Technical Due Diligence
Under the technical due diligence the following areas are covered:
- audit of Company’s SaaS platform architecture,
- audit of Company’s SaaS platform smart contracts,
- analysis, evaluation, and recommendations of standards and guidelines for developer operations in relation to Company’s SaaS platform, and
- evaluation of the readiness of the Company’s SaaS platform for ISO27001.
Smart Contracts Audit
The main steps of the in-depth security audit of the smart contracts is summarized below.
Step 1: Automated Testing
Simulation of a variety of interactions with the smart contracts under testing on a test blockchain leveraging a combination of automated test tools and manual testing to determine if any security vulnerabilities exist.
Step 2: In-Depth Manual Review
Manual line-by-line code reviews to ensure the logic behind each function is sound and safe from various attack vectors. This is the most important and lengthy portion of the audit process (as automated tools often cannot find the nuances that lead to exploits such as flash loan attacks). The engineers will allocate a significant amount of time to review every line of code involved with the smart contracts and create detailed documentation to support the content of the audit report.
Step 3: Resolution of Issues
Consulting with the Company to provide recommendations to ensure the code’s security and optimise its gas efficiency, if possible. Assist Company’s project team in resolving any outstanding issues or implementing our recommendations.
Step 4: Audit Report
Analysis of the results and findings and drafting of an easy-to-read report tailored to the Company’s project. The audit report will highlight resolved issues and any risks that exist to the project or its users, along with any remaining suggested remediation measures. Diagrams will be included at the end of each report to help users understand the interactions which occur within the project.
Platform Cybersecurity Audit
The main steps of the in-depth cybersecurity audit of the SaaS platform is summarized below.
Step 1: Decentralized Application Audit
This step is focused upon creating and maintaining a secure integration with blockchains, as well as upon protecting assets and reputation. Among other things, it involves securing the off-chain code, preventing private key leakage, and ensuring a secure connection to the blockchain.
Step 2: Penetration Testing
Penetration testing involves the proactive identification of weak spots in the decentralized application by putting the SaaS platform against a simulated cyberattack in a safe and controlled environment. This step also involves a full-scale security risk reporting, detection of multivector vulnerabilities, as well checks for intrusion possibility. The testing is performed in any platform with zero business interruptions and guarantees a high degree of accuracy.
Step 3: Blockchain Protocol Audit
This step involves the detection and fixing of consensus mechanism flaws, as well as protection against network vulnerabilities and prevention of costly errors by auditing cryptography and keys. Finally, as part of this step the Company will receive top-notch recommendations on fixing detected vulnerabilities.
Commercial Due Diligence
The commercial due diligence focuses on the following topics:
- viability of the business model,
- feasibility of the go-to-market channels (partner integrators, direct-to-consumer, etc.),
- the technology’s efficiency and effectiveness in reducing future transaction costs at scale,
- the Company’s product or service offerings, including the features, functionality, and benefits, how the product/service is differentiated from competitors, and if the product addresses real customer pain points in the market,
- the potential for customer acquisition, retention, and building recurring sales volumes,
- the pricing strategy for the direct and partner subscription model as compared to the market,
- the customer acquisition cost for the direct and partner subscription model, and
- the Company’s competitive position, including its strengths and weaknesses.