13 May 2021

Working with Jigstack

Security Blockchain

Earlier this year, we collaborated with the team at Jigstack for a full penetration and load test of their services. For those of you unfamiliar with Jigstack, they have been called the “Microsoft of Decentralised Finance.”

Jigstack is a decentralised autonomous organisation (DAO) who govern a portfolio of Ethereum network assets and protocols. Any assets deployed into Jigstack are, as they say, “audited, non-custodial, trusted, and secure.”

When looking into the security of their services, they knew the importance of proper testing. Given the blockchain nature of decentralised finance or DeFi, once deployed – there is no going back. We were consistently impressed with the team’s professionalism and active awareness as we moved through testing.

Security Partnership

The blockchain-based platform that Jigstack has developed is built upon the blockchain. You can learn more about blockchain here! But in short, it is effectively a list of records. With each record being a ‘block’ and being chained to the previous record or block – hence blockchain. The security of blockchain is in its decentralised nature, it’s hard to cheat.

But Jigstack itself has more than the blockchain. There are other parts that needed to be as secure as possible. Over our collaboration with the brilliant team at Jigstack, we worked on the web application, the integration of smart contracts, and the API itself.

As a custom-coded financial application, the Jigstack team knew that security couldn’t be half-baked.

We can’t say enough how professional the Jigstack team were and applaud their awareness of security needs. They granted us access to the full documentation concerning their scope as well as access to the application with some user privileges. This would fall under our White Box service, a full dive into the application, often including source code.

The Results of White Box Testing

Of course, we can’t give any actual details! But what we can say is the level of access and scope we were granted allowed us to really get our teeth into their application and services. These penetration tests focus on the identification and exploitation of security weaknesses. Usually, they would allow a malicious actor unauthorised access to vital user or organisation data.

Over the course of our testing, we discovered a variety of vulnerabilities. Several of these were deemed critical by our team and we passed on a comprehensive breakdown of our findings. In addition, we provide a list of recommendations to deal with these vulnerabilities which the Jigstack team took on board.

To give a bit more detail of our testing, we look for common vulnerabilities such as:

Remote Code Execution
SQL Injection
Path traversal attacks
File upload vulnerabilities
Parameter tampering
Access control flaws
Transport layer security, Business logic, and Authentication flaws
SMTP, Header, and JSON Injection
XML Injection / Code Execution

But we also expanded to common smart contract and blockchain vulnerabilities such as:

Re-entrancy Attacks
Over & Underflow attacks
Block Gas Limit
Front Running

Load Testing Services

We also worked closely with the Jigstack team on load and performance testing. They were expecting a large amount of traffic and transactions daily. We engaged with the web platform to ensure it was able to handle a volume of users.

If you don’t know what load testing is, you can find more details here! In short, it is an orchestrated push of packets and user interactions onto a platform. The intention is to see when and where a system struggles or fails given a certain load.

Developing load test scripts to simulate real user behaviour we tested a variety of functionalities.

These include:

Account registration and login
Activation of emails
Campaign management (create, browse campaigns & transactions)
Buying crypto tokens

Once finished, we provided detailed explanations and examples of how their platform had performed. For example, thanks to the load testing exercise, we were able to identify several issues that were causing bottlenecks when it came to handling large amounts of traffic.

We were able to provide a deep dive into our findings thanks to the trust put in our testing by the team at Jigstack. We’d like to extend our thanks again to them for giving us that trust.

It was a pleasure for us to engage with the Jigstack team and put their application to the test. Since their launch, Jigstack now has over 200,000 developers around the world contributing to and/or developing on their tech stack. We were delighted to be involved in ensuring the safety, security, and reliable performance of their platform.

If you’d like to see what we can do for your application or platform, don’t hesitate to get in touch. We have anonymised security reports available as well as details on our penetration and load testing services.

Our Services <img src="/wp-content/uploads/2023/05/Vector.png">

Our Products <img src="/wp-content/uploads/2023/05/Vector.png">

PENETRATION TESTINGIndustry-leading penetration testing from Cyrex.

ONLINE GAMESKeep your players and users secure online.

APPLICATION SECURITYFortify Your Digital Frontier: Safeguarding Applications and Software.

WEB3 SECURITYDefend the Future of Web3: Unleash Unbreakable Security Solutions.

SMART CONTRACT AUDITSUnlock the Power of Smart Contracts: Audit with Confidence, Trust with Certainty.

NETWORK AUDITSUnveiling the Hidden Vulnerabilities: Network Audits for Uncompromising Security.

SECURITY REPORTDownload our free security audit report template.

CYREX PROTOCEPTORAny network traffic, any platform, any tech stack.

Our Services <img src="/wp-content/uploads/2023/05/Vector.png">

Our Products <img src="/wp-content/uploads/2023/05/Vector.png">

LOAD TESTINGUnleash Performance Potential: Load Testing for Seamless Success.

STRESS TESTINGRise Above the Rest: Cyrex Spike Testing for Peak Performance Assurance.

PEAK TESTINGReach New Heights with Confidence: Cyrex Peak Testing for Performance Peaks.

SOAK TESTINGDive Deep, Test Strong: Soak Testing for Enduring Performance.

SPIKE TESTINGSurge Ahead, Uncover Strengths: Spike Testing for Performance Spikes.

CYREX SWARMGroundbreaking Load Testing Platform

Our Services <img src="/wp-content/uploads/2023/05/Vector.png">

SaaS DevelopmentCutting-Edge SaaS Solutions.

Decentralized ApplicationsEmpowering your business for the future.

API DevelopmentSeamless Integration. Powerful APIs.

Smart Contract DevelopmentEffortless and secure transactions with smart contracts.

Bridge DevelopmentEnhancing your connections to Web3 and beyond.

PortingUpdate your outdated code into a modern technology stack.

AutomationTransform your business with development automation.

PENETRATION TESTINGIndustry-leading penetration testing from Cyrex.

ONLINE GAMESKeep your players and users secure online.

APPLICATION SECURITYFortify Your Digital Frontier: Safeguarding Applications and Software.

WEB3 SECURITYDefend the Future of Web3: Unleash Unbreakable Security Solutions.

SMART CONTRACT AUDITSUnlock the Power of Smart Contracts: Audit with Confidence, Trust with Certainty.

NETWORK AUDITSUnveiling the Hidden Vulnerabilities: Network Audits for Uncompromising Security.

SECURITY REPORTDownload our free security audit report template.

CYREX PROTOCEPTORAny network traffic, any platform, any tech stack.

LOAD TESTINGUnleash Performance Potential: Load Testing for Seamless Success.

STRESS TESTINGRise Above the Rest: Cyrex Spike Testing for Peak Performance Assurance.

PEAK TESTINGReach New Heights with Confidence: Cyrex Peak Testing for Performance Peaks.

SOAK TESTINGDive Deep, Test Strong: Soak Testing for Enduring Performance.

SPIKE TESTINGSurge Ahead, Uncover Strengths: Spike Testing for Performance Spikes.

CYREX SWARMGroundbreaking Load Testing Platform

SaaS DevelopmentCutting-Edge SaaS Solutions.

Decentralized ApplicationsEmpowering your business for the future.

API DevelopmentSeamless Integration. Powerful APIs.

Smart Contract DevelopmentEffortless and secure transactions with smart contracts.

Bridge DevelopmentEnhancing your connections to Web3 and beyond.

PortingUpdate your outdated code into a modern technology stack.

AutomationTransform your business with development automation.

Working with Jigstack

Security Partnership

The Results of White Box Testing

Load Testing Services

We use cookies

Our Services

Our Products

Our Services

Our Products

Our Services