Tomochain
Tomochain is a scalable blockchain powered via Proof-of-Stake Voting consensus and used commercially by companies globally.
Audit Projects > Tomochain
Audit Report - Tomochain
Type of audit
Bug Bounty
Language
N/A
Testing method
blackbox
Request date
2020-01-16T17:00:00.000Z
Revision date
2021-01-16T17:00:00.000Z
Status
completed
Target distribution
About Tomochain
TomoChain (TOMO) is a network of instant transaction support chains as an ideal solution for Tomoapp and Geth decentralized applications to solve the scaling problem of blockchain platforms, especially Ethereum.
Type
platform
Platform
https://tomochain.com/
Owner
Tomochain
Industry
blockchain
Assessment Checklist
Application Deployment and Configuration
Ensure server configuration, network infrastructure, web applications, files are handled correctly and securely.
User Identity Management
The application manages user identities well and does not cause problems in all use cases.
Authentication mechanism
Make sure the application's authentication mechanism has a reasonable logic, preventing the possibility of authentication bypass.
Decentralization mechanism
Check for privilege escalation, decentralization, or path traversal vulnerabilities.
Session management mechanism
Check for errors related to cookies and sessions.
Input data validation mechanism
Check for Reflected XSS, Stored XSS, SQL injection and other injection errors.
Error control ability
Ensure errors are handled properly and do not expose sensitive information through error notifications.
Encode
Test the application's encryption algorithms.
Business logic of the application
Check application integrity, conflict, and responsiveness.
Client-side issues
Check for security flaws that can be exploited from the client side.
About projects.bug-bounty Service
projects.about_bug-bounty