Audits
Services
Services
Smart Contract Audit
Blockchain Protocol Audit
Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit & Design
Smart Contract Audit
Mitigate weaknesses in your smart contract and improve its functionality with a double line-to-line code analysis and a separate review by a lead auditor.
Blockchain Protocol Audit
Secure the entire architecture and implementation layers of your blockchain protocol with professional security audits and testing.
Penetration Testing
Proactively detect vulnerabilities in your Web3 project by subjecting your systems to a simulated cyberattack in a secure and controlled environment.
dApp Audit
Identify vulnerabilities in applications interacting with blockchain networks with secure code review and static security analysis.
Crypto Wallet Audit
Code review & static security analysis for crypto wallet apps.
Cross-Chain Bridge Audit
Code review & security analysis for cross-chain crypto bridges.
Bug Bounty
Receive only relevant bug reports or undergo crowdsourced penetration testing with the help of thousands of ethical hackers curated by HackenProof.
Proof of Reserves
Enhance transparency in crypto exchanges with independent on-chain proof of assets’ true collateralization.
CCSS Audit
Assess and strengthen your security practices, identify vulnerabilities, and safeguard valuable digital assets in the ever-evolving cryptocurrency landscape.
Tokenomics Audit & Design
Ensure your token model robustness and efficiency and convey trust to investors and community with our thorough, independent audit of protocol economic security.
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company

The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today

Hacken performed security analysis of Ambrosus

Hacken performed security analysis of Ambrosus

Share via:

Company name: Ambrosus
Company description: Ambrosus is a Blockchain and IoT Ecosystem, built for industrial data management.
Service: Blockchain security review and penetration testing“We appreciated the quality of work done by the Hacken team. They were professional, and thorough in their audit, and allowed us to get a third party perspective on the security of AMB-NET and its accompanying crypto-economic architecture as well as additional tools. If the opportunity presents itself, we look forward to working with them more in the future.” — Dr. Vlad Trifa CPO of Ambrosus.

About Ambrosus

Ambrosus is a Blockchain and IoT Ecosystem, built for industrial data management. By combining the immutability of a public blockchain with encrypted IoT sensing devices, Ambrosus provides a framework for integrating secure, transparent, and accessible data into the fabric of the physical world. As an Open-sourced Ecosystem Ambrosus allows developers, entrepreneurs, and enterprises to leverage their blockchain and IoT infrastructure to build innovative solutions for the new digital economy.

The project focuses on 2 complex tasks – web/network penetration testing for the deployed nodes, and blockchain security assessment for node codebase and NOP script. Ambrosus agreed to the scope of the work at the start of the project and the review was conducted encompassing the entirety of the scope. The scope includes attacks on all endpoints that are simulated through 4 main classes of potential attackers:

external attacker
an external attacker with access to API
an attacker that hosts a Hermes node
an attacker that hosts an Atlas/Apollo node

Problems faced by Ambrosus

Ambrosus requested a third-party security audit to help identify potential weaknesses and blind spots across the entire infrastructure of the Ambrosus Network (AMB-NET). This included checking potential entry points that hackers may utilize to compromise the network infrastructure, masternode architecture, smart contract protocols, and Ambrosus powered tools (Dashboard, Explorer, etc.).

Hacken Service Summary

Hacken security consultants imitated hacker activities to test the overall security state of the network. We thoroughly studied the Ambrosus ecosystem and defined crucial checks for a security review. The auditing process is described in the checklist below along with our comments and findings.

Blockchain-related tasks:

Review of crypto economics specification against potential threats
Checks for the access control implementation against permissions matrix
Analysis of potential hash collisions impact
Analysis of node upgradeability mechanism
Review of NOP script and analysis of potential threats during deployment
Testing and code review of token generation mechanism
Manual review of timeout mechanism
Analysis of the KYC process
Manual code review for immutability of data (Merkle proofs etc.)
Testing against deserialization vulnerabilities
Analysis of private key storage and usage processes
Analysis of cryptography implementation

Penetration testing tasks:

Dump and analyze traffic between nodes
Testing against privilege escalation
Docker escape testing
Fuzzing of APIs (all parameters in GET, POST, PUT requests)
NoSQL injection testing
Auto-scanning of the codebase and manual review of auto scanner findings
Web pentest for Hermes client side
Network discovery and scanning of the nodes
DDoS simulation

Security Audit Findings

Based upon the various blockchain related tasks and specific penetration testing simulations, the Hacken team was pleased with the results of the test, and the quality of code on the Ambrosus Platform. While select medium-to-low risk issues were identified, the Hacken team provided clear steps and recommendations on how to fix the presented risks. In response to these recommendations and in light of the positive results of the test, the Ambrosus team accepted the Hacken recommendations and will fix all the security issues identified.

Summing Up

Overall, the security review provided by Hacken focused on blockchain related penetration testing of core components of the Ambrosus Ecosystem. This included among other components, the Node Onboarding Process, a comprehensive review of the crypto-economic infrastructure, Web penetration for the Hermes Masternode client side, as well as a DDoS simulation. The Ambrosus Ecosystem was found to be of high caliber, with only a limited number of medium to low risk issues, that will subsequently be resolved by the Ambrosus team.

According to the review, the Hacken auditors evaluate the security state of the Ambrosus Ecosystem to be highly secure, particularly in light of corrections made by the Ambrosus team from the problems identified. The original code of the Ambrosus infrastructure was noted to be of very good quality. However, with the added fixes, the code is evaluated to be of very high quality.

How Hacken can help

At Hacken, we take security extremely seriously, and all the checks are performed according to the highest standards. If you have any questions about the topic or need a consultation, feel free to contact our Team!