Stepping into 2022 with Scalable Solutions

As the new year fast approaches, Scalable Solutions has been busy at work finalising some exciting product updates for our current and future clients to enjoy in 2022.

But before we get into that, let’s take a quick look at some of the highlights of the past year.

  • Scalable integrated SumSub, an identity verification platform that provides an all-in-one technical and legal toolkit to cover KYC/KYB/AML needs. The partnership with SumSub helped our clients to easily tackle all onboarding and compliance challenges that come with identity verification. Moreover, it optimized KYC and AML procedures by converting existing policies into automated digital processes that allow faster and safer customer onboarding.
  • We introduced Scalable Audits, a product aimed at helping smart contract projects ensure robust security. Through a thorough analysis of the source code architecture, Scalable identifies vulnerabilities and provides a Security Audit report with recommendations to guard against potential attack vectors.
  • Additionally, Scalable is one of the few to support the FIX protocol — standard in global financial markets, but unusual in the digital assets sector. It allows established financial institutions to integrate trading algorithms designed for traditional markets seamlessly into the world of digital assets. The Scalable platform uses the most advanced APIs. Also, it supports FIX protocol 4.2 (standard in US equities today), 4.4 and 5.0 for MD feeds and managing orders. These battle-tested protocols are optimized for minimum latency.
  • We also received our SOC 2 certification! SOC 2 is an auditing procedure developed by the American Institute of Certified Public Accountants. It ensures service providers manage data securely to protect the interests of organizations and the privacy of its clients. Scalable Solutions’ SOC 2-certified software is already being used by regulated trading venues, for which having the required certifications in place is a prerequisite for successful and legal business operations.
  • Scalable also took a deeper dive in digital asset adoption, developing a series of articles exploring cryptocurrency adoption and regulatory frameworks in regions around the world — find them here.

Stepping into 2022 with Scalable Solutions

For 2022, we have planned an array of positive updates, both to our products and the way we work. Our team has expanded substantially to accommodate the growing demand for advanced trading infrastructure and our company growth plans for the new year.

Below you will find some of the new products and features you can benefit from straight away.

We’re delighted to share that from 2022, Scalable will offer clients its own white label custodial wallet. The wallet is an add-on integration to Scalable Solution’s digital asset exchange, allowing for a comprehensive white label offering. With the Scalable wallet, users can easily buy, send, receive and swap every asset listed on the exchange.

The digital asset wallet features include:

  • An intuitive interface that makes it simple to navigate and trade, regardless of experience
  • It ensured high level security through advanced cryptography
  • Cross-platform functionality
  • Tailored news feed per digital asset
  • It supports the most popular payment methods
  • An option to customize the wallet according to your brand, with a variety of language options

Scalable has integrated Perpetual Futures into the exchange solution. The new derivatives instrument acts similarly to traditional futures contracts. The main difference is that it has no expiration date and can be held indefinitely.

This feature is supported by the Futures Tab with a futures market overview for the current time and the updated Terms of Trading.

SumSub Liveness Check

We are partnered with SumSub to provide a secure and easy KYC process, especially with the new Liveness Check feature. Users no longer need to take a selfie with a passport to prove their identity, or wait for the manual verification that causes delays in the KYC process.

In brief, Liveness Check is based on a biometrics verification. This is a safer and more user-friendly verification method, as opposed to selfies. The ability to perform automated checks reduces officers’ workload and users’ wait times. Trading clients can pass verification in as little as 4 seconds, drastically reducing drop off rates.

Simplex & XanPool Payment Gateways

Simplex and XanPool are the newest additions to our platform, facilitating fiat to crypto payments. Our clients now have a choice of five cryptocurrency payment gateways — BanxaMoonPayMercuryo, and the aforementioned Simplex and XanPool.

KYT with Crystal Blockchain

Besides our existing KYT providers, Elliptic and Ciphertrace, clients can now also choose Crystal Blockchain. Crystal provides crypto transaction analysis and monitoring for exchange, bank, and AML compliance requirements. This ensures a safer trading environment and also avoids the deposit of funds from illegal sources.

Prime Trust

The integration with Prime Trust, an innovative open-banking financial solutions provider, allows users to move fiat on the exchange in real time and on a limitless basis. Hence, we can reduce the time to market in a secure and regulated manner.

Hidden Orders (HO)

The feature allows users to place hidden orders. Thus, we can exclude the influence of the order on the market, enabling a more profitable order execution.

The feature is now available through API, but will soon be available on the web.

Reduce-Only Orders (RO)

When users place a close order, they need to ensure that it doesn’t flip the position. In order to do this, we propose a Reduce Only feature for orders.

Reduce Only is a parameter for buy or sell orders. When specified, the order is limited by the size of the current position and orders before it. Reduce Only orders are compatible with any type of order (except for Scaled orders on the web) and any Time in Force instructions, but are available only on margin and derivatives.

The feature is now available through API, but soon will be available on the web.

Take Profit Orders (TP)

We have added a new order type called Take Profit order (Take). Similar to a stop-loss order, it is activated only when a certain price is reached on the market, but with the reversed price condition. TP Orders are available on all markets, including spot, margin and derivatives.

The feature is now available through API, but will soon be available on the web.

At Scalable Solutions, we are excited for what 2022 will bring and the innovations we have in store for our clients.

We would like to take this opportunity to thank you for your support and wish you a wonderful year ahead. Happy 2022 from Scalable Solutions!

What is a Smart Contract Audit?

