Deteact team has recently conducted a security audit of the blockchain voting service which is a part of Waves Enterprise system.
Waves Enterprise system is a blockchain platform combining private and public networks. Waves Enterprise provides consulting, deployment, and support services.
The audit included penetration testing of the client web application, server-side API, blockchain smart contract integration.
We’ve been able to identify several issues such as Insecure Direct Object Reference, stored Cross-Site Scripting, voting manipulation, regular expression injection, email HTML injection, etc.
All the issues have been immediately reported and soon fixed by the Waves Enterprise team.
Previously we’ve already successfully worked with Waves and tested other components of the Waves Enterprise system.