CertiK has conducted a security audit for Airbloc
CertiK has successfully conducted a security audit for Airbloc, a consent-based real-time personal data exchange platform, over their token based smart contract.
The Audit Process
The purpose of this audit is to make sure the to-be-verified smart contracts are robust enough to avoid potential unexpected loopholes and immune to classical security issues. The project went through 2 rounds of iterations without any high impact vulnerabilities found, while several low-impact ones were revealed and coding recommendations were brought to Airbloc team for potential enhancements. We are glad to see the quick response from the client and also the later on commits regarding the issues we addressed.
CertiK team has applied a suite of technologies over the source code including the proprietary formal verification by applying smart labels, together with traditional testing, static analysis and model checkings. With the final update of source code and delivery of the audit report, we conclude that the contract is not vulnerable to any classically known anti-patterns or security issues. We appreciate that Airbloc team’s efforts on developing the smart contract, as well as seeking multiple opinions before the mainnet release for better quality and bigger responsibility to its supporters and token holders.
Here is a highlight over the `Zero Owner` issue found in the source code. Basically, `transferOwnership` is considered as a double-bladed sword, an easy mistake, like providing a wrong address for the new owner, will deprive the owner and orphan the administrative authority such as token lock/unlock. Though the likelihood is rare as those operations shall be carefully handled by the client team, we suggested to either have a list of owners (one primary and the rest for backup), or a step further to have a multisig smart contract handling privileged operations over the smart contract.
During the initial iteration, we found some low-impact CertiK’s Formal Verification engine concluded that although highly unlikely, Airbloc smart contract had a subtle bug that could cause undesired behavior.
A word from Airbloc
We chose CertiK as a preferred partner to audit Airbloc’s token contract because of their sophisticated verification framework. We were particularly impressed by their thorough assessments which helped to ensure that Airbloc’s token contract was trustworthy and free from security vulnerabilities.
Lee-On | Chief Strategy Officer of Airbloc
Airbloc is a consent-based real-time personal data exchange platform. A project that aims to realize true enterprise adoption, it has formed partnerships with industry-leading companies such as Hankyung (Korea’s 2nd Largest Financial Newspaper) and Battle Comics (Korea’s 2nd Largest Comics Platform with over 1M users). For its promising technology, Airbloc gained funding support by leading renowned traditional and blockchain institutions such as Messaging Giant LINE Corporation’s Blockchain Venture Fund, Huobi Capital, and OKEX Capital, Bgogo, Fenbushi Digital, and many more.
Airbloc aims return data ownership back to individuals, allow applications to collect and monetize data legitimately, and allow enterprises to exchange explicitly consented data with an auditable source of provenance for their business intelligence, research, and targeted marketing purposes.
Airbloc is a Reverse ICO completed back in June 2018 led by a leading Korean big data data company, Airbridge, that was recognized in 2016 as a promising technology company by the South Korean government. Since 2016, the company has been tracking the data of over 50M devices equivalent to 2/3 of the entire Korean mobile population through its big data analytics. The company behind Airbloc was awarded by KB Kookmin Card, Korea’s largest credit card company in July 2018 as the top 10 promising technological companies in Korea with expertise in big data infrastructure.
CertiK is the premier blockchain and smart contract verification platform, founded by top Formal Verification experts from Yale and Columbia University and former senior software engineers from Google and Facebook. Different from the traditional testing approaches, CertiK attempts to mathematically prove blockchain ecosystems and smart contracts are hacker-resistant and bug-free. CertiK’s key features include a layer-based decomposition approach, pluggable proof engine, machine-checkable proof objects, certified dApp libraries, and smart labeling.
Trusted by the security industry, CertiK has reached strategic partnerships with the world’s top digital asset exchanges such as Binance, OKEx, and Huobi, as well as Public Chains such as NEO, ICON, and QuarkChain. CertiK is incubated and invested in by Binance Labs, along with other world’s leading investors such as DHVC, FBG Capital, Bitmain, and Lightspeed.
To request the audit/verification of your smart contracts, please send an email to email@example.com or visit certik.org to submit the request.
To read more articles from CertiK: