Dedaub Security Suite is renowned for its powerful EVM bytecode decompiler, which users have hailed as the best in the industry. Just as a quick sample of how much it’s appreciated, one testimonial reads, “I love the Dedaub decompiler—No other tool even comes close to what Dedaub has created.” The Dedaub Security Suite is a collection of web3 security technology tools, with the decompiler being the most popular in the community. In this blog post, we share our suite’s latest milestones, new features, and platform improvements.

Enhanced EVM bytecode Decompiler Insights

Our decompiler now extracts additional information about high-level storage and memory structures, such as mappings, arrays, and structs. This enhancement provides deeper insights into your contract’s storage and memory, enabling a more thorough analysis and understanding of on-chain bytecode.

Expanding Our Chain Support

We’re proud to announce the recent addition of Binance (@BNBCHAIN), Blast (@blast-l2), and Polygon (@0xPolygon) to our Dedaub Security Suite, which now fully supports eight major EVM chains. 

Our ongoing expansion aims to provide a comprehensive security technology solution for all EVM-compatible ecosystems, ensuring your projects remain secure across multiple platforms.

Advanced Pre-Deployment Analysis

Our platform now includes enhanced analysis capabilities, particularly for pre-deployment “Projects.” This feature enables precise fuzzing of undeployed contracts, which significantly improves our static analysis engine. 

These improvements drastically reduce analysis timeouts without compromising precision and completeness, ensuring faster and more accurate results. Learn more.

On-Demand Analysis with GPT Integration

Dedaub Security Suite now offers on-demand analysis of project contracts using GPT technology. Leveraging advanced GPT prompts, our platform provides detailed insights that complement our traditional static analyses. This feature helps uncover hidden issues and suggests improvements, presenting findings succinctly with inline code snippets for easy inspection. Learn more.

Customizable On-Chain Transaction Monitoring

Our customizable blockchain monitoring solution utilizes an enhanced PostgreSQL database to detect on-chain activities, establish periodic executions, and create custom alerts. For instance, you can set up a monitoring agent to identify large fund transfers to or from a yield farming vault. Learn more.

Create Your Free Account and Access the Dedaub Decompiler

Sticking to our mission, “… to ensure the integrity of the blockchain ecosystem by transforming complex smart contracts into clear, secure, and reliable systems,” Dedaub is committed to contributing to web3 security by offering the entire community free access to our advanced technology. Create your free account today and access the powerful Dedaub decompiler. 

Dedaub is now the Security Advisor for Arbitrum DAO’s Procurement Committee (ADPC). The community backed us with 114.9M votes—99.39% approval. We’re delighted the community recognizes our expertise in securing Web3 infrastructure. Our partnership with Arbitrum DAO marks a significant step forward.

What is the Arbitrum DAO Procurement Committee?

The Arbitrum DAO Procurement Committee (ADPC) is a specialized committee that manages procurement, contracts, and resource allocation to support growth. Its primary responsibilities include developing structured frameworks for selecting and onboarding vendors, managing budgets for community-approved initiatives, and ensuring transparency and accountability in funding processes. The ADPC manages the Security Subsidy Fund to subsidize security audits and services for projects within the ecosystem.

What Dedaub Brings to the Table

Technical and Business Requirements Development: Developing precise, comprehensive specifications and criteria for the Request for Proposal (RFP) aimed at prospective security service providers for the Arbitrum DAO.

Whitelisting Support: Providing focused assistance to the ADPC over four weeks, facilitating the selection and whitelisting of qualified security service providers.

Why Dedaub

Arbitrum DAO Procurement Committee (ADPC) chose Dedaub based on its deep expertise in smart contract security, demonstrated through the completion of over 200 audits and strategic collaborations with industry leaders such as the Ethereum Foundation and Chainlink. As a founding collaborator of SEAL 911, a security partner for Oasis Protocol Sapphire, and a member of the ZKsync Security Council, Dedaub has established trust and recognition within the ecosystem. Voter feedback highlights this confidence clearly:

“We have heard about Dedaub and their past work, and we’re confident they will be great at this role given the positive vote.”
“Dedaub is solid (Excellent works with recognized projects).”
“Dedaub is a well-recognized firm with a solid track record in security, making them a great choice for our needs.”

Dedaub is excited to participate in ETHDenver 2024. During the conference, Dedaub will showcase its advanced security technology solutions. Its team will members discuss the safety of Web3 applications, build partnerships, and share insights to enhance security standards within the Web3 ecosystem.

