How Sparrow Leveraged CertiK’s Penetration Testing

CertiK | Aug 13, 2019

Article's Poster

We take security seriously, and the lasting effect of a cyber attack can be serious. The reality is, anyone can be prone to a hack.

Due to the transparent nature of Blockchain and potential lucrative benefits one may receive from conducting a successful attack, ecosystems can be far more vulnerable than expected.

That’s why Sparrow chose to partner with CertiK to complete an intensive penetration test and prevent hacks from happening.

About Sparrow

Sparrow, the leading options trading platform, provides a simple way to control risk and monetize assets. To do this, they align with four unique values: simple, customizable, reliable, and secure.

  • Simple: By understanding the challenges traders face, Sparrow’s methodology allows everyone to trade options, making options trading simple and open to the broader ecosystem.
  • Customizable: Different traders have different priorities. Sparrow caters to both retail and institutional traders by offering a simplified and advanced interface that meets their needs.
  • Reliable: Options are settled on Ethereum smart contracts to ensure transparency and reliability.
  • Secure: Sparrow prides itself on its industry-leading security and compliance. All assets are secured to the highest security standards that are independently audited.

To further their project, Sparrow wanted to work towards their core value of the security. In order to build a stronger ecosystem, trust should inherently be built into a platform — something we ensured with a rigorous penetration test, static analysis, and manual review.

Why the Penetration Test Matters

Sparrow chose to work with CertiK’s team of world-class white hat hackers to run a penetration test for their platform at large to ensure security.

By performing this task, CertiK was better able to prove and represent Sparrow as a safer and more secure platform in-line with all the best practices in the field.

Our penetration test for Sparrow contained a detailed assessment of the system’s security posture. Some of the methods used during the testing of Sparrow consisted of:

  1. Black box testing to simulate an unknown attacker.
  2. Grey box testing to simulate a validated user on the Sparrow Platform to ensure that accounts are secure and login roles cannot be manipulated by users or administrators.
  3. Security testing for Sparrow of their web application. The assessment was carried out using both a manual and an automated approach.
  4. Utilizing OWASP Top 10 standards and the list of Attack Vectors, and Vulnerability Assessments are listed below. CertiK has rigorously tested Sparrow’s platform for security weaknesses and direct vulnerabilities.
  5. The use of proprietary and open-source tools for scanning and evaluating network securities.

During testing, the Sparrow application demonstrated strong mechanisms to prevent potential hacks. The platform had robust checks and proved that security was an integral part of the project.

After our risk analysis and report, Sparrow was able to leverage the adjustments recommended from the penetration test and ultimately empower their ecosystem to trade confidently.

Kenneth Yeo, CEO of Sparrow said, “We are proud to have passed CertiK’s rigorous formal verification audit. With customer protection as our top priority, Sparrow is committed to keeping our platform safe, secure and compliant to global standards.”

Overall CertiK has determined that Sparrow has a strong security posture, and wishes success to the team for the project at large.

About CertiK

CertiK is a blockchain and smart contract verification platform founded by top Formal Verification experts from Yale and Columbia University. Incubated by Binance Labs, Certik has strategic partnerships with the world’s leading crypto exchanges such as Binance, OKEx, and Huobi, as well as protocols such as NEO, ICON, and QuarkChain.

CertiK’s formal verification method works differently than traditional testing approaches: rather than working manually, CertiK mathematically proves blockchain ecosystem and smart contracts are hacker-resistant and bug-free at scale. CertiK has secured over $4B in asset value, auditing several projects across all major protocols, including BNB, Terra, Crypto.com, and TUSD.

To request the audit/verification of your smart contracts, please email audit@certik.org or visit certik.org to submit the request.

Twitter: https://twitter.com/certikorg

Reddit: https://www.reddit.com/r/CertiKOrg/

Telegram: https://t.me/certikorg

LinkedIn: https://www.linkedin.com/company/certik

About Sparrow

Sparrow | www.sparrowexchange.com is the leading options trading platform, providing the simplest way to control risk and monetize your digital assets. Trade with confidence in the world’s best options trading platform powered by smart contracts.

Headquartered in Singapore, Sparrow offers fully-customizable options settled by smart contract in an intuitive and easy-to-use trading interface. Professional traders will also be able to use Sparrow APIs for maximum performance. Sparrow aims to serve the needs of all traders by providing a wide range of industry-leading trading tools.

Sparrow is backed by renowned organizations such as: Signum Capital, Hyperchain Capital, Kyber Network, LuneX Ventures, Arrington XRP Capital, Digital Currency Holdings, Du Capital, The Yozma Group, QCP Capital, 256 Ventures and Jubilee Capital who firmly believe in the project and have committed to use Sparrow as their preferred hedging partner.

Website: https://www.sparrowexchange.com

Medium: https://medium.com/@FriendlySparrow

Telegram: https://t.me/SparrowExchange

Twitter: https://twitter.com/SparrowExchange

Facebook: https://www.facebook.com/SparrowExchange/