CertiK has completed a Security Audit of IoTeX Project to secure Delegates Program
CertiK has recently completed a security audit for IoTeX, a leading project with the aim of building a privacy-centric blockchain platform for the Internet of Things (IoT) with strong scalability, privacy, isolatability and developability for incubating new IoT applications and ecosystems.
After CertiK successfully completed IoTeX’s token audit in 2018, this verification primarily focused on the implementation of the IoTeX Delegates Program, which defines how the network will reach consensus, incentivize network participation, and evolve sustainably over time.
In a nutshell, the smart contracts handle the implementations end-to-end, from registering candidates to the staking and voting mechanisms. It prototyped the ERC900 proposal and made significant upgrades for better quality and feasibility of the intentions.
Given the highly customized nature and important use case of the smart contract, CertiK assigned a group of 4 experts to review the fundamental design, hold discussions with the IoTeX team to strengthen the understanding of product philosophy under the hood, perform automated scans, and conduct Formal Verification over the source code to ensure the product works as intended under all possible scenarios without any tricky corner cases.
Here are some of the highlights:
- No vulnerabilities were found in the system during the auto scan or after smart-labeling the source code. This means the source code has been mathematically proven to be secure, indicating that the source code is of high quality with respect to security.
- The verification engine detected some of the designs described by CertiK smart labels to have discrepancies with the actual implementation. Some product-level improvements were identified and consensus was reached between the two teams.
- Because the critical components were written as smart contracts, it indicates that the IoTeX team prioritizes transparency by decreasing centralization. Their roadmap includes more services that will be converted into smart contracts with the vision of even greater autonomy.
CertiK leverages the latest and most advanced Formal Verification technology to deliver the most comprehensive and rigorous security audits in the blockchain space. Rather than merely checking for bugs and vulnerabilities, Formal Verification leverages rigorous mathematical theorems to check whether the source code of a program meets its specification, computing all possible scenarios and providing proof that it is impossible for the checked vulnerabilities to exist.
IoTeX leveraged CertiK’s audit reports and technical insights to enhance the overall design and security of their systems. The full audit report provided by CertiK can be accessed here.
About the Project
Founded as an open-source project in 2017, IoTeX’s mission is to build a decentralized trust fabric for a new era of collaboration and data exchange among devices, applications, and people. Backed by a global team of research scientists and top engineers, IoTeX combines blockchain, trusted hardware and edge computing to realize the full potential of IoT.
IoTeX is introducing token economy into IoT spaces, believing that crypto incentives, as well as community effort, are the two key forces to propel innovations in IoT space. At a high level, IoTeX’s competitive advantage stems from four main innovations:
- Blockchain-in-blockchain architecture which ensures privacy and prevents IoT information leakage;
- Built-in privacy based on lightweight cryptography;
- Real-time consensus with instant finality, which improves the throughput of the network, reduces transactional costs, and enables efficient cross-chain communication; and
- Subchain-as-a-service (SAAS) to facilitate fast prototyping and production of new IoT applications and ecosystems.
The primary problems with IoT security stem from a lack of ability to identify when a device is compromised, sensitive data leakage, and hackers controlling devices remotely. Designed and optimized for IoT, IoTeX uses state-of-the-art privacy, consensus, and sub-chain innovations to capture the full potential of IoT. By enabling trusted data, interoperability, and M2M automation, IoTeX bridges the physical and digital worlds and brings trusted machine economies to the masses, tackling the problems facing IoT security today.
CertiK is a blockchain and smart contract verification platform founded by top Formal Verification experts from Yale and Columbia University and former senior software engineers from Google and Facebook. Different from the traditional testing approaches, CertiK attempts to mathematically prove blockchain ecosystem and smart contracts are hacker-resistant and bug-free. CertiK’s key features include a layer-based decomposition approach, pluggable proof engine, machine-checkable proof objects, certified dApp libraries, and smart labeling.
Trusted by the security industry, CertiK has reached strategic partnerships with the world’s top Exchanges such as Binance, OKEx, and Huobi, as well as Public Chains such as NEO, ICON, and QuarkChain. CertiK is incubated and invested in by Binance Labs, along with other world’s leading investors such as DHVC, FBG Capital, Bitmain, and Lightspeed.