FireWall.X Mitigates the Risk of Attacks for Apps

To most people, the word ‘firewall’ is an unwelcome term, implying censorship, lack of access, and the curtailment of online freedom. For EOSIO developers, however, FireWall.X is more likely to be a helpful tool rather than a cyber obstacle, because the platform sets out to protect smart contracts built on EOSIO from malicious hacks and cyber threats, in turn contributing to the health of the overall EOS ecosystem. We spoke to Zhong Qifu, Product Manager at SlowMist Technology Co. (the company behind FireWall.X), about how “the world’s first firewall for smart contracts” intends to be the security guardian of all EOS applications.

How would you describe your project?

Zhong Qifu: FireWall.X is a powerful and practical firewall for smart contracts — it is also the world’s first firewall for smart contracts. Similar to traditional firewalls for operating systems which control network traffic, FireWall.X can also execute control over inline actions and prevent unauthorized access to smart contracts. Used in combination with oracle technology, there is the added benefit of risk management, which will help prevent hackers from obtaining any account information contained in smart contracts. For developers, FireWall.X makes their development process a lot easier, since all they need to do is to directly import our smart contract security enforcement document into their own code, after which they will be able to create a smart contract that is more resistant against cyber attacks — all at zero cost.

Where did your initial idea come from?

Zhong Qifu: In the latter half of 2018, we conducted some research into the many different ways one could carry out smart contract hacks, and discovered some of the major pain points and challenges surrounding the safety precautions of smart contracts. Following one of our many brainstorming sessions, a cybersecurity researcher on our team proposed the idea of FireWall.X, which naturally led us to the creation of this project. Our team’s expertise also lies mainly in cybersecurity technology, which is why we chose to focus on this aspect in the first place.

Can you introduce your team and tell us what makes it special?

Zhong Qifu: Our team possesses deep expertise and experience in cybersecurity-related matters. Many of our members have worked at eminent tech corporations such as Google, Microsoft, W3C, Tencent, Alibaba, Baidu etc., and some of their project achievements have been featured at the Black Hat Briefings — one of the most well-attended information security conferences in the world. So far, we have provided many EOS-based decentralized exchanges, wallets, and smart contract developers with security audits. Our clients include WhaleEx, Newdex, Chaince, MORE.TOP Wallet, MEET.ONE etc. When the public network launched in June 2018, our team compiled a guide titled “EOS BP Nodes Security Checklist”, aimed at providing community members with smart contract security support. In the following September, we utilized our experience in carrying out smart contract security audits to create a ‘Best Practice’ guide on ensuring the secure implementation of EOS smart contracts.

What stage is the project at and what are your plans for scaling up?

Zhong Qifu: At present, some of the fully functioning features of FireWall.X include malicious account screening, blacklist and whitelist management, statistical analysis, activity logging, as well as malicious transfer detection. These are all provided on a user-friendly platform for developers. Down the line, we will be launching a real-time statistical panel, as well as introducing risk management features in combination with an off-chain analysis tool. In a nutshell, these features and tools would enable apps to block off attacks in a timely manner, thus reducing the financial loss of users.

Why did you decide to use blockchain technology, and specifically EOSIO?

Zhong Qifu: Blockchain technology is superior in that it offers the benefits of immutability and accountability, which ensure that no data can be tampered with in the process. Blockchain can also improve identity verification and data authorization, which helps massively with elevating the efficiency of threat intelligence sharing. This is especially pertinent to our project, as it is centered on preventing cyber attacks. As for choosing to build on EOSIO, that’s because it is fast and easy to use. Since the launch of the public network, we have continuously seen a growing number of apps developing on the EOSIO protocol — this gives us high hopes for the EOSIO ecosystem.

It has only been three months since FireWall.X has gone live, but we have already seen lots of positive responses to our project among members of the EOS community. So far, we have managed to get 23 projects on board with implementing FireWall.X. As of now, we have successfully blocked off a large volume of smart contract hacks, in the process protecting many apps from cyber attacks.

More information on FireWall.X available on https://FireWallx.io/index-en.html

Stay tuned to our EOSIO Spotlight series where we’ll highlight some of the truly exceptional projects being built on our platform. If you have a project you’d like to share with us, please email [email protected].

-Developer Relations team

All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

Important Note: All material is provided subject to this important notice and you must familiarize yourself with its terms. The notice contains important information, limitations, and restrictions relating to our software, publications, trademarks, third-party resources and forward-looking statements. By accessing any of our material, you accept and agree to the terms of the notice.