Visit Dedaub at Booth #251 in Devtopia at ETHDenver 2024!

Dedaub’s booth, #251, is in the vibrant Devtopia space. We invite technology enthusiasts to visit and attend one of the Suite demos, where we’ll explore the cutting-edge capabilities of static analysis, formal verification, Monitoring, and Alerting service.

In the demo, you will have the opportunity to learn about our tools that utilize formal analysis and statistical learning to examine possible states and paths of Smart Contracts, efficiently identifying vulnerabilities. Additionally, you will see how our customizable agents can provide essential insights into on-chain activities. Check out the Demo calendar on our Dedaub booth playbook.

Moreover, it is an excellent opportunity to interact with our team and discover how we can safeguard your Web3 projects.

Spotlight | Dedaub Talk

One of the main events during Dedaub’s participation at ETHDenver 2024 will be a talk by co-founder Yannis Smaragdakis, a respected authority on blockchain security. The presentation is scheduled for February 29, 2024, at 4:25 PM: “All Your Contract Are Belong to Us: Analyzing All Deployed SCs”

Every time there is a need to analyze a large number of Smart Contracts, Dedaub is the default partner–in war rooms, Ethereum Foundation impact studies, and widespread bugs.

Dedaub has built on its leading EVM decompiler to produce technology for querying all EVM smart contracts ever deployed. The talk will go over cool recent cases:

• Solidity compiler bug: “most deployed contract addresses contain mostly junk code!”
• Helping the Ethereum Foundation study EVM changes
• Ecosystem-level threats: use in major “war rooms,” e.g., ThirdWeb vulnerability.

About @EthereumDenver 2024

ETHDenver 2024, known as the Year of the SporkWhale, will occur in Denver from February 23 to March 3, 2024. It aims to turn the city into a hub for blockchain innovation. ETHDenver is a community-owned innovation festival powered by SporkDAO that offers a variety of activities, including workshops, technical presentations, bootcamps, and networking parties. Learn more.

As a founding collaborator of the Security Alliance (SEAL), Dedaub celebrates SEAL’s public debut, a significant milestone in crypto security. The alliance consists of more than 50 Web3 and cybersecurity organizations. Its goal is to strengthen the security of the cryptocurrency ecosystem. Before its public debut, SEAL connected users, developers, and experts and offered free Web3 simulation exercises.

SEAL’s dedication to setting high-security benchmarks within the crypto ecosystem aligns with our core capabilities. Dedaub is bringing to the table world-leading technologies and expertise in static and dynamic program analysis, reverse engineering, and ethical hacking. In the context of SEAL, we can contribute to developing more robust defense mechanisms against threats and ensure the blockchain ecosystem’s safety.

Dedaub supports the Whitehat Safe Harbor initiative and SEAL proactivity. This empowers ethical hackers to use cutting-edge tools like MEV bots to monitor and safeguard projects easily. The goal is to respond to challenges and incidents like the Nomad bridge hack.

Dedaub is proud to be part of SEAL, driving towards a more secure decentralized future.

Seal’s Public Debut | The security culture

By its very nature, the crypto market fosters a rigorous security culture. Its foundation on blockchain technology—a bastion of decentralized security—demands constant vigilance and innovation from its participants. It encourages the development of sophisticated security measures designed to protect against a wide range of threats.

Crypto security constantly changes and adapts to meet the challenges of advanced threats. Its strength relies on its community’sdge and expertise, including developers, researchers, and users, who work together to protect the infrastructure. Their collective efforts safeguard the system, embodying the core values that make Web3 a unique, resilient, and ever-growing reality.

Seal’s Public Debut | The security researchers’ playground

Crypto offers an exciting platform for security researchers, including those from web2 backgrounds, due to its complex challenges, high stakes, and the immediate impact of their work. This field merges theoretical knowledge with practical application, creating a rich environment for problem-solving.

Collaborating with SEAL through initiatives like SEAL Drills allows researchers to contribute while expanding their skill set significantly. These drills offer hands-on experience in real-world scenarios, enhancing their technical skills and understanding of blockchain intricacies. SEAL Drills prepare them to face formidable challenges and fosters a collaborative learning atmosphere with seasoned experts, making an ideal space for deploying and honing their security skills.

The collective and hands-on approach is crucial, especially when considering the advanced tools at our disposal, such as MEV bots, and the legal complexities surrounding their use.

