Unlike traditional approaches to testing, CERTIK is trying to mathematically prove and check the ecosystem of the blockcha. Smart contracts are checked for resistance to hacker attacks and on the content of errors. CERTIK key functions include an expansion-based approach, a plug-in check mechanism, verified by machine check objects, certified DAPP libraries and intelligent labeling.
Since the appearance of the technology of the blockchain, there have been several catastrophic in their consequences of hacking smart contracts, which emphasized the importance of ensuring Security blockchain projects.
To date, more than 2 billion dollars were kidnapped as a result of attacks on Smart Contracts. In one of the most famous examples, hacking a major crowdfining project, DAO, led to losses in the amount of more than 50 million US dollars. For several months, such hacks continued, which led to a decrease in the confidence in the world of the blockcha.
Recently, the conduct of additional tests and security checks helped limit the number of hacks, and thereby restore confidence in the crypto community. For example, the BLOCKExplorer for Ethereum - Etherscan has 17 recommended security audit service providers, including CERTIK, which is the main platform for auditing smart contracts.
There are 3 types of critical errors, 2 types of medium level errors, and many low priority errors. Some of the newly identified problems are mentioned below:
one.Non-control burning of tokenes. Consequences - critical
Symptom: As soon as the user A enables the use of tokens B 1, the user b will be able to drain / write all the other tokens from the user A due to improper implementation of the function.
2.Unlimited emission. Consequences - critical Symptom: The owner of the contract can issue an unlimited amount of tokens. This puts at the threat of tokens holders, since the cost of the tokens in their hands can decrease as the proposal increases. This fragment is difficult noticeable by smart contract. It can also lead to fraud.
3.Emissions when transferring tokens. Consequences - critical
Symptom: The contract owner can issue an unlimited amount of tokens through an integer overflow or during token.
four.Token Sirota. Consequences - Middle
Symptom: The transfer of ownership is carried out in improperly. The contract may lose its owner when transferring property rights. As a result, the contract can become inconsolable, and no one has permission to administer it.
five.Insufficient accrual of tokens when removing funds from an account. Consequences - Middle
Symptom: The user receives less tokens when deriving funds than it would be due to the problem of integer overflow.
Certik was the first one who presented the Deeppspec technology (studied in collaboration with MIT, Yale University, Princeton University and the University of Pennsylvania), and has already completed the formal audit of smart contracts for several leading development blocks. The project specialists have created the world's first in the world the parallel Certikos operating system that is patented in the United States and is widely used in various fields, from scientific circles to corporate programs.
In the fall of 2018, the Certik project received funding in the amount of several million dollars from Binance Labs.
BINANCE LABS - playground created by Binance, one of the largest and most popular cryptocurrency exchanges in the world.
Investments Binance Labs in Certik indicate how important formal verification in the blockchain industry projects. This confirms the recognition of the unique advantage of CERTIK with its proven technology.
Ella Zhang, General Director of Binance Labs, said: "Certik mathematically checks the security of smart contracts. Safety is a critical problem with which we face in the blockchain ecosystem. Certik technology allows you to bypass the restrictions of manual detection of vulnerabilities ".
Strategic partnership CERTIK and IotEx
Certik conducted security audit for IOTEX, a leading developer creating confidential-oriented blockchain platform for Internet (IoT) with high scalability, confidentiality.
Some of the main points of the audit:
- During automatic scanning of smart source markers, there were no vulnerabilities in the system. This means that the source code was mathematically proves as a safe, Igorithi that the source code has high quality in terms of safety.
- The test mechanism found that some tasks described by CERTIK smart labels are discrepancies with actual implementation. Some improvements at the product level were identified, and a consensus was reached between the two project teams.
- Many critical components were recorded in Smart Contracts, this indicates that the IOTEX team gives priority to a reduction in the project centralization.
Ireex used CERTIK audit reports and technical knowledge to improve the overall design and security of its network. Full and detailed audit report provided by Certik, is available here.