Jigstack is a popular cryptocurrency platform that allows companies to create their own unique digital tokens with ease. Often referred to as the “Microsoft of Decentralised Finance”, Jigstack is an innovative platform that enables companies to offer their clients and customers a custom digital currency that is secure and easy to use.
Jigstack approached Cyrex, a leading security testing company, to perform a comprehensive security audit on their platform. Given the complex nature of the platform, which is built on the blockchain, the audit needed to cover a wide range of vulnerabilities, including those specific to smart contracts and blockchain technologies.
The penetration test for Jigstack was performed under our White Box penetration testing service.
Due to its nature as a custom-coded financial application built on the blockchain, it required this deep dive into security. We tested the web application, the integration of smart contracts, and the API. Our testing also extended to load and performance testing, as they expected a huge amount of traffic and transactions daily.
Some of the common vulnerabilities we test for are:
- Remote Code Execution
- SQL Injection
- Path traversal attacks
- File upload vulnerabilities
- Parameter tampering
- Access control flaws
- Transport layer security, Business logic, and Authentication flaws
- SMTP, Header, and JSON Injection
- XML Injection / Code Execution
However, given the blockchain nature of this client, we also tested for some specific vulnerabilities. These are commonly exploited with smart contract and blockchain technologies:
- Re-entrancy attacks
- Over & Underflow attacks
- Block Gas Limit
- Front Running
The security audit identified several vulnerabilities in Jigstack’s source code and penetration testing. Thanks to our discoveries, Jigstack was able to secure itself against potential malicious actors. After patching the vulnerabilities, Cyrex conducted full sanity and regression tests to ensure the platform’s stability and security. Jigstack was then able to scale up and handle a high volume of users and traffic on a regular basis. Here is what they had to say about our service:
“Working with Cyrex was an awesome experience all around. Even with timezone differences, communication was smooth and really easy, which is really important when working against a tight deadline. Cyrex’ analysis and tests were all precise and really well explained, without sacrificing agility or comprehensiveness. They also ended up being crucial for the security and performance of our platform, so I can easily say Jigstack is satisfied with the work delivered and we’re keen to working once again with such a talented team.”