All Collections
EOS Support Media
Ready for the New EOS? Introducing Audit+ of the ENF Blue Papers
Ready for the New EOS? Introducing Audit+ of the ENF Blue Papers

Published on November 2, 2022

Markus Hinrichs avatar
Written by Markus Hinrichs
Updated over a week ago

Author: Markus Hinrichs

Editor: Randall Roland

EOS, the world's largest DAO, has just celebrated its Independence Day and is now a community-driven blockchain running on the lightning-fast AntelopeIO. After the successful transition, the focus is now on implementing the Blue papers in the best possible way to gain and maintain the lead in the global web3 space.

These initial four Blue Papers have been elaborated by high profile blockchain experts in order to enhance EOS and make it the best-in-class smart contract development platform for supporting Web3 applications. Here we introduce to you Audit+.

Note: This is a follow up article of:
Ready for the New EOS? Introducing Core+ & Wallet+ of the ENF Blue Papers


Audit+ : improving the overall security of EOS

This paper presents the research & initiatives of Sentnl.io and slowmist.com to enhance the level of overall security of EOSIO (now AntelopeIO) blockchains.


1. What current security solutions exist in the EOSIO Community?

  • Klevoya inspect tool to inspected WASM code for vulnerabilities

    • Very powerful tool but not same depth as a manual security audit

  • Software Development Libraries

    • Some general SDKs (Software Development Kits) are available

      • Large part of code is lacking security audits and/or is suspended for maintanance.

2. What solutions are demanded by the Community?

  • Software libraries for secure smart contract development

    • EOSIO software developers want to create more secure smart contracts but lack the overall tooling.

    • All developers using the same, regularly updated SDKs would improve overall security of Smart Contracts and prevents from making same mistakes again.

  • Bug Bountie program

    • Monetary rewards given to ethical hackers who successfully discover a vulnerability in an application or software

    • Attract best hackers to improve overall security

  • Contract upgrade authorization DAO

    • Smart Contracts have to be updated regularly to improve security

    • There's a trust issue between user of smart contract and owner of the account which upgrades

    • Providing additional layer of trust via Multisig-Environment to create more trust between the community and dApp owners.



3. Other Ecosystems - what solutions do they have?

  • Security Registry for dApps

    • “Provide information about an address when a user is interacting with it, tracking security contact information for known projects in the event that a vulnerability is found.”

  • Open source Security tools

    • a very easy way for developers to self-assess the overall security of their smart contracts.

  • Software libraries for secure smart contract development

    • Just like SDKs but come with added features that help guide developers in writing code that is more secure.

  • Common security pitfalls documentation

    • Documents created to help future developers from repeating the same mistakes.

  • Bug bounties

    • (explained above under 2.)

  • AML platform

    • An AML platform can ensure that there are enough means to track the flow of funds after a hacking incident in a timely manner.

4. A list of initiatives that could improve the EOS ecosystem

The list is based on all the current solutions that exist in the community, what’s demanded by the community and what other blockchains' solutions are.


"There is some work required to get us to the same level as other blockchains, but once our baseline is established EOSIO’s unique design will allow us to move a step above other blockchains"

Sentnl.io & Slowmist.com Crew

See Audit+ blue paper from page 19 for all detailed initiatives (Problem, Objective, Benefits, Deliverables, Effort, Products, Goals)

5. List of recommendations to the ENF on the best course of action

  • List of common security pitfalls when writing EOSIO smart contracts

    • A solid start to help the developer community create strong and secure smart contracts.

  • Software libraries for secure smart contract development

    • Helps promote best practices around the drafting of smart contracts.

  • Bug bounties

    • Engage external security community to conduct continuous testing of the EOSIO code base to ensure that the core EOSIO software is robust.

  • Open source security audit API and platform

    • Building a robust security platform that almost no blockchain has, which would put EOSIO at the the cutting edge.

Note: Please read the follow up articles to dive even deeper into the Blue Papers.

Have we sparked your curiosity?

Join the EOS movement now and get started by creating your first free EOS Account!

If you liked this article, please consider following the EOS Support Twitter for more up-to-date information, our EOS Support LIVE Giveaway Show, and our Scam Prevention Alert, where we expose the newest fraud schemes in the EOS scene. All our content is provided in 9 different languages, thanks to our international team of highly motivated agents. Want to get involved as well? We are always scouting for talent! Read here

Sources & References:

Did this answer your question?