Blog Article
Lucas Martin Calderon
November 5, 2023
Pentestify LTD is a registered company in the UK.
CONTINUOUS SMART CONTRACT SECURITY RESILIENCE
The world’s first continuous, post-deployment smart contract detection-remediation SaaS, engineered for DeFi.
- 00Days
- 00Hours
- 00Minutes
- 00Seconds
Calling all crypto investors, founders, creators and builders! Join us in making sure web3 strives in abundance instead of fearing the next breach. Only achieved through smart contract security resilience.
Why Automated Smart Contract Security Resilience ?
Long regarded as the gold standard for smart contract security, static, dynamic and formal verification audits are falling short. In 2022, more than $3B were stolen from smart contracts that had been previously audited by leading firms. At Pentestify, we believe smart contract security should be as dynamic as the threats it faces and that can only be achieved through smart contract security resilience: The ability to continuously withstand or recover quickly from ever evolving attacks.
Just last year:
125
$3B
90%
1250%
Why Choose Neo to Secure Your Smart Contracts ?
NEO thrives where others falter – post-deployment. Our AI detects and generates new smart contract vulnerabilities and exploits by continuously learning and adapting, ensuring your smart contracts’ security resilience is as dynamic as the threats it faces, vital to web3’s growth
Post deployment security focused
Continuously testing your smart contracts against the latest exploits where all attacks actually happen: Post deployment
- Continuous post-deployment smart contract vulnerability detection
- Initiate circuit breakers to give your team time to fix vulnerabilities
- Proactively test and fix your on-chain smart contracts against the latest threats
Continuous security validation
Neo continuously validates smart contract security against the latest threat intelligence
- Automate scanning and exploitation of vulnerabilities
- Focus on real risk, no false positives
- Get an alert the second one of your contracts is found vulnerable
AI adaptive models
Neo’s AI models are able to continuously learn and adapt to the evolving threat landscape, instead of the limited punctual knowledge of a top security firm
- Trust that Neo's AI to always be on top of emerging threats
- Test your contracts latest against evolutions of existing threats/exploits
- Proactively test and fix your on-chain smart contracts against the latest threats
Exploit generation & patching
NEO AI’s models are able to generate new unknown exploits, whereby the client can patch a criticial vulnerability and zero-day before a malicous actor does it
- Automate remediation with fix suggestions
- Stay ahead of attacks by testing your contracts against zero-day vulnerabilities
- Proactively test, fix and redploy your on-chain smart contracts with ease
Stay ahead of the game with Web3Sec.news, Pentestify’s ultimate community-driven platform for the latest news and insights on web3 security, blockchain technology, and security audits.
CASE STUDY
Why Smart Contract Security Resilience Matters
A deep dive into how Neo could have prevented the Curve Finance breach, and many others
$62M stolen from Curve Finance
On 30 July, the Curve Finance protocol suffered a massive attack on several liquidity pools. The attack was made possible by a flaw in the Vyper programming language. Vyper is a language used to create smart contracts.
Given the complexity and depth of the Curve Finance exploit, NEO, Pentestify’s flagship AI product, would have approached the prevention of this attack through a multi-faceted strategy, leveraging its post-deployment focus, continuous validation, advanced AI models, and exploit generation capabilities.
How could Neo have prevented such an attack ?
By relying on a one-time pre-deployment audit, Curve finance exposed themselves to future vulnerabilities that stem from an ever-evolving threat landscape. With nothing to continuously validate that the smart contract had been tested against new vulnerabilities, Curve finance fell victim to a breach that cost them $7M. If they had relied on Neo, Curve Finance would have been able to proactively identify and fix vulnerabilities post-deployment leveraging the following core functionalities:
Post-Deployment Focus
The exploit on Curve Finance hinged upon a vulnerability in the Vyper language versions utilized by the smart contracts post-deployment. NEO’s post-deployment focus is particularly advantageous in this scenario, as it would be actively monitoring and analyzing the smart contract code in production rather than pre-deployment phases alone.
Continuous Security Validation
NEO’s continuous validation against the latest threat intelligence would likely have identified the dysfunctional reentrancy lock in the Vyper versions as a potential threat. Given that the reentrancy attack is a well-known vulnerability pattern, NEO would have been primed to detect deviations in the expected behavior of such locks.
Adaptive AI Models
The AI models employed by NEO, designed to learn and adapt to evolving threats, could have recognized the anomalous transactions indicative of the exploit. By analyzing historical data and evolving patterns of reentrancy attacks, NEO would have flagged the recursive calls of the exploit which would allow for early detection and the initiation of countermeasures.
Exploit Generation and Patching
NEO’s ability to generate unknown exploits could have played a critical role. By simulating attack strategies, NEO could have potentially uncovered the vulnerability within the Vyper reentrancy lock before it was exploited. This would allow for preemptive patching of the vulnerability, securing the contracts against this specific type of attack.
Deep dive into the AI behind Neo with CEO Lucas Martin Calderon
Play Video
Platform Demo
Join the community
Join our community of blockchain security engineers and contribute securing the decentralised web
458 members
Our latest updates
Press
Andrew Law
October 12, 2023