Luniverse User Guide

루니버스 사용을 환영합니다!
이 페이지에서는 루니버스 서비스 사용 가이드를 제공합니다.
루니버스를 사용하여 다양한 디앱(DApp)을 제작해보세요.

Welcome to Luniverse!
This page provides a guide to using the Luniverse service.
Try to create various DApps by utilizing Luniverse.


Using Security Assessment

Security Assessment is a security service that enables users to simply check vulnerabilities of contracts in real time and patch them without advanced knowledge about security.

The security assessment in the software development generally refers to a process that a security expert tests the developed product for any vulnerabilities in terms of security.

The common challenges in the security assessment are as follows:

  • Limited time – The development cannot be proceeded during the security assessment of the codes.
  • Limited security policies – Risks such as leakage of the codes exist.
  • Limited budget – Hiring security experts costs a significant amount of the money.
  • Limited knowledge – In-depth knowledge in security is required to understand the result of the analysis.

Luniverse Security Assessment is a safe and convenient service that solves all the problems described above. This service provides a quick security assessment at any time developers want and provides an encryption feature to prevent leakage of the codes. In addition, Luniverse offers the service at a significantly reasonable price, compared to common security assessment services that need the human resource to be utilized. Luniverse also provides patch files to enable developers to easily fix the identified vulnerabilities even without security knowledge.

Using Security Assessment in Luniverse Console

  1. Click [Security Assessment] on the menu at the top of Luniverse Console.
  2. Click [Assessment List] on the left to go to the Assessment List page.
  1. Click [Create Assessment] in the upper right corner to go to the Create Assessment screen.
  1. Security Assessment provides three tabs that you can use depending on the type of file you request for security assessment.

    4-1. Past Code: Directly enter the source for Security Assessment.
    4-2. Upload Project: Upload a Solidity source file. (One or more files can be uploaded.)
    4-3. Upload Hashed Project: Upload encrypted source codes.

Download an encryption program to upload the Solidity source code in a format of the hashed project.

  1. Download and install a program supported in each operating system (MAC/Windows 32bit/Windows 64bit).
  2. Use the encryption program to compress the smart contract files.
  3. Click [Click to select upload .aegis file] to upload the compressed file.
  4. Click [Summit] to run Security Assessment.

Using Security Assessment with the Luniverse Atom IDE plug-in

Learn more about how to install the Luniverse Atom IDE plug-in in Developing Smart Contracts Using Atom IDE.

  1. Click [Create Audit] from the context menus displayed when you right-click on Atom Editor.
  1. When Security Assessment is done, the result will be displayed. The result shows the security level and also indicates the vulnerabilities in the levels of “Critical,” “High,” “Medium,” “Low,” and “Notes.”
  2. Click [Detail Report] to go to Luniverse Console and see the detailed report.

Viewing the Security Assessment Report

  1. The reports of Security Assessment that have been carried out so far are listed in the Assessment List screen.
  2. Click [Report] for the item you wish to see the security assessment report to go to the screen of the report.
  1. In the report screen, a list of the files where security assessments were performed and the security level of the contract are shown, as well as a list of vulnerabilities, which were found in the files, with the security levels.
  2. Select any file with vulnerabilities to see details.

(1) Issue Type: Shows the CWE number of the identified vulnerability. Click the number to go to the CWE Details page.
(2) Top 3 Vulnerabilities: Shows the top 3 vulnerabilities found in the file, which are listed in order of severity.
(3) Security Level: Indicates the security level of the contract on the right of the screen.
(4) The vulnerabilities found in the file are listed under Security Level. Click a vulnerability in the list of vulnerabilities to see the details of the vulnerability in the description section.
(5) Description: Shows the details of the selected vulnerability.

Using Security Assessment as a hashed project in MAC

  1. On the [Create Assessment] page, click [Upload Hashed Project] and download the encryption program [#for MAC]. The downloaded file will be saved as “sooho.pkg.”
  2. Click "sooho.pkg" to install the program.
  3. Launch a terminal program for Mac and execute the sooho command. Run the following commands to see the summary of how to use the commands.

$  sooho
CLI tool to interact with SOOHO

  @sooho/cli/0.3.3 darwin-x64 node-v10.12.0

  $ sooho [COMMAND]

  audit    Audit smart contract
  encrypt  Encrypt source code into hash file
  help     display help for sooho
  update   update the sooho CLI
  1. Go to the directory containing the smart contract file and check the file list.

$ ls
MintableNonFungibleToken.sol	contracts

$ ls contracts/
Augur.sol		      	IControlled.sol			factories			reporting
Controlled.sol			IController.sol			legacy_reputation		trading
Controller.sol			LegacyReputationToken.sol	libraries
  1. Create a file named “MintableNonFungibleToken.aegis” by running the command shown below.
$ sooho encrypt MintableNonFungibleToken.sol -a -s
✔ Parse files
✔ MintableNonFungibleToken.aegis has been created
  1. To encrypt the entire directory, enter the directory in the file path.
$ sooho encrypt contracts -a -s
✔ Parse files
✔ contracts.aegis has been created
  1. Upload the encrypted file from Luniverse Console.
    • For more information about how to upload an encrypted file from the console, refer to [Using Security Assessment in Luniverse Console] at the top of this page.

Updated 6 months ago

Using Security Assessment

Security Assessment is a security service that enables users to simply check vulnerabilities of contracts in real time and patch them without advanced knowledge about security.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.