Seal’s Public Debut | The Impact of MEV Bots under the Safe Harbor Agreement

The Whitehat Safe Harbor Agreement that SEAL promotes provides a legal framework for ethical hackers to conduct emergency rescues, primarily using MEV bots. This allows the community to monitor suspicious activities and take protection actions (when a protocol is under attack) without facing legal consequences.

The open and decentralized nature of cryptocurrency, which includes public code and lack of gatekeepers, makes it susceptible to hacking attempts. Therefore, it is important that security researchers are incentivized to protect it as much as attackers are motivated to steal funds.

In the past, many developers and security researchers were discouraged from assisting due to legal ambiguity with their employers. SEAL is promoting this initiative following its community members who regretted that more people would help if a legal framework existed.

Dedaub is committed to SEAL’s mission to protect decentralization and urges the community to join the cause.

About Security Alliance (SEAL)

Security Alliance (SEAL), established with the support of blockchain innovators, has quickly become a cornerstone in the advancement of Web3 security. This alliance represents a collaborative effort among premier experts, from audit firms to ethical hackers. It is dedicated to pushing the security boundaries in the Web3 space. As one of its founding members, Dedaub has been at the forefront of this initiative, driven by a mutual commitment to bolster Web3 security.

SEAL operates as a US 501(c)(3) nonprofit organization with the mission to protect the decentralized internet. Bringing together a diverse group of security experts—including auditors, bug bounty hunters, foundation security leaders, security researchers, and ethical hackers—marks a significant step in social coordination across different web3/crypto ecosystem sectors.

The alliance innovates with several key initiatives in the crypto ecosystem’s security framework. SEAL911 and SEAL Drills, for instance, are designed to provide immediate assistance and training against security threats, showcasing SEAL’s proactive approach to community support.

Additionally, the Safe Harbor Agreement for Whitehats, spearheaded by SEAL, emphasizes the alliance’s forward-thinking strategy to prepare for and mitigate future security threats. This agreement lays down a legal framework enabling ethical hackers to contribute to the crypto ecosystem’s security without fearing legal repercussions.

We invite the community to engage and provide feedback on the Whitehat Safe Harbor Agreement proposal hosted on Github. We welcome your insights until Pi Day, March 14, 2024.

At Dedaub, we have solid expertise in Smart Contract security, which allows us to contribute significantly to protecting the Web3 ecosystem, and we have recently achieved another milestone in our mission to establish trust and improve safety in the blockchain industry.

We are thrilled to announce the launch of the Dedaub TX Simulator Snap, a tool to transform how users engage with blockchain transactions.

What is the Dedaub TX Simulator Snap?

The Dedaub TX Simulator Snap is a cutting-edge tool that enables users to simulate transactions, evaluate the reliability and credibility of the accounts involved, and determine the financial consequences of their actions. Leveraging the extensive Smart Contract Database of Dedaub in real time, it provides users with up-to-date and comprehensive insights to make informed decisions.

How to Install Dedaub TX Simulator Snap

1. Add to MetaMask: Click the ‘Add to MetaMask‘ button.
2. Grant Permissions: The Snap will request the necessary access permissions during installation.

Frequently Asked Questions (FAQs)

HOW DOES THE DEDAUB TRANSACTION SIMULATOR WORK?

The Dedaub Transaction Simulator interfaces with Dedaub’s Smart Contract database, conducting real-time simulations of transactions that mirror the conditions of the specified network.

WHAT ARE THE KEY BENEFITS OF USING THE DEDAUB TX SIMULATOR?

• Cost Efficiency: Save on gas fees by avoiding reverted transactions.
• Informed Decision-making: Understand the financial implications of transactions before sending them on-chain.
• Detailed Analysis: Get a comprehensive overview of asset transfers, state changes, gas consumption, and more.

HOW DO YOU INSTALL AND USE THE DEDAUB TX SIMULATOR?

You can find the Dedaub snap at the official Metamask snap store.

WHAT DOES THE SIMULATOR NOT DO?

The Dedaub Transaction Simulator does not execute transactions on-chain. Instead, it simulates them based on the network’s current state. During the testing phase, it does not carry out any actual transactions.

WHAT NETWORKS DOES THE SIMULATOR SUPPORT?

The currently supported networks are Ethereum Mainnet, Arbitrum, Optimism, Fantom, Avalanche, and Base.

HOW DO I REACH OUT FOR SUPPORT?

For any support inquiries related to the Dedaub Transaction Simulator, please contact our support team at contact@dedaub.com or through our Discord Support Channel.

