Difference between revisions of "CertiK (CTK)"
wiki_crypto>Zeb.dyor |
m (1 revision imported) |
(No difference)
|
Revision as of 08:48, 23 January 2022
Total supply | 1.000.000.000 |
---|---|
Website | https://certik.org/ |
Basics
- Based in: New York
- Founded in: 2017
- Mainnet release:
- A software security company active in the blockchain sector.
History
Audits & Exploits
- Bug bounty program can be found [insert here].
- From DeFi Safety, when discussing audits on 88mph (15-4-2021):
"Only the Quantstamp audit really seemed to check the details. Makes the Certik and Peckshield audits seem a little hollow. It is interesting to read all three as they review the same code."
- Once again got called out for a 'weak audit' by DeFi Safety (17-6-2021):
"Certik did an audit on them on April 6th 2021. It is a very simple audit that does not even mention finance aspect, the bridge. As such 20% is deducted to 50% final score. Nerve.fi was launched March 1st 2021." With the comment: "No testing, No documentation, and a weak audit."
Bugs/Exploits
- Multiple projects have been hacked after going through audits done by Certik (12-11-2020).
- Certik audited the later hacked code (20-7-2021) of Spartan Protocol, Akropolis and Saddle.
Governance
Admin Keys
DAO
Token
Launch
Token allocation
Utility
- A utility token with reward aspects.
Token Details
- From this article (23-5-2018):
"CertiK employs a mix of automation and human review in its revolutionary modular/layer-based approach – Layered Deep Specifications – which uses a decomposition technology to scale the verification process by breaking the proof task into smaller proof obligations.
This is achieved by utilizing different components to perform the proofing tasks:
- Smart labeling is used to identify the structure of any system after which layer-based decomposition kicks in.
- Code which can be verified automatically, via algorithms, goes through proof engines and mechanized proof objects, yielding verification certificates which can be broadcasted on the decentralized network as transactions.
- The Certified DApp libraries facilitate the development of secure DApps by providing verified libraries and plugins which cost CTK tokens (the CertiK Network’s native token).
- Finally, for systems which require high levels of verification, the human element is introduced via the customized certification services component, where experts review the code and deliver comprehensive reports."
Stablecoin
Tech
- Whitepaper can be found [insert here].
- Code can be viewed [insert here].
- Built on: its own custom blockchain, the CertiK Chain.
- Programming language used: "a custom programming language called DeepSEA, which is engineered to make formal verification — a mathematical demonstration that the code does what it’s supposed to — into a largely automated process." (26-10-2020).
Transaction Details
How it works
- From this article (23-5-2018):
"The CTK ecosystem, as a whole, utilizes what the team calls the Proof-of-Proof (PoP) mining scheme to incentivize the community, by rewarding them on the basis of five roles within the network:
- Customers: Submit proof requests, associated with any program, system, or code, which require verification along with the offer of CTK incentives.
- Bounty hunters: Provide the computational power for the decomposition process, after which they construct and broadcast proof objects.
- Checkers: Verify submitted proof objects and record transactions for CTK incentives, which they split with the bounty hunters who constructed the proof objects.
- Sages: Create proof engines (algorithms), which can be used by bounty hunters.
- Users: Can benefit from certified libraries and plug-ins (which cost CTK), to create their own secure DApps and systems."
Fee Mechanism
Upgrades
Staking
Liquidity Mining
Scaling
Different Implementations
Interoperability
- From Cointelegraph (26-10-2020):
"The blockchain also carries an interoperability focus through the concept of Security Oracles, which provide real-time analysis of smart contracts on other blockchains. The company says that the feature can be used by smart contracts on other blockchains to assess the security of their peers."
Other Details
- From Cointelegraph (26-10-2020):
"The company is also organizing an insurance mechanism to cover any loss of funds from hacks, called CertiKShield."
Oracle Method
- From Cointelegraph (26-10-2020):
"The blockchain also carries an interoperability focus through the concept of Security Oracles, which provide real-time analysis of smart contracts on other blockchains. The company says that the feature can be used by smart contracts on other blockchains to assess the security of their peers. If the oracle deems the target smart contract to be unsafe, developers may choose to avoid interacting with it on the fly.
The oracles will work through a system of customers and operators. End users or developers who wish to understand the level of security of a particular contract will submit a request, funded with the blockchain’s CTK tokens. The operators behind the oracles will then conduct the analysis and publish the results on-chain."
Privacy Method
Their Other Projects
Blockchain Security Leaderboard (renamed Skynet)
- Has its own leaderboard where it gives projects ratings. However, most of these are their own clients. As DeFi Safety says (17-6-2021):
"There are a few things with Certik that should concern the public. First, most of their ratings are clients. They are not independant. They are getting paid to do the ratings. This might answer why so many ratings are high. The lowest score they have is 65. Next they don't give full transparency on how the score is created. For these reasons, I am not sure of the value of their skynet ratings."
Roadmap
- Can be found [Insert link here].
Usage
- Clients and Partners according to their website (12-6-2020):
TrueUSD, Crypto.com, Celer, Terra, NEO, ICON, NKN, Contentos, QuarkChain, IoTex, Qtum, Universal Protocol, ONTology, Waves, Ocean.
"Our team has conducted 250+ audits across all major protocols and is trusted as the recommended blockchain and smart contract audit provider by top exchanges like Binance, OKEx, and Huobi."
- Did an audit on Tellor.
- Was one of the two auditors of the bZx relaunch, it got hacked within a week (14-9-2020).
- Did an audit on Lien Finance and helped out with the subsequent whitehack after a vulnerability of 25.000 ETH was found by Samczsun (25-9-2020).
