Pentestify LTD is a registered company in the UK.
The world’s first continuous, post-deployment smart contract detection-remediation SaaS, engineered for DeFi.
Calling all crypto investors, founders, creators and builders! Join us in making sure web3 strives in abundance instead of fearing the next breach. Only achieved through smart contract security resilience.
Long regarded as the gold standard for smart contract security, static, dynamic and formal verification audits are falling short. In 2022, more than $3B were stolen from smart contracts that had been previously audited by leading firms. At Pentestify, we believe smart contract security should be as dynamic as the threats it faces and that can only be achieved through smart contract security resilience: The ability to continuously withstand or recover quickly from ever evolving attacks.
Just last year:
NEO thrives where others falter – post-deployment. Our AI detects and generates new smart contract vulnerabilities and exploits by continuously learning and adapting, ensuring your smart contracts’ security resilience is as dynamic as the threats it faces, vital to web3’s growth
Continuously testing your smart contracts against the latest exploits where all attacks actually happen: Post deployment
Neo continuously validates smart contract security against the latest threat intelligence
Neo’s AI models are able to continuously learn and adapt to the evolving threat landscape, instead of the limited punctual knowledge of a top security firm
NEO AI’s models are able to generate new unknown exploits, whereby the client can patch a criticial vulnerability and zero-day before a malicous actor does it
Stay ahead of the game with Web3Sec.news, Pentestify’s ultimate community-driven platform for the latest news and insights on web3 security, blockchain technology, and security audits.
A deep dive into how Neo could have prevented the Curve Finance breach, and many others
On 30 July, the Curve Finance protocol suffered a massive attack on several liquidity pools. The attack was made possible by a flaw in the Vyper programming language. Vyper is a language used to create smart contracts.
Given the complexity and depth of the Curve Finance exploit, NEO, Pentestify’s flagship AI product, would have approached the prevention of this attack through a multi-faceted strategy, leveraging its post-deployment focus, continuous validation, advanced AI models, and exploit generation capabilities.
By relying on a one-time pre-deployment audit, Curve finance exposed themselves to future vulnerabilities that stem from an ever-evolving threat landscape. With nothing to continuously validate that the smart contract had been tested against new vulnerabilities, Curve finance fell victim to a breach that cost them $7M. If they had relied on Neo, Curve Finance would have been able to proactively identify and fix vulnerabilities post-deployment leveraging the following core functionalities:
The exploit on Curve Finance hinged upon a vulnerability in the Vyper language versions utilized by the smart contracts post-deployment. NEO’s post-deployment focus is particularly advantageous in this scenario, as it would be actively monitoring and analyzing the smart contract code in production rather than pre-deployment phases alone.
NEO’s continuous validation against the latest threat intelligence would likely have identified the dysfunctional reentrancy lock in the Vyper versions as a potential threat. Given that the reentrancy attack is a well-known vulnerability pattern, NEO would have been primed to detect deviations in the expected behavior of such locks.
The AI models employed by NEO, designed to learn and adapt to evolving threats, could have recognized the anomalous transactions indicative of the exploit. By analyzing historical data and evolving patterns of reentrancy attacks, NEO would have flagged the recursive calls of the exploit which would allow for early detection and the initiation of countermeasures.
NEO’s ability to generate unknown exploits could have played a critical role. By simulating attack strategies, NEO could have potentially uncovered the vulnerability within the Vyper reentrancy lock before it was exploited. This would allow for preemptive patching of the vulnerability, securing the contracts against this specific type of attack.
Join our community of blockchain security engineers and contribute securing the decentralised web