About Dedaub

Dedaub has a history of over 200 audits for leading Web3 protocols and successful white-hat hacking endeavors that have safeguarded billions in Total Value Locked (TVL). The Ethereum Foundation trusts our team. We integrate academic research with practical hacker experience to offer unparalleled security services. To learn more about our journey and services, please visit https://dedaub.com.

Web3 Monitoring continuously tracks blockchain activities, such as transactions and smart contract interactions, to identify anomalies, ensure security, and maintain operational transparency across decentralized networks. Web3 Monitoring empowers developers and organizations with real-time insights to safeguard their projects.

Why Blockchain Monitoring is Important

The need for security on the blockchain is ever-increasing, and the demands for innovative security solutions have also surged in recent years. The complexity of hacks and security breaches leaves no room for errors as the blockchain has shown to be unforgiving by design in punishing any possible lapses. In the last few years, attacks from private transaction pools have increased because attackers can bypass traditional defenses and exploit vulnerabilities without detection, limiting current security approaches and elucidating the need for more proactive measures. As codebases strengthen to counter these security risks, social engineering presents malicious actors with new ways to defraud people, hence the increased need for monitoring activity on the blockchain.

Web3 monitoring involves:

• Analyzing activities over a specific timeframe can deliver security insights regarding potential malicious actors.
• Establishing baselines of behavior and identifying anomalies based on user preferences and previous interactions.
• Real-time wallet and token activity notifications to identify significant transfers and other risk indicators.

The customizable blockchain monitoring solution provided by Dedaub to detect on-chain activities, establish periodic executions, and create a custom alert using an enhanced PostgreSQL database to give a consistent view of blockchain data and maintain high efficiency in on-chain real-time monitoring embodies all the qualities of a sound Web3 monitoring system.

Web3 Monitoring as a Post-Audit Best Practice

Relying solely on smart contract audits to protect against hacks and security breaches is now considered outdated. While audits reduce the likelihood of attacks, they do not guarantee a secure system in the long run. 

One important reason for this is that audits focus more on the codebase itself. Still, audits may only partially cover security issues arising from dependencies or the underlying blockchain architecture. In the blockchain environment, where threats are dynamic and evolving, new sophisticated attack vectors that may evade standard checks and vulnerabilities can occur, making a contract previously considered secure and vulnerable. 

Contrary to public opinion that hacks occur suddenly, most attacks come with indicative signals usually present before the attack. By monitoring these stages of potential attack flags and signs with real-time monitoring, we finally have a system to cover security gaps and bolster the results of adequately audited smart contracts.  Real-time monitoring of on-chain activity like transactions, multi-sig wallet operations, governance proposals, stacking, node infrastructure, and financial risks due to market manipulations to find out malicious incidents before they happen and prevent any breach that could have occurred in real-time can prove to solve about 98% of all security breaches.  Monitoring helps to give risk insights and provide real-time detection of risks based on blockchain and meme pool data, allowing for recovery actions before any compromise.

How Dedaub Enhances Real-time Blockchain Monitoring

Dedaub’s real-time smart contract monitoring reinforces post-audit safeguards by identifying suspicious activities and offering fully customizable multichain protection against threats and unforeseen behaviors across Ethereum and other EVM-compatible chains. 

The Dedaub Security Suite allows users to set up monitoring bots and queries to track on-chain activities and trigger custom actions through webhooks for free. It also flags unusual transactions and lets users stay alert to specific on-chain events with seamless cross-chain queries to ensure efficient monitoring. 

With the monitoring star rating system, query ratings are now possible, allowing users to share their experiences and contribute to an expanding library of insights to help new and existing users find the best tools to achieve their goals faster and enhance functionality. The enhanced monitoring editor makes the query writing process quicker and easier to understand. It also gives suggestions in queries, together with an advanced error reporting system, to identify any issues arising from variables. The ability to join on-chain data with off-chain metadata also gives an essential edge in real-time monitoring. 

Using multichain monitoring agents offers a network-agnostic solution that simplifies the process of tracking activity across multiple blockchains simultaneously. With the new cross-chain contract lists, managing data from various blockchain networks can be achieved through a single unified list. 

Moreover, the advanced RPC fetch functions allow users to incorporate data directly from external REST APIs into their monitoring queries framework, increasing the capability and accuracy of real-time monitoring. 

The latest version of Dedaub’s Security Suite introduces cutting-edge blockchain transaction monitoring features, including cross-chain capabilities, public function-based similarity, and an enhanced monitoring editor. These tools empower developers and organizations to maintain robust oversight with advanced security and efficiency. Learn more.