Menu
Our distinguished team of security experts and blockchain specialists have the proven industry experience to upgrade projects to the next level in smart contract tech by developing with the best and most enhanced, cutting-edge protocols.
GCSecurity offerings:
- Upgrade your current ERC20 smart contracts to the enhanced ERC777 standard
- Security/ penetration testing
- Smart contract audits
Get quote now
Panos Papantoniou
GCA’s Lead Blockchain Developer, Researcher and Expert in information security with over 7 years of work experience.
Head of Service
- Created GCA's smart contract, the very first using the latest Ethereum standard ERC777, and launched it after having it pass a full and thorough professional audit
- Conducted forensic investigations in cooperation with national authorities
- Former, external information security advisor to the Greek Electronic Social Security Governance, a government agency that manages e-prescription systems
- Participated and has been distinguished in the Greek military cyber defense exercise “PANOPTIS”
- Co-founder of the “Greunion” CTF competition team with several world-class distinctions in cybersecurity
- Served as a captain and coach to the national cyber security team participating in the pan-European cyber security competition “ECSC”.
- MSc ECE with specialties in software, hardware, electronics and robotics-automated systems.
- His passion is software engineering especially when working in blockchain. He has over three years of experience programming in Solidity, Java, C++, Python, and Javascript. He’s proficient in Solidity and adds EVM code in his smart contracts, creating perfect combinations for his projects.
- He is passionate, excited, and committed to his job to the extent that it is more like a career filled with excitement and joy rather than required work that must be completed.
Alex Athanasopoulos
Core Blockchain Developer
Why an audit?
- Each function needs to be tested to ensure it operate according to the specification and its actions does not pose a security threat.
- Several ICO-reviewing sites and exchanges ask businesses if their smart contract has been audited.
- It is vital that your company ensures its investors that it has done all necessary security checks and due diligence.
That's it?
....No, no. Must also consider the scope.
The scope of the audit is very important as it defines the level of its sophistication and depth.
Our team performs
- Formal line-by-line inspection of your smart contract in order to find any potential issues
- Manual read-through of the codebase to identify areas that may be susceptible to potential security loopholes.
- Investigation of business logic to seek out faults, discrepancies with specifications, and other flaws that could affect the smart contract functionality.
Automated code reviews are executed using static analysis tools to identify the presence of vulnerabilities and to detect any possible coding flaws, back doors and malicious code.
Vulnerabilities will typically be related to under / overflow bugs, transaction-ordering dependence / front running, re-entrancy attacks, and other bugs that are well suited to an automated analysis.
Our specialists also conduct unit test reviews, dynamic analysis, and penetration tests to expand the process of assessing certain business logic, where necessary, and to simulate typical attacks such as short address, re-entrance, re-ordering and other attacks.
How could the coverage be extended?
Want to get even more in-depth?
If desired, smart contracts can be manually deployed to a testnet for assessment. These testnets will be used to find edge cases in your code, whether it’s a way to lock user funds in the contract or if a bonus percentage is being calculated incorrectly.
Additionally, they’ll help to identify bugs in your test suite if they are provided with the associated unit tests. Last but not least, our security experts will review the cryptography embedded into the smart contract to identify any potential behavioral defects
How is all this reported?
Our team compiles a detailed report covering every test that was conducted. The report is intended only to provide documentation that a client has corrected all findings noted by our team until the day the report is delivered.
The report cannot and does not protect against personal or business loss as a result of the use of the applications or systems described.Testing is conducted on the applications and systems as they exist on that particular day of the report delivery.
Information security threats are continually changing, with new vulnerabilities discovered on a daily basis. Duly note that no application can ever be 100% secure no matter how much security testing is performed.
