We are a team of distributed systems and protocol experts that is known for uncovering hard to find bugs and errors in code and protocol. We have profound expertise in protocol design, implementation, and analysis in the blockchain ecosystem, with origins in Tendermint and Cosmos as well as academic research on Byzantine fault-tolerant systems.
During code inspections, we manually analyze the source code for the purpose of reconstructing the underlying protocols. The code serves as the ultimate source of truth as we find it quite often diverges from specifications. Vulnerabilities are often found in codebases due to a number of reasons, including:
- Incorrect engineering practices
- Code evolution
- Insufficient input validation
- Overseen conditions
Protocol errors and bugs surface when protocol rules are violated when software runs in production. We perform audit activities to uncover these behaviours. These activities include:
- Reverse protocol engineering
- Mathematical protocol analysis
- Protocol vulnerability analysis
Based on the results of the reverse protocol engineering practice, we try to answer two main questions:
- Are there any flaws in the reconstructed protocols?
- Are there discrepancies between the documentation/specification of the protocols and their implementation?