Recently, there has been a surge in discussions surrounding auditing and building on ICP.
At CAYA, we firmly believe that the necessity of an audit should not be questioned. Let’s delve into the reasons why auditing on ICP is an absolute must-have. 
In the world of ICP, the processes involved in writing canisters are largely not automated yet. This means that developers must meticulously consider not only the steps taken by end users, but also the code processing and data transformation on the computer side. The complexity of building the overall architecture, as well as the canister model, gives rise to numerous vulnerabilities related to error handling, undefined actions, canister blocking, and the ability to update and create backups of data. It is crucial to be mindful of arithmetic operation wrappers, preventing DoS attacks, and the potential shadowing of callers. These considerations highlight the critical need for auditing canisters on ICP.
Checking your code early in the development lifecycle can help you avoid potentially fatal flaws after launch.
The main cases that need to be checked before deploying a canister on the network:
- Calls between canisters: internal and external.
Calls are implemented through 2 asynchronous messages: the initiation of the call and the return of the response. Canisters process messages atomically (rollback in case of certain errors), but do not complete them. Possible vulnerabilities are related to global states, incorrect error handling, and reentrancy attacks.
- Rollback.
Vulnerability to unwanted state changes or rollbacks.
- Interaction with unreliable contracts.
- Canister not responding.
- The canister is blocked.
- Incorrectly coded Candid - an interface description language created specifically for ICP.
- Upgrade.
The main problematic points that need to be carefully checked are:
- Can the canister be upgraded?
- Will all data be saved after the update?
- Can it be updated quickly?
- Is there a recovery plan when an update is not possible?
Critical vulnerability: when the ‘live’ data is larger than 2GB, the canister cannot be updated due to stable variables.
-
Wrapper of arithmetic operations.
-
DoS attacks.
Attacks are possible by depleting the balance of the cycle and avoiding constant monitoring of the balance, as well as keeping away from the configured freeze stream.
An audit plays a pivotal role in ensuring comprehensive security when utilizing a software product. Through a combination of manual and automated testing conducted by diverse auditors, it becomes possible to thoroughly test the program’s functionality using various input data and different volume levels. This process allows for an evaluation of whether the program aligns with the intended business model and enables the identification of existing vulnerabilities, along with potential solutions. Furthermore, auditors can offer valuable advice on implementing the same actions while optimizing gas usage and suggest possible optimization solutions. By undergoing an audit, a software product can achieve enhanced security and improved efficiency 