Beyond the Surface: Delving into the Audit Debate and Pre-Deployment Checks

Recently, there has been a surge in discussions surrounding auditing and building on ICP.
At CAYA, we firmly believe that the necessity of an audit should not be questioned. Let’s delve into the reasons why auditing on ICP is an absolute must-have. :man_technologist:

In the world of ICP, the processes involved in writing canisters are largely not automated yet. This means that developers must meticulously consider not only the steps taken by end users, but also the code processing and data transformation on the computer side. The complexity of building the overall architecture, as well as the canister model, gives rise to numerous vulnerabilities related to error handling, undefined actions, canister blocking, and the ability to update and create backups of data. It is crucial to be mindful of arithmetic operation wrappers, preventing DoS attacks, and the potential shadowing of callers. These considerations highlight the critical need for auditing canisters on ICP.

:exclamation:Checking your code early in the development lifecycle can help you avoid potentially fatal flaws after launch.

The main cases that need to be checked before deploying a canister on the network:

  1. Calls between canisters: internal and external.

Calls are implemented through 2 asynchronous messages: the initiation of the call and the return of the response. Canisters process messages atomically (rollback in case of certain errors), but do not complete them. Possible vulnerabilities are related to global states, incorrect error handling, and reentrancy attacks.

  1. Rollback.

Vulnerability to unwanted state changes or rollbacks.

  1. Interaction with unreliable contracts.
  • Canister not responding.
  • The canister is blocked.
  • Incorrectly coded Candid - an interface description language created specifically for ICP.
  1. Upgrade.

The main problematic points that need to be carefully checked are:

  • Can the canister be upgraded?
  • Will all data be saved after the update?
  • Can it be updated quickly?
  • Is there a recovery plan when an update is not possible?

:point_up:Critical vulnerability: when the ‘live’ data is larger than 2GB, the canister cannot be updated due to stable variables.

  1. Wrapper of arithmetic operations.

  2. DoS attacks.

Attacks are possible by depleting the balance of the cycle and avoiding constant monitoring of the balance, as well as keeping away from the configured freeze stream.

An audit plays a pivotal role in ensuring comprehensive security when utilizing a software product. Through a combination of manual and automated testing conducted by diverse auditors, it becomes possible to thoroughly test the program’s functionality using various input data and different volume levels. This process allows for an evaluation of whether the program aligns with the intended business model and enables the identification of existing vulnerabilities, along with potential solutions. Furthermore, auditors can offer valuable advice on implementing the same actions while optimizing gas usage and suggest possible optimization solutions. By undergoing an audit, a software product can achieve enhanced security and improved efficiency :medal_military:


Great explanation! I completely agree with the above. Recently, more experimental versions of libraries that are not yet well tested have started to appear. But despite this, more and more programmers use them in their code without thinking about security. If you don’t fully check all the serviceability, the correctness of the operation of each function, each change in the value of a variable, then the consequences will really be deplorable. Thanks for the detailed analysis of critical issues!

1 Like

Hi CAYA team,
It’s nice to see that you are offering security audits for Internet Computer dapps! Fully agree that such audits are super important, especially for security critical applications e.g. dealing with token transfers.

Let me also take the opportunity to advertise the IC security best practices that we set up in Dfinity’s Product Security team. We recommend considering these best practices in the development process, but they also serve as a good starting point for security reviews.