A Starter Guide to Security Vulnerabilities & Illusions in ICO Projects.
“A great deal of intelligence can be invested in ignorance when the need for illusion is deep.” S. Bellow
The new flavor of money is digital crypto-token currencies. Investors and crypto-currency enthusiasts place huge investments into ICOs. Some of these ICO projects are trustworthy while others are not. Why? Imagine someone cheating on you with a faked token address. The chances of losing all investments are high.
Furthermore, some of the ICOs may even indicate in their offering document, that they have a team of developers spending a lot of hours working to build the project. But remember, the appearance may be deceptive. Mostly the ideas are good, but the implementation is a nightmare. Investors put huge faith in these projects with an anticipation of a stable, sustainable platform and crypto-token that can be safely transferred or delivered at the close of the ICO. The project must be built very precisely, and should be soundly tested by external security consultants or auditors.
Security is often a pain area for ICO investments as there is no blueprint available on testing the security of smart contracts. Accordingly, it´s all about expertise and expert views.
Creation Time token adjustment and change (Modification): An attacker can possibly adjust the creation time before the token goes live.
Hardware Based Attacks:
PDoS (a Permanent denial of service attack) can cause a permanent hardware failure. The processing power of the powered node can be disrupted.
Replay Attacks are possible due to APIs showing the number of requests remaining on the API account key, until it gets the desired random number key.
The risk of API keys being leaked out can lead to repeated requests. The Key must be hashed. The Response API Key Hash must be checked with the stamped response to eliminate key exhaustion.
Any type of external query to the remaining API Key must be blocked to prevent cross-chain attacks or chain-based attacks.
Leaking Decryption Key:
An attacker can exploit ICO contracts (servers) and take over decryption keys. This has been proved to have a disastrous impact.
Social Engineering Attack:
Crypto users are not necessarily crypto-literate. A 30 second social engineering attack can trick them into giving up access to their crypto-token based smart contracts funded by the ICOs. Permissive Timestamp: Blockchain Blocks can take any timestamp; i.e.; after or before the block. This leaves room for exploitation.
Arbitrary Mining Attacks:
To prevent this attack, arbitrary mining must not be allowed once an ICO has started. Re-entrance attacks: In this attack, you do something, you are already in the process of getting it done, and you do it again. The risk of the user losing tokens in the contract is highly probable.
Based on these grounds, the Poorly Programmed smart contract is vulnerable to cyber-attacks. The security of crypto-tokens can be breached by malicious cyber criminals if the mentioned programming-bugs are still present. Therefore, the contract must be error-free and secure.
In addition, a proper due diligence is required to be conducted to ensure that every ICO is safe. Legal, compliance and security aspects must also be implemented to the account. One should have a basic knowledge of the ICO process and Crypto-currency functioning.
Never send funds to an address posted on public networks or forums while participating in ICOs. A Bug Bounty program must be launched before the ICO is placed for subscription, to test the security aspects of the project.
A legit ICO is a treasure for the token holders as the potential upside can be very rewarding.
By Praksah Prasad
#ICO Security #Cyber Security #Blockchain #Cryptocurrency #Token #NFTs