Since it is the end of the year, we are seeing several reports on blockchain projects. This latest report from MoveBit examines the Move ecosystem as well as other ecosystems. MoveBit is a sub-brand of Bitslab which is a security team focused on the Move ecosystem.
MoveBit has written both an article focused on Aptos and a 36 page Deep Dive Analysis report on Technical Innovations and Security Events in the Move Ecosystem. The article is a summary of some of the main points of the 36 page report. Both can be read below:
A Deep Dive Analysis A 2024 Comprehensive Review of Technological Innovations and Security Events in the Move Ecosystem
BitsLab Spotlight | 2024 Emerging Blockchain Ecosystems: A Comprehensive Overview and Security Research Report
Some of the main points of the Deep Dive Analysis article are as follows:
Integration of the Move Language:
- Aptos utilizes the Move programming language, which emphasizes security, resource management, and modular design, making it suitable for blockchain development.
- The Move language’s innovative features allow Aptos to enhance performance and scalability while minimizing common vulnerabilities like double-spending.
Technological Innovations:
- Aptos implements advanced technologies such as parallel execution engines, object-oriented design, and horizontal scaling. These innovations contribute to its performance and scalability in blockchain ecosystems.
Security Challenges and Fixes:
- In 2024, a significant memory pool Denial-of-Service (DoS) vulnerability was identified and rated as “High severity.” The issue was linked to an inadequate transaction eviction mechanism that could lead to up to 90% of valid transactions being rejected by nodes.
- MoveBit, a security auditing group, helped fix the issue, which was resolved in Aptos version v1.19.1. The Aptos team publicly acknowledged their contribution in the release notes.
Proactive Security Measures:
- Aptos emphasizes systematic optimization in areas like resource lifecycle management, permission control, and code auditing to mitigate risks associated with its technological complexity.
Ecosystem Development:
- Aptos, as a leading Move-based public blockchain, highlights the Move ecosystem’s ability to balance innovation with security through collaboration and timely vulnerability remediation.
Some of the main points of the BitsLab Spotlight report are as follows:
Architecture and Design:
- Aptos focuses on providing high-performance and highly secure blockchain infrastructure
- It employs a parallel execution engine that significantly enhances transaction throughput by processing multiple transactions simultaneously
- The platform features modular design capabilities allowing developers to customize and expand contracts according to their needs
- It emphasizes user-friendliness to lower entry barriers and attract more developers
Security Incidents:
- In June 2023, a critical denial-of-service (DoS) vulnerability was discovered in the Move Virtual Machine that could potentially cause network-wide crashes
- In September 2024, MoveBit identified and helped patch a high-severity mempool DoS vulnerability in the Aptos network. This issue could have resulted in up to 90% of valid transactions being rejected by nodes
- The Aptos team addressed the vulnerability in version v1.19.1 and acknowledged MoveBit’s contribution in their release notes
The report also notes that BitsLab, through its sub-brand MoveBit, has emerged as an early contributor to the Aptos ecosystem, with their security solutions now covering over 80% of projects in the Move ecosystem.