- Akropolis got hacked for $2M. From Rekt (12-11-2020):
"Akropolis is an unwelcome addition to the growing list of projects that they have audited before an exploit. bZx, Lien, Harvest, and now Akropolis. A completed security audit should never be taken as a guarantee of safety, but a Certik audit certainly carries less weight than it used to..."
"claims to have over 1,000 clients, including Aave, Polygon, Yearn, and Binance. It claims to have secured $70 billion worth of digital asset value. The firm's top five markets include the U.S., Europe, China, Singapore, and Korea, said Hok, adding that CertiK also serves non-crypto clients, including Ant Financial and Hyundai."
Projects that use or built on it
Pros and Cons
Pros
From this ICO website (17-6-2018):
- "Partnership with Nebulas to provide smart contract security verification for DApps built on the platform. CertiK also have another partnership with IoT security infrastructure project IOTex.
- Both the current and future market size is significant. For example, in a blog post the team show how the CertiK platform could have been used to easily highlight the simple code vulnerability that led to a $1 billion loss in Beauty Chain's valuation. Another example is the massive DAO hack that led to Ethereum hard forking into ETC and ETH. More recently, a bug was discovered in the ICON smart contract that prevented token transfers from ERC-20 to ICON coins - the same bug found previously in the Yggdrash project. Furthermore, researchers estimate over 34,000 Ethereum smart contracts currently contain exploitable bugs, plus the amount of smart contracts has grown from 100,000 to 1 million from 2016-2017. Given these facts and the rate of cryptocurrency proliferation, it's hard to see how platforms like Certik will not become an essential part of future ecosystem development.
- Social and community aspect is quite strong, with a 20,000+ strong Telegram, a few hundred YouTube subscribers, 800+ Twitter followers and a fairly active Medium.
- The 3 team leaders have very strong academic credentials, holding 3 PHDs from Yale between them. They also developed CertiKOS, the world’s first fully verified concurrent OS kernel.
- On average, formal verification of smart contracts and blockchain code costs $100,000. So, unlike a lot of projects, CertiK has a revenue model to fund future development. Especially when you consider it is estimated there will be 10 million DApps in use within the next 2 years! [this did not happen]
- The CTK token is at the center of the ecosystem with a variety of functions - see whitepaper for details. Thus, value should appreciate with network adoption."
Cons
- Multiple projects have been hacked after going through audits done by Certik (12-11-2020).
- From this ICO website (17-6-2018):
- "There is competition from established projects like Quantstamp and Zeppelin. However, the solutions from both projects - and others in the space - are very human intensive and do not involve much automation, so they are far less scaleable than CertiK. So, despite this minor con, we think CertiK has a good chance to become a dominant player.
- The only social aspect that could use improving is the Sub Reddit, with currently only 2 subscribers! Since Reddit has a massive cryptocurrency community, this is an important - but often overlooked - community that needs development. Especially given how much the platform relies on community contribution.
- There is currently no further details on any of the other team members or advisers, plus none of the current team have any listed experience developed blockchain projects. Though given their technical credentials we do not see this as a major con.
- The roadmap is does not go any further than June 2018, so it would be good to see this updated. It also states that by April they are aiming for 10 partners, with a further 20 by June. However, other than what is listed above we could not find evidence of any other partners. So either the team have failed to meet their targets or have not publicized yet.
- No public GitHub repositories to judge development progress so far. Whilst there are some demo videos and code snippets available online and it does look as though development is going well, there is no demo available for testing so we cannot fully verify this."
- From DeFi Safety, when discussing audits on 88mph (15-4-2021):
"Only the Quantstamp audit really seemed to check the details. Makes the Certik and Peckshield audits seem a little hollow. It is interesting to read all three as they review the same code."
- Once again got called out for a 'weak audit' by DeFi Safety (17-6-2021):
"Certik did an audit on them on April 6th 2021. It is a very simple audit that does not even mention finance aspect, the bridge. As such 20% is deducted to 50% final score. Nerve.fi was launched March 1st 2021." With the comment: "No testing, No documentation, and a weak audit."
Competition
Coin Distribution
Team, Funding, Partnerships, etc.
Team
- Full team can be found here (12-6-2020). Their team page says they are coming from a whole slew of big name universities and companies, including Yale, Columbia University, Princeton, NYU, Duke University, Google, Oracle, Microsoft, HP, Comcast and Samsung.
- Professor Ronghui Gu; CEO & Co-founder, a computer science professor at Columbia University
- Zhaozhong Ni; CTO
- Georgios Delkos; the engineering lead
- "The firm's current headcount is 100, and it plans to double the team size in the upcoming year, Hok told The Block." (15-7-2021).
Funding
- Has millions (8-10-2018) in funding from Binance Labs.
- Has had contributions from NEO Global Capital.
- Is part of the portfolio (20-4-2020) of Consensus Lab.
- Raised $37M in Series B (15-7-2021). The firm raised $11 million just under a year ago. "CertiK's H1 2021 revenue was more than four times the total revenue earned by the company in 2020."
- Raised $24 million in an extension of its Series B fundraising round led by Tiger Global and GL Ventures (17-8-2021).
Partners
- Partner of Swipe, according to it's website (10-4-2020)
- Is selected as a partner (23-9-2020) for auditing Binance Smart Chain and projects building on that platform.
- Is mentioned as a partner on Ontology's website (2-11-2020).
(:
Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!
Making these free wiki pages is fun but takes a lot of effort and time.
If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.
ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31
Also check out CoinTr.ee for more content.