Dyma Budorin, the CEO of the smart contract auditing firm, believes that Web3 cybersecurity providers are currently not able to meet the expectations of crypto investors and that “huge blind spots” in market standards are affecting investor behavior. The absence of transparency and accountability in many providers’ audits, according to Budorin, falls short of convincing users and projects.
Smart contract auditors now bear no responsibility if a token they audited is hacked due to a fault in the code. Surprisingly, the majority of the biggest hacks in 2022 happened on third-party-audited projects.
During a recent interview, Budorin said that this makes him concerned since it jeopardizes the Web3 cybersecurity industry’s growth trajectory, which is already lagging considerably behind non-crypto rivals.
Web3 auditors dig deep into a token’s code to look for dangers of various severity. Other criteria such as the soundness of a business model, team experience, and others are not assessed in these audits.
The lack of transparency
“Auditors have a lot of responsibility,” according to Budorin, which is being overlooked because the cash comes in and there is no public demand for better services. However, he believes the solutions they provide are insufficient. “They are missing tests, accountability, and transparency in ratings of cryptocurrencies,” he adds.
Even if a project required a more comprehensive audit, Web3 cybersecurity firms would not be able to provide it since, according to Budorin, “currently in Web3 cybersecurity, there are no organizations delivering recurring audits” that occur regularly and go into greater detail about the project.
“Right now, the best market practice is to get a token audit, and that’s it.”
While hindsight is always 20/20, a full scope audit of any of the bridges compromised this year, including Wormhole, Ronin Token Bridge, Qubit’s QBridge, and Meter’s Meter Passport, would very certainly have prevented disaster.
Token bridges, in addition to obvious problems in the code, show how cybersecurity has “a huge amount of blindspots” because “there is no way of knowing who is responsible for the keys, who mints new tokens, if the tokens are properly bridged, and so on with no transparency,” according to Budorin.