provident approach. All the vulnerabilities found by us were promptly and properly fixed.

Andrey Ivanov, blockchain project analysis manager in Digital Security.

Some results of the audit are disclosed by SWAP.Online lead developer Alex B.

Mostly, the bugs were about the logic of code. Some processes in our library are now to be realised fastly and more safely. I consider it to be an important milestone in our roadmap: the product is ready to meet with the customers for the most part. Our project goes forward quickly steps. It’s much safer to exchange crypto directly peer-to-peer: we saw a lot of centralised exchanges collapsed and being hacked.

Alex B. concluded.

It would be no exaggeration that SWAP.Online is now on the threshold of becoming the breaking-through complex of solutions in crypto for b2b and b2c spheres. The second round of our Smart Bounty program is over one week ago. Our Bounty department appreciated the outstanding work of the bounty-hunters on all the social media platforms. Smart Airdrop is scheduled on Jun 30, 2018: be our guest if you’re inside the crypto issues. The August, 2018 is planned to be a date of final product release, so, don’t hesitate to try it among the first.

See full text of Audit Report here: Swap.online_audit_fin.pdf

Always on your side,

SWAP.Online team