On the 3rd of March, 2017 NeoAuth posted its update for February. It was a very busy month for NeoAuth, as it saw new team members and advisors joining the NeoAuth team. February’s focus was to complete new website and logo designs and to begin work on the v2 smart contract and node, as well as the security audit by the NEO security team, Red4Sec.
NeoAuth gained 5 new team members in February: Jeroen Peeters; developer, Bryan Matthews; designer, Chris Hager, who is the current CTO of Red Pulse; advisor, Tom Sauders, a CoZ, NEX, and neo-python creator; advisor. The NEO security team Red4Sec also joined the NeoAuth advisory team.
Results of the Red4Sec Security Audit
Red4Sec carried out a security audit on the NeoAuth codebase and the findings were very positive for NeoAuth – although there are open security issues of block sniffing, JWT secret emphasis and increased smart contract storage usage on NeoAuth’s node-core Github page. As a solution for these security issues, Red4Sec advised to stop storing login proofs within the smart contract, as this would remove the need for additional storage as more people use the NeoAuth service. Also, the removal of login data from smart contracts will stop attackers from blocking login attempts. To resolve the emphasis on JWT secret, the second iteration of the NeoAuth Node will use a RSA signature to sign JWT tokens, which will improve the application’s security and end its reliance on JWT secret.
NeoAuth also released a public Trello board to track work, you can see it here.
For the rest of the year, NeoAuth has identified two important challenges it will contend with: finding a revenue model that can work within a NEO smart contract, and the funding for its growing NeoAuth team.
By Matthew North