FPComplete

Improving Distributed Ledger With A Blockchain Code Audit

FP Complete performed a standardized, rigorous blockchain code audit and system review to help our distributed ledger client better assess the health of their tech stack.

FP Complete’s Blockchain Code Audit saved the client time and money early on and ensured that future changes to the blockchain would not break software functionality

Our client, a distributed ledger/blockchain firm, was faced with an upcoming product release comprised of a software product. They wanted to make certain that the software’s underlying blockchain code was watertight in terms of functionality, security, and maintenance.

With the help of the client’s engineering team, we audited the blockchain, analyzed it for potential security issues, and offered suggestions for improvement. Once our suggestions were implemented, we again reexamined the code. By working with the client’s engineering team, we finalized the code and ensured a superior product was ready for market.

Corporation Type

Blockchain/Distributed ledger

Industry

FinTech/Banking

Project Type

Blockchain Code Audit

Business Issues

  • Client needed to guarantee that their existing blockchain codebase was functional, secure and maintainable
  • Client needed an audit to compare against the whitepaper specifying the necessary design
  • Client needed concrete, actionable items to help their engineering team improve the blockchain code from maintenance, performance, and security standpoints.

Project Outcome

A blockchain code review is an essential step in ensuring the quality and functionality of the software

Providing a blockchain code review is an essential step in ensuring the quality and functionality of any software. In this case, we focused on the topmost and most client-facing layer of functionality. Through careful analysis and feedback, we were able to identify potential areas for improvement that could enhance the overall user experience. By working with our clients and continuously striving for excellence, we ensured that our client’s software met the highest quality and functionality standards.

Project Outcome

Worked in Tandem with Client’s Engineering Team to Streamline Project

We continuously analyzed the code for known and suspected vulnerabilities, inspected test coverage reports, and focused primarily on auditing the code for potential security concerns. Working with the client’s engineering team to improve their code was a collaborative effort that led to significant improvements in each layer of functionality. The client team was responsive to our suggestions and feedback, which allowed us to work together efficiently and achieve the desired results.

Project Outcome

Coq Proof Assistant Helped Our Team Be More Efficient

Through our use of Coq, a powerful proof assistant language, we have found an effective way to audit code and ensure its reliability. Coq builds and verifies mathematical proofs. By utilizing the Coq system, our team is able to evaluate the blockchain code more efficiently and effectively.

TECHNOLOGY USED

Java, Coq

FP Complete’s Solution

  • Hosted a web-based Software as a Service (SaaS) product
  • Complied with all government regulations for data storage and transit
  • Hosted within the AWS GovCloud datacenter
  • Isolated environments for development, QA, and production
  • Integrated Continuous Integration/Continuous Deployment (CI/CD) pipelines
  • Automated deployment
  • Autoscaled in response to load to improve performance
  • Auto recovery from unhealthy nodes
  • Infrastructure-as-code support

NEW CHALLENGES FOR FP COMPLETE

  • Adjusting the Workflow to Best Utilize the Strengths of the Client’s Engineering Team was complicated to coordinate at first.  However, we found that working closely and more directly with the client’s team allowed for a different, and in our opinion, more productive workflow.  
  • By utilizing the strengths of our entire FP Complete Engineering Team, we were able to successfully integrate the proof assistant language, Coq, into our blockchain code audit program arsenal.  By making this integral change, we were more efficient and effective in auditing the client’s blockchain.  We now utilize the Coq language in all our blockchain audits.

The Conclusion

Our efforts supported a skilled, competent, and experienced engineering team in their code quality improvement. Complex distributed systems take a lot of effort to design and put into practice correctly. Our client confidently launched a complex piece of distributed system software to the market and credited FP Complete with improving their code quality.

At FP Complete, we understand that every project is unique and requires a tailored approach. Our experience with the client’s engineering team highlighted the importance of being adaptable and flexible in our code review process. While our typical approach involves extensive review followed by implementation, we were able to adjust to the fast-paced iteration process required for this particular project.