• FYEO

BTblock completes security assessment for Crowdfund for Solar by Energy Web and ENGIE Energy Access



BTblock is pleased to announce that our long-term partner, Energy Web (on behalf of the Energy Web Community Fund), is launching Crowdfund for Solar alongside ENGIE Energy Access. This new crowdfunding platform will provide low-cost decentralized finance for clean energy projects in Sub-Saharan Africa - and Energy Web Token holders can take part.


Crowdfund for Solar

This new platform built with Energy Web’s open-source tech, the latest in a series of exciting announcements, is a fantastic example of deploying decentralized finance to make the world a better place. Crowdfund for Solar works by staking energy web tokens (EWT) in exchange for Solar Loan Tokens (SLTs - a proof token that can be exchanged or transferred separately). After one year, stakers can exchange their SLT back for a 10% return on their investment all while making a positive contribution to clean energy access on a global scale. For more details check out their latest Medium post or their website.


Security Assessment

When performing security assessments, BTblock, the managed services division of FYEO, focuses on the code committed at a specific time when the code base is feature complete, which in this case is the Crowdfund for Solar smart contracts. Our goal with performing this security assessment is to provide the following to our clients:


  • A better understanding of its security posture and help them identify current and future risks in its deployed chain & contract infrastructure.

  • An opinion on what security measures are in place regarding maturity, adequacy, and efficiency.

  • Identify potential issues, including loss of funds scenarios, and include improvement recommendations based on the result of our assessment.

  • Give the development team a better understanding of writing and maintaining more secure code. The incremental increase of security is part of the overall increased quality of the project.

In reviewing solutions such as the Crowdfund for Solar, we review a threat assessment of possible exploits of the system. Still, we review the code, program authentication scenarios and all components, and fund loss scenarios. This review met our requirements for an effectively implemented product including addressing findings we uncovered.


Findings and Report

During the security assessment of Crowdfund for Solar, we discovered:

  • One finding with a LOW severity rating

  • Two findings with a MEDIUM severity rating

  • Two findings with a HIGH severity rating


Once notified, the Energy Web (on behalf of the Energy Web Community Fund) team was quick to address and remediate these findings. Additionally, the link to Energy Web’s infrastructure contracts enhances the contract’s security and reliability.


The full report can be found here:


Energy Web AG - Security Assessment of Engie Solar Crowdfunding v2.1.docx (1)
.pdf
Download PDF • 483KB


65 views