Interview with Yogesh Padsala - Founder & CTO of EtherAuthority

Shauli Zacks Shauli Zacks

SafetyDetectives spoke with Yogesh Padsala, Founder & CTO of EtherAuthority, about smart contracts, how to run a comprehensive security audit, how to ensure privacy and data security while providing KYC services, and more. 

Hi Yogesh, thank you for taking some time to speak with me today. Can you tell me a little bit about EtherAuthority?

Thank you very much for having me here. My name is Yogesh Padsala, and I’m the CTO, or technical head, of EtherAuthority.

We founded the company back in 2018. As you can see, it’s been more than five years in this industry. We began as a web2 company but then transitioned to web3. Now, we develop all kinds of decentralized applications and smart contracts, with a specific focus on security. Our core expertise is in securing smart contracts, and since our inception, we have served more than 500 clients worldwide.

We have extensive experience in dealing with various security challenges, including hacks, scams, and frauds, which are unfortunately quite common in this industry.

The shift from web2 to web3 highlighted a distinct need for security solutions. In web3, the landscape is different – there are no regulations and it’s completely anonymous. This environment makes it easy for hackers to operate without much fear of reprisal. This is where our services become critical. To give you an idea of the scale of this issue, last year alone, $3.8 billion of assets were stolen through hacks and various scams. This shows the depth of the problem faced by the market.

It is because of these issues and market problems that EtherAuthority exists – we’re here to address and solve these security challenges.

What are some of EtherAuthority’s main services?

First and foremost, we specialize in the security audit of smart contracts. Smart contracts are an integral part of the blockchain ecosystem. If someone is starting their own web3 project, there may be many components involved, but the smart contract is paramount due to its immutable nature once deployed on the blockchain. If there are any errors, bugs, or issues within the smart contract, they could potentially be exploited by hackers. Therefore, we prioritize ensuring that smart contracts are secure and robust – that’s our main service.

In addition, we have ventured into the realm of building blockchains. Unlike blockchain applications, this involves creating an entire blockchain infrastructure, akin to Ethereum or similar platforms. This service is about constructing a comprehensive blockchain ecosystem, which is another area we are actively exploring.

Finally, we also offer smart contract development, albeit on a limited basis. If our team has available resources, we can take on such projects. However, our primary focus remains on security and building blockchains.

Can you explain the process conducting a comprehensive security audit for the smart contracts?

Absolutely, conducting a comprehensive security audit for smart contracts is a multi-step process that involves careful examination and testing. Our team of auditors uses a combination of manual and automated approaches to ensure thoroughness. Here’s a brief overview of our process:

  1. Project Planning: In this stage, we familiarize ourselves with the project in depth. This involves not only understanding the code but also studying the project’s websites, white papers, and other relevant materials. The goal here is for our auditors to gain a thorough understanding of the project.
  2. Reviewing the Smart Contract Code (SOC) Manually: This step is crucial. Our auditors review the smart contract code line by line, examining it from a hacker’s perspective. They strive to identify any potential vulnerabilities or scenarios in which the contract could be broken. This careful, manual review is a fundamental part of our security audit.
  3. Software Analysis: We utilize various software tools to scan the code and further identify potential vulnerabilities. These tools can often catch issues that may be overlooked during the manual review process.

Once these steps are completed, our team compiles an initial report that is then delivered to the project team. If any issues are found, the project team can make necessary fixes and then return the project to us for another review.

Our team repeats the review process to ensure that all vulnerabilities have been addressed. Once everything checks out, we issue a final audit report. This is the standard procedure we follow for all our security audits.

How do you ensure privacy and data security while providing KYC services to blockchain businesses?

Indeed, Know Your Customer (KYC) services are essential in the blockchain industry due to its anonymous nature. There’s often no identifiable information about a project owner, so investors or users who wish to engage with the project need to know who’s behind it. This is especially important as there are no government regulations controlling the space, leaving it up to users or investors to conduct their own due diligence. The primary aim of KYC is thus to identify the individuals behind a project and verify their ethical standards.

As for ensuring the privacy and security of user data during this process, we take several measures:

Firstly, we store all user data on our secure, encrypted servers. This creates a safe environment for data storage. But we don’t stop there. After the completion of a project, and after a certain period, we automatically delete all the data related to that project from our servers. This means that the data only exists on our servers for a limited period, and once it’s no longer necessary, it’s permanently removed from our database. This way, we ensure optimal privacy and data security for all our clients.

What factors should a businesses consider when evaluating whether to build their own public blockchain infrastructure?

When a business is considering building their own public blockchain infrastructure, there are several critical factors they should bear in mind:

  • Smart Contract Development: As I’ve mentioned before, smart contracts are the key element in any decentralized ecosystem. If a business wants to start a project on the blockchain, they must first invest in capable developers. If there’s a mistake in the code, it could lead to the collapse of the entire project, so it’s essential to have a skilled development team.
  • Security Audit: Once the smart contract is developed, it should be audited by a reputable smart contract security company. This is to ensure that there are no vulnerabilities in the code. This step is critical in securing the integrity of your blockchain project.
  • Server Security: It’s also crucial to ensure that your servers are safe. The security of your servers is paramount as it can impact the reliability and performance of your blockchain.
  • Website and DNS Security: Protecting your website and DNS is another important consideration. They are often the first point of contact for users and potential attackers, and securing these can help protect your blockchain project from common web-based threats.

So, if a business is planning to start its own blockchain project, it needs to consider security at various levels, such as the website, DNS, and most importantly, at the blockchain smart contract level. These are the areas where careful attention should be paid.

In my opinion, the blockchain industry currently faces several significant security risks and emerging threats.

Recently, we’ve seen a surge in vulnerabilities associated with “bridges” and decentralized finance (DeFi) platforms.

  • Blockchain Bridges: These are centralized servers that facilitate the exchange of assets from one blockchain to another. Due to their central role and the amount of traffic they handle, they have become prime targets for hackers.
  • DeFi Platforms: DeFi platforms are also increasingly under threat. We’ve seen incidents where hackers exploited a single vulnerability in a DeFi project’s code, resulting in the loss of substantial amounts of funds in a matter of moments. For instance, there was a recent incident where a hacker managed to steal $1.2 million worth of ether instantly.
  • Gaming Industries: Applications in the gaming industry, like casinos, have also been affected, primarily at the smart contract level. As smart contracts underpin these types of applications, they can significantly impact these industries.

In terms of effective mitigation strategies:

Firstly, it’s crucial to hire skilled and experienced developers. Competent developers will help ensure the smart contracts and other codes are written securely, minimizing potential vulnerabilities.

Secondly, it’s essential to have a comprehensive audit of the project’s code by a reputable company that specializes in this field. This helps identify and rectify any potential vulnerabilities or weaknesses before they can be exploited.

I believe these measures can significantly help businesses secure their projects in the blockchain industry.

About the Author

About the Author

Shauli Zacks is a tech enthusiast who has reviewed and compared hundreds of programs in multiple niches, including cybersecurity, office and productivity tools, and parental control apps. He enjoys researching and understanding what features are important to the people using these tools.

Leave a Comment