CertiK Review:Formal Verification Platform For Smart Contracts And Blockchain Ecosystems
Original article by EVALUAPE
For more reviews and information,please visit https://evaluape.io/share to download EVALUAPE APP.

A. Introduction
CertiK is a formal verification framework to mathematically prove that smart contracts and blockchain ecosystems are bug-free and hacker-resistant.
B. Industry
Taking the secure field of smart contracts and blockchain as the entry point, use formal verification to verify whether the smart contract and blockchain ecosystem are authentic and flawless. The number of blockchain projects has increased dramatically in 2017. Various problems caused by security vulnerabilities have emerged, and smart contract vulnerabilities gradually exposed. There are few existing security projects, and the verification forms are mainly manual verification, which have defects in both efficiency and effect with obvious pain points. Competing projects include Zeppelin, Quantstamp, etc., but these two established a decentralized platform for manual verification with limited development scale and efficiency and high threshold of security verification technology. So it is hard to appear strong competitors.
C. Mode
CertiK technology first determines what functions the code language implements through smart labels, and automatically adds smart labels to the source code through machine learning. It performs hierarchical decomposition to decompose and label each functional layer. Then it provides scalable validator access and single-module inspection results to integrate the results of single-module inspection without loss, so that the integrated verification results are not biased. Path: (1) It first relies on centralized verification service of CertiK’s own computing power. And then according to the complexity of the contract, different service fees are charged; (2) Through a decentralized security verification ecosystem, open source the verification module in the future, and use the computing power of community participants to jointly generate reports.
At the Yale, the team has already had a formalized verification of flawless, insurmountable operating system CertiKOS, which is used in intelligent driving system and security. CertiK is an extension of the CertiKOS system.
D. Economic model
The token CTK is used as a reward for obtaining services and providing verification on the platform. Specific token economic model has not been announced yet.
E. Technology
The technology has three characteristics, namely smart labeling (marking the smart contract code to ensure the process is reliable), proof engine (SMT solvers can analyze the label to get the restrictions in the running of the program. The start, update feedback and the invariants in the process can detect whether the process is normal. According to the state and generating condition of the invariant, the state of program running can be known. If the problem can be solved, solvers will also give counterexamples or tips), layer-based decomposition (CertiK applies decomposition based on abstraction layer, dividing a complex system into many small parts, which also refines the validation function, enabling CertiK to be used in a wider range of scenarios). At present, the Github code has not been released. The code of the future verification form part will open source, and the code of module parsing process will be closed. A demo version has been developed.
F. Team
A total of three core members are all from Zhong Shao’s FLINT group at Yale. Their goal is to study the security and reliability of software and programs. The project team has developed the anti-hacking operating system CertiKOS. These three people of the team all have published relevant research results and won awards with strong academic background. The five members of the technical team are software and data engineers from Google, Facebook, and FreeWheel. Three of them are from Yale University with and guaranteed technical level.
Ronghui Gu, a tenure-track Assistant Professor of Computer Science at Columbia University. He obtained his Ph.D. in Computer Science from Yale University and undergraduate degree from Tsinghua University. He is the primary designer and developer of CertiKOS.
Zhong Shao, Professor in the Department of Computer Science at Yale University, Professor of the “Masters’ Lecture” of University of Science and Technology of China, current director of the Joint Research Center of USTC-Yale Highly Trusted Software. He graduated from Princeton University and earned his Ph.D. in Computer Science. In recent years, his research has focused on developing new program verification theories and techniques with the goal of building a practical foundation for developing verified large-scale system software.
Vilhelm Sjöberg, Ph.D. in Computer Science from the University of Pennsylvania, associate research scientist at Yale University, expert in software verification, member of the FLINT group.
The project has acquired financing from Danhua Capital, FBG,Kenetic Capital,NGC,Lightspeed China, and Binance etc.
G. Community
Twitter 8931; Telegram 39454
H. Conclusion:
Project advantages: 1) Security issues are currently in just need on blockchain; 2) Strong Team skills; 3) Top institutions investment ;
Disadvantages: 1)Token economy is less innovative;2) Core code is not expected to be open source;3)Operations are generally normal.
Hype Score: Medium-High
Risk Score: Medium;
Investment Score: Medium-High
Total Score:8.0
All information in this article is provided for reference only and does not constitute investment advice.
For more reviews and information,please visit https://evaluape.io/share to download EVALUAPE APP.
About us
EVALUAPE is a platform for demonstration and evaluation of blockchain projects. We provide comprehensive database and professional evaluation of global blockchain projects with our extensive experiences, while adhering to the values of community culture, ultimately decentralizing the platform. We desire to become an international, professional and remarkable project evaluation platform.
