Company name: Ambrosus Company description: Ambrosus is a Blockchain and IoT Ecosystem, built for industrial data management. Service: Blockchain security review and penetration testing“We appreciated the quality of work done by the Hacken team. They were professional, and thorough in their audit, and allowed us to get a third party perspective on the security of AMB-NET and its accompanying crypto-economic architecture as well as additional tools. If the opportunity presents itself, we look forward to working with them more in the future.” — Dr. Vlad Trifa CPO of Ambrosus.
Ambrosus is a Blockchain and IoT Ecosystem, built for industrial data management. By combining the immutability of a public blockchain with encrypted IoT sensing devices, Ambrosus provides a framework for integrating secure, transparent, and accessible data into the fabric of the physical world. As an Open-sourced Ecosystem Ambrosus allows developers, entrepreneurs, and enterprises to leverage their blockchain and IoT infrastructure to build innovative solutions for the new digital economy.
The project focuses on 2 complex tasks – web/network penetration testing for the deployed nodes, and blockchain security assessment for node codebase and NOP script. Ambrosus agreed to the scope of the work at the start of the project and the review was conducted encompassing the entirety of the scope. The scope includes attacks on all endpoints that are simulated through 4 main classes of potential attackers:
an external attacker with access to API
an attacker that hosts a Hermes node
an attacker that hosts an Atlas/Apollo node
Problems faced by Ambrosus
Ambrosus requested a third-party security audit to help identify potential weaknesses and blind spots across the entire infrastructure of the Ambrosus Network (AMB-NET). This included checking potential entry points that hackers may utilize to compromise the network infrastructure, masternode architecture, smart contract protocols, and Ambrosus powered tools (Dashboard, Explorer, etc.).
Hacken Service Summary
Hacken security consultants imitated hacker activities to test the overall security state of the network. We thoroughly studied the Ambrosus ecosystem and defined crucial checks for a security review. The auditing process is described in the checklist below along with our comments and findings.
Fuzzing of APIs (all parameters in GET, POST, PUT requests)
NoSQL injection testing
Auto-scanning of the codebase and manual review of auto scanner findings
Web pentest for Hermes client side
Network discovery and scanning of the nodes
Security Audit Findings
Based upon the various blockchain related tasks and specific penetration testing simulations, the Hacken team was pleased with the results of the test, and the quality of code on the Ambrosus Platform. While select medium-to-low risk issues were identified, the Hacken team provided clear steps and recommendations on how to fix the presented risks. In response to these recommendations and in light of the positive results of the test, the Ambrosus team accepted the Hacken recommendations and will fix all the security issues identified.
Overall, the security review provided by Hacken focused on blockchain related penetration testing of core components of the Ambrosus Ecosystem. This included among other components, the Node Onboarding Process, a comprehensive review of the crypto-economic infrastructure, Web penetration for the Hermes Masternode client side, as well as a DDoS simulation. The Ambrosus Ecosystem was found to be of high caliber, with only a limited number of medium to low risk issues, that will subsequently be resolved by the Ambrosus team.
According to the review, the Hacken auditors evaluate the security state of the Ambrosus Ecosystem to be highly secure, particularly in light of corrections made by the Ambrosus team from the problems identified. The original code of the Ambrosus infrastructure was noted to be of very good quality. However, with the added fixes, the code is evaluated to be of very high quality.
How Hacken can help
At Hacken, we take security extremely seriously, and all the checks are performed according to the highest standards. If you have any questions about the topic or need a consultation, feel free to contact our Team!
Colony crypto project improved their Smart Contract Audit Score from 7.2 to 10/10 in 30 days. How is it even possible? A short answer: Colony Lab’s responsible security-centric approach and Hacken’s auditing expertise helped achieve the maximum safety for Colonony’s smart contracts. What is Colony Lab? Colony project (CLY) is a community-driven Avalanche ecosystem accelerator.