Following our series of articles on smart contracts, we now turn our attention to smart contract audits. Previously, we tapped into what exactly smart contracts were. In fact, we defined them as “sets of digital code created to facilitate the transfer of assets.” We took a dive into their characteristics, caveats and limitations, and their physiology [1][2].

Now that we have introduced the subject of smart contracts, we want to continue by discussing the importance of audits.

What is an audit?

Before discussing smart contract audits, it is worth taking a step back and briefly defining what audits are in general. In traditional markets, audits are commonly known in a financial context; more specifically, they refer to the process of evaluating financial statements (those presented by companies to regulatory bodies). These aim to ensure a certain degree of adherence to the accounting rules of corresponding regions and countries [3]. 

Defining smart contract audits

A smart contract audit is similar to a financial audit in the sense that it is a methodical examination and analysis of a smart contract’s code used to interact with a cryptocurrency or blockchain. Basically, smart contract audits are used to prove that the code will work as intended. This process is conducted to discover errors, issues and security vulnerabilities in the code. The importance of smart contract audits is several-fold, and we will be further discussing these below. 

Generally, smart contract audits are necessary because most of the contracts deal with financial assets (cryptocurrencies), and can result in sizable losses if exploited by bad actors. Audits include rigorous analysis, and include automated formal verification, static analysis, and manual review.

Benefits 

Smart contract audits have a number of advantages. Overall, they provide pre-emptive measures to ensure robust security for unchangeable code.

  • Avoid Errors. Auditing code before appending it to the blockchain can prevent potentially catastrophic vulnerabilities after launch. The double-edged sword of blockchain immutability will prohibit changing smart contract errors after broadcasting the smart contract to the network.
  • Expert Review. Having dedicated professionals audit the code and help sort cognitive and behavioral biases that are born from auto-verification of code can make an enormous difference on the success of a blockchain project (and set of smart contracts).
  • Easy Integration. Current tools are designed to integrate into heterogeneous development environments, in order to perform continuous security analysis.
  • Automated verifications. Automatic checks can be set up in order to monitor security vulnerabilities as one writes and changes the code.
  • Detailed Analytics Reports. Vulnerability reports with details and mitigation guidance will prepare a project to encounter virtually any attack vector.

Categories

Smart contract audits are a series of processes that check smart contracts. They focus on a variety of categories, including:

  • Centralization/Privilege
  • Mathematical Operations
  • Logical issues
  • Control flow
  • Volatile code
  • Data flow
  • Language specific
  • Coding style
  • Inconsistency
  • Magic numbers 
  • Compiler error
  • Gas optimization

Why is it important to audit smart contracts?

By now you might have already thought of a series of use cases for smart contract audits. Being reactive and proactive don’t have to be mutually exclusive. Working on a “solve-as-you-go” basis to stop problems must be complemented by proactive problem seeking and solution design. Don’t just stop hacks, prevent them from happening and make sure that all funds are secured.

Hundreds of cases have struck the smart contract landscape in blockchain, resulting in damages all along the scale. With an estimated US$ 1B of assets stolen in 2018, this level of rigor is the only way to objectively show immunity against some of the most critical and frequent vulnerabilities. Just as the common phrase goes: “A chain is as strong as its weakest link,” the functionality of smart contracts is only as strong as its weakest link. In a fully decentralized world, this has even deeper implications, meaning no authorities to gain the community’s trust, and virtually no do-overs because of blockchain’s immutability.

The smart contract audit process

Similar to audits in the traditional finance space, there are a couple of main types of audits for smart contracts: external audits and internal audits. External audits involve impartial third-party revision of the smart contract, and is the most embraced approach when discussing trust in code. 

At Scalable, we break down the audit process into four stages:

  1. Assessment. During assessment we review the architecture and source code, determine the estimated duration of the audit, and provide a custom quote. The duration depends on a number of factors, including the size of the codebase and its complexity.
  2. Security Review. During this stage, we review the full codebase and documentation. Our expertise in compilers, consensus algorithms, blockchain node configurations and more allows us to efficiently audit entire dApps, wallets and protocols.
  3. Reporting. After carrying out a thorough review, a security audit report is prepared, describing in detail the vulnerabilities found as well as recommendations to guard against potential attack vectors. These are categorized in accordance to security level and severity.
  4. Collaborative Improvement Workshops. Complementary to the security audit report, we provide further assistance by organizing workshops that help implement the detailed recommendations within tight time frames, all in a collaborative manner.

Your SCALABLE Security Solution

Scalable Solutions provides smart contract security solutions to whomever needs it; no matter the size, underlying blockchain of choice, or project complexity.

Our tech, custodial and otherwise, has been, and is being used to custody, trade and move billions of dollars worth of cryptocurrencies. It has been subject to every known attack vector and has remained resilient. Scalable audits is the vehicle to broadcast our expertise to the chosen industry peers. Request a quote for your project today. 

 

 

 

Sources

[1] “Smart Contracts and Their Characteristics .” Resources, Scalable Solutions, 7 Apr. 2021, scalablesolutions.io/news/smart-contracts-and-their-characteristics/. 

[2] “How Are Smart Contracts Executed? .” Resources, Scalable Solutions, 13 May 2021, scalablesolutions.io/news/how-are-smart-contracts-executed/. 

[3] Tuovila, Alicia. What Is an Audit? Investopedia, 19 May 2021,  www.investopedia.com/terms/a/audit.asp

References

Mardlin, John. “How to Prepare for a Smart Contract Audit.” ConsenSys, 17 Sept. 2019, consensys.net/diligence/blog/2019/09/how-to-prepare-for-a-smart-contract-audit/. 

Our Clients

Quer saber mais? Entre em contato