Security audits and battle testing the FlashStaking Contracts

After watching the video on hiring a company to do the necessary security audits on the FlashStaking contracts (🤓 Inside the Security Audit Process of a Defi Protocol - YouTube) I wanted to say that I believe we also lost an opportunity for members of the community to also battle test the current FlashStaking contracts from a penetration testing standpoint where developers would try to find loopholes within the code and exploit them for their benefit.

This is only possible if the code was made available within the Testing period as opposed to waiting for when the code goes live. In essence, the code will always be made publicly available due to the openness required in this industry and the reason I believe that shouldn’t have been a problem right now but I think it was just not brought to the table as nobody really thought about it. I had to dig through the front end just to find the ABI files to build my own scripts to run some penetration tests which would have been more detailed if I had access to the code.

We want to have a functional, responsive and scalable solution but a lot of the vulnerabilities are not found by users of the frontend but users writing code that will be executed on the backend and therefore I think the developers in the community have been underutilized in a sense to help with this (Even if the impact is minuscule). Still no matter what, when a large number of users start utilizing the platform that’s when a lot of hackers will see the incentive to focus more attention on breaking the system.

1 Like