Cardstack Smart Contract Passes Two Security Audits, Reaches Milestone

We are officially open-sourcing our smart contract code.

The Cardstack Token Smart Contract is the mechanism by which people may contribute to Cardstack’s crowd fundraiser and receive Cardstack Tokens (CARD). This smart contract has been in development since last August (see GitHub history). It’s what makes our Token Generation Event possible, and is the main entry point into the Cardstack community.

Security and transparency are two of Cardstack’s core values. With that said, we’re very pleased to announce that the Cardstack Token Smart Contract has now passed two security audits by a world renowned security research firm. The first security audit was completed late 2017, and the second was completed in March 2018. Each audit found no major security issues — the only findings were minor, with no material impact on the security of our token. We have already incorporated the research firm’s findings into our smart contract code.

At this point, we’re proud to officially open-source our audited smart contract code. This includes two of the functionalities we’ve described in previous blog posts — upgradable contracts and token vesting. This smart contract is an important first step in the ultimate road toward the fully realized vision of the Cardstack token ecosystem, as well as the Tally protocol.

In the near future we’re developing an approach to implement non-fungible token mechanisms, which will power our Software and Services Coupon (SSC), a non-tradable intermediary token pegged to USD that meters users’ software usage and denominates the reward for makers. We also plan to implement a staked voting mechanism, which will allow Cardstack users to stake CARD tokens to participate in voting. Our current smart contract is an important stepping stone toward the implementation of these features.

Finally, we’ll be starting a bug bounty program. We encourage you to report any issues you discover in our smart contract—Ether rewards will be available depending on the magnitude of the issue. More details will be announced shortly, but in the meantime please report issues to security@cardstack.com.

We’re very excited about our progress, and look forward to sharing more with you as we hit the next milestones. Thank you, as always, for your support.


Join our community

To learn more about Cardstack, visit https://cardstack.com.

Join the Cardstack community channel on Telegram at https://t.me/cardstack


Illustration: Chris Gardella for Cardstack.