CertiK (CTK)

From CryptoWiki

CertiK
Total supply1.000.000.000
Websitehttps://certik.org/

 Basics

History

Audits & Exploits

"Only the Quantstamp audit really seemed to check the details. Makes the Certik and Peckshield audits seem a little hollow. It is interesting to read all three as they review the same code."

  • Once again got called out for a 'weak audit' by DeFi Safety (17-6-2021):

"Certik did an audit on them on April 6th 2021. It is a very simple audit that does not even mention finance aspect, the bridge. As such 20% is deducted to 50% final score. Nerve.fi was launched March 1st 2021." With the comment: "No testing, No documentation, and a weak audit."

Bugs/Exploits

  • Certik prevented a potentially disastrous $5 million exploit in the Wormhole cross-chain bridge by identifying a critical bug (14-5-2024).
  • Multiple projects have been hacked after going through audits done by Certik (12-11-2020).
  • Certik audited the later hacked code (20-7-2021) of Spartan Protocol, Akropolis and Saddle.

Governance

Admin Keys

DAO

Token

Launch

Token allocation

Utility

Token Details

"CertiK employs a mix of automation and human review in its revolutionary modular/layer-based approach – Layered Deep Specifications – which uses a decomposition technology to scale the verification process by breaking the proof task into smaller proof obligations.

This is achieved by utilizing different components to perform the proofing tasks:

  1. Smart labeling is used to identify the structure of any system after which layer-based decomposition kicks in.
  2. Code which can be verified automatically, via algorithms, goes through proof engines and mechanized proof objects, yielding verification certificates which can be broadcasted on the decentralized network as transactions.
  3. The Certified DApp libraries facilitate the development of secure DApps by providing verified libraries and plugins which cost CTK tokens (the CertiK Network’s native token).
  4. Finally, for systems which require high levels of verification, the human element is introduced via the customized certification services component, where experts review the code and deliver comprehensive reports."

Stablecoin

Tech

  • Whitepaper can be found [insert here].
  • Code can be viewed [insert here].
  • Built on: its own custom blockchain, the CertiK Chain.
  • Programming language used: "a custom programming language called DeepSEA, which is engineered to make formal verification — a mathematical demonstration that the code does what it’s supposed to — into a largely automated process." (26-10-2020).

Transaction Details

How it works

"The CTK ecosystem, as a whole, utilizes what the team calls the Proof-of-Proof (PoP) mining scheme to incentivize the community, by rewarding them on the basis of five roles within the network:

  1. Customers: Submit proof requests, associated with any program, system, or code, which require verification along with the offer of CTK incentives.
  2. Bounty hunters: Provide the computational power for the decomposition process, after which they construct and broadcast proof objects.
  3. Checkers: Verify submitted proof objects and record transactions for CTK incentives, which they split with the bounty hunters who constructed the proof objects.
  4. Sages: Create proof engines (algorithms), which can be used by bounty hunters.
  5. Users: Can benefit from certified libraries and plug-ins (which cost CTK), to create their own secure DApps and systems."

Fee Mechanism

Upgrades

Staking

Liquidity Mining

Scaling

Different Implementations

Interoperability

"The blockchain also carries an interoperability focus through the concept of Security Oracles, which provide real-time analysis of smart contracts on other blockchains. The company says that the feature can be used by smart contracts on other blockchains to assess the security of their peers."

Other Details 

"The company is also organizing an insurance mechanism to cover any loss of funds from hacks, called CertiKShield."

Oracle Method

"The blockchain also carries an interoperability focus through the concept of Security Oracles, which provide real-time analysis of smart contracts on other blockchains. The company says that the feature can be used by smart contracts on other blockchains to assess the security of their peers. If the oracle deems the target smart contract to be unsafe, developers may choose to avoid interacting with it on the fly.

The oracles will work through a system of customers and operators. End users or developers who wish to understand the level of security of a particular contract will submit a request, funded with the blockchain’s CTK tokens. The operators behind the oracles will then conduct the analysis and publish the results on-chain."

Privacy Method

Their Other Projects

Blockchain Security Leaderboard (renamed Skynet)

"There are a few things with Certik that should concern the public.  First, most of their ratings are clients.  They are not independant.  They are getting paid to do the ratings.  This might answer why so many ratings are high.  The lowest score they have is 65.  Next they don't give full transparency on how the score is created.  For these reasons, I am not sure of the value of their skynet ratings."

Roadmap

  • Can be found [Insert link here].

Usage

  • Clients and Partners according to their website (12-6-2020):

TrueUSD, Crypto.com, Celer, Terra, NEO, ICON, NKN, Contentos, QuarkChain, IoTex, Qtum, Universal Protocol, ONTology, Waves, Ocean.

"Our team has conducted 250+ audits across all major protocols and is trusted as the recommended blockchain and smart contract audit provider by top exchanges like Binance, OKEx, and Huobi."

