Audits
Services
DualDefense
Hacken Audit + Additional Crowdsourced Audit
Learn more
Services
DualDefense
Smart Contract Audit
Blockchain Protocol Audit
DORA Compliance
Virtual CISO
Penetration Testing
Cloud Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit
Retainer
DualDefense
New Approach To Blockchain Security
Hacken Audit + Additional Crowdsourced Audit
At no extra cost
2 in 1
Dual-layered protection
$0
Costs
30-Day
Crowdsourced audit
Independent
HackenProof bug hunters
Learn more
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company
Community
Community
- $HAI

Hacken performed security analysis of Ambrosus

Hacken performed security analysis of Ambrosus

4 minutes

Company name: Ambrosus
Company description: Ambrosus is a Blockchain and IoT Ecosystem, built for industrial data management.
Service: Blockchain security review and penetration testing“We appreciated the quality of work done by the Hacken team. They were professional, and thorough in their audit, and allowed us to get a third party perspective on the security of AMB-NET and its accompanying crypto-economic architecture as well as additional tools. If the opportunity presents itself, we look forward to working with them more in the future.” — Dr. Vlad Trifa CPO of Ambrosus.

About Ambrosus

Ambrosus is a Blockchain and IoT Ecosystem, built for industrial data management. By combining the immutability of a public blockchain with encrypted IoT sensing devices, Ambrosus provides a framework for integrating secure, transparent, and accessible data into the fabric of the physical world. As an Open-sourced Ecosystem Ambrosus allows developers, entrepreneurs, and enterprises to leverage their blockchain and IoT infrastructure to build innovative solutions for the new digital economy.

The project focuses on 2 complex tasks – web/network penetration testing for the deployed nodes, and blockchain security assessment for node codebase and NOP script. Ambrosus agreed to the scope of the work at the start of the project and the review was conducted encompassing the entirety of the scope. The scope includes attacks on all endpoints that are simulated through 4 main classes of potential attackers:

external attacker
an external attacker with access to API
an attacker that hosts a Hermes node
an attacker that hosts an Atlas/Apollo node

Problems faced by Ambrosus

Ambrosus requested a third-party security audit to help identify potential weaknesses and blind spots across the entire infrastructure of the Ambrosus Network (AMB-NET). This included checking potential entry points that hackers may utilize to compromise the network infrastructure, masternode architecture, smart contract protocols, and Ambrosus powered tools (Dashboard, Explorer, etc.).

Hacken Service Summary

Hacken security consultants imitated hacker activities to test the overall security state of the network. We thoroughly studied the Ambrosus ecosystem and defined crucial checks for a security review. The auditing process is described in the checklist below along with our comments and findings.

Blockchain-related tasks:

Review of crypto economics specification against potential threats
Checks for the access control implementation against permissions matrix
Analysis of potential hash collisions impact
Analysis of node upgradeability mechanism
Review of NOP script and analysis of potential threats during deployment
Testing and code review of token generation mechanism
Manual review of timeout mechanism
Analysis of the KYC process
Manual code review for immutability of data (Merkle proofs etc.)
Testing against deserialization vulnerabilities
Analysis of private key storage and usage processes
Analysis of cryptography implementation

Penetration testing tasks:

Dump and analyze traffic between nodes
Testing against privilege escalation
Docker escape testing
Fuzzing of APIs (all parameters in GET, POST, PUT requests)
NoSQL injection testing
Auto-scanning of the codebase and manual review of auto scanner findings
Web pentest for Hermes client side
Network discovery and scanning of the nodes
DDoS simulation

Security Audit Findings

Based upon the various blockchain related tasks and specific penetration testing simulations, the Hacken team was pleased with the results of the test, and the quality of code on the Ambrosus Platform. While select medium-to-low risk issues were identified, the Hacken team provided clear steps and recommendations on how to fix the presented risks. In response to these recommendations and in light of the positive results of the test, the Ambrosus team accepted the Hacken recommendations and will fix all the security issues identified.

Summing Up

Overall, the security review provided by Hacken focused on blockchain related penetration testing of core components of the Ambrosus Ecosystem. This included among other components, the Node Onboarding Process, a comprehensive review of the crypto-economic infrastructure, Web penetration for the Hermes Masternode client side, as well as a DDoS simulation. The Ambrosus Ecosystem was found to be of high caliber, with only a limited number of medium to low risk issues, that will subsequently be resolved by the Ambrosus team.

According to the review, the Hacken auditors evaluate the security state of the Ambrosus Ecosystem to be highly secure, particularly in light of corrections made by the Ambrosus team from the problems identified. The original code of the Ambrosus infrastructure was noted to be of very good quality. However, with the added fixes, the code is evaluated to be of very high quality.

How Hacken can help

At Hacken, we take security extremely seriously, and all the checks are performed according to the highest standards. If you have any questions about the topic or need a consultation, feel free to contact our Team!