  • Did an audit on Tellor.
  • Was one of the two auditors of the bZx relaunch, it got hacked within a week (14-9-2020).
  • Did an audit on Lien Finance and helped out with the subsequent whitehack after a vulnerability of 25.000 ETH was found by Samczsun (25-9-2020).
  • Akropolis got hacked for $2M. From Rekt (12-11-2020):

"Akropolis is an unwelcome addition to the growing list of projects that they have audited before an exploit. bZx, LienHarvest, and now Akropolis. A completed security audit should never be taken as a guarantee of safety, but a Certik audit certainly carries less weight than it used to..."

"claims to have over 1,000 clients, including Aave, Polygon, Yearn, and Binance. It claims to have secured $70 billion worth of digital asset value. The firm's top five markets include the U.S., Europe, China, Singapore, and Korea, said Hok, adding that CertiK also serves non-crypto clients, including Ant Financial and Hyundai."

Projects that use or built on it

Pros and Cons

Pros

From this ICO website (17-6-2018):

  • "Partnership with Nebulas to provide smart contract security verification for DApps built on the platform. CertiK also have another partnership with IoT security infrastructure project IOTex.
  • Both the current and future market size is significant. For example, in a blog post the team show how the CertiK platform could have been used to easily highlight the simple code vulnerability that led to a $1 billion loss in Beauty Chain's valuation. Another example is the massive DAO hack that led to Ethereum hard forking into ETC and ETH. More recently, a bug was discovered in the ICON smart contract that prevented token transfers from ERC-20 to ICON coins - the same bug found previously in the Yggdrash project. Furthermore, researchers estimate over 34,000 Ethereum smart contracts currently contain exploitable bugs, plus the amount of smart contracts has grown from 100,000 to 1 million from 2016-2017. Given these facts and the rate of cryptocurrency proliferation, it's hard to see how platforms like Certik will not become an essential part of future ecosystem development.
  • Social and community aspect is quite strong, with a 20,000+ strong Telegram, a few hundred YouTube subscribers, 800+ Twitter followers and a fairly active Medium.
  • The 3 team leaders have very strong academic credentials, holding 3 PHDs from Yale between them. They also developed CertiKOS, the world’s first fully verified concurrent OS kernel.
  • On average, formal verification of smart contracts and blockchain code costs $100,000. So, unlike a lot of projects, CertiK has a revenue model to fund future development. Especially when you consider it is estimated there will be 10 million DApps in use within the next 2 years! [this did not happen]
  • The CTK token is at the center of the ecosystem with a variety of functions - see whitepaper for details. Thus, value should appreciate with network adoption."

Cons

  • Multiple researchers and Certik customers complained about their work (25-6-2024).
  • Certik got itself in a mess when it claimed to have whitehacked Kraken. It became a back and forth but this is the summary (20-6-2024):

"They did over 30 separate withdrawals from Kraken totalling $3m+ over 5+ days. They dumped assets. They sent and received from instaswappers. They withdrew to XMR and swapped to and from XMR. They used 3 Kraken accounts and a pile of onchain accounts and didn't disclose them. These are NOT whitehats or security researchers. These are cocky motherfucking blackhats who got caught."

  • Once again got called out for a 'weak audit' by DeFi Safety (17-6-2021):

"Certik did an audit on them on April 6th 2021. It is a very simple audit that does not even mention finance aspect, the bridge. As such 20% is deducted to 50% final score. Nerve.fi was launched March 1st 2021." With the comment: "No testing, No documentation, and a weak audit."

"Only the Quantstamp audit really seemed to check the details. Makes the Certik and Peckshield audits seem a little hollow. It is interesting to read all three as they review the same code."

  • Multiple projects have been hacked after going through audits done by Certik (12-11-2020).
  • From this ICO website (17-6-2018):
  1. "There is competition from established projects like Quantstamp and Zeppelin. However, the solutions from both projects - and others in the space - are very human intensive and do not involve much automation, so they are far less scaleable than CertiK. So, despite this minor con, we think CertiK has a good chance to become a dominant player.
  2. The only social aspect that could use improving is the Sub Reddit, with currently only 2 subscribers! Since Reddit has a massive cryptocurrency community, this is an important - but often overlooked - community that needs development. Especially given how much the platform relies on community contribution.
  3. There is currently no further details on any of the other team members or advisers, plus none of the current team have any listed experience developed blockchain projects. Though given their technical credentials we do not see this as a major con.
  4. The roadmap is does not go any further than June 2018, so it would be good to see this updated. It also states that by April they are aiming for 10 partners, with a further 20 by June. However, other than what is listed above we could not find evidence of any other partners. So either the team have failed to meet their targets or have not publicized yet.
  5. No public GitHub repositories to judge development progress so far. Whilst there are some demo videos and code snippets available online and it does look as though development is going well, there is no demo available for testing so we cannot fully verify this."

Competition

Coin Distribution

Team, Funding, Partnerships, etc.

Team

Funding

Certik Ventures

  • Announced itself with a $45M funding launch (19-9-2024):

"CertiK is now valued at $2B, making us the highest-valued Web3 security company. Backed by leading investors such as Insight Partners, Sequoia Capital, Tiger Global, and Goldman Sachs."

Partners 

(:

Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!

Making these free wiki pages is fun but takes a lot of effort and time.

If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.

ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31