CertiK completed a security audit of Blockcloud project, a new service-centric blockchain architecture to systematically address the mobility, scalability, trust, security, fairness and incentive problems faced in daily life. Blockcloud is also the first project being launched on OK Jumpstart, the official token sale platform of OKEx. The token sale date will be on April 10, 2019.
CertiK, as Blockcloud’s designated security partner and the official auditor of $BLOC token, is delighted to congratulate the Blockcloud team for passing the rigorous Formal Verification process with a remarkable score.
The Audit Process
Blockcloud system is built on the ERC20 standard and strictly followed common practices, meanwhile it utilized a time lock mechanism built which controls the vesting process for beneficiaries, where it truly indicates the client put transparency on top of the missions.
The CertiK team analyzed Blockcloud smart contracts by pairing cybersecurity experts with the advanced Formal Verification engine. Rather than merely identifying bugs and vulnerabilities, Formal Verification ensures that the code is constructed in a manner that is immune to these vulnerabilities and fulfill the functional correctness. Formal Verification leverages mathematical theorems to determine that the source code of a program meets its intended specifications, computing all possible scenarios and providing empirical proof that it is impossible for the checked vulnerabilities to exist.
Some of the Highlights:
- During the first iteration, the CertiK team had found an issue in the lock up mechanism where the beneficiary was able to receive an amount that exceeds its own token balance. The Blockcloud team actively engaged with the CertiK and fixed the issue in a timely manner.
- In the final iteration, the CertiK verification engine, together with manual review experts, concluded that there were no vulnerabilities found in the system. We conclude that BlockCloud Token shall launch in a well-tested and secure state, is not vulnerable to any known antipatterns or bugs, and the risk is likely very low.
After the verification and review process, CertiK provided a comprehensive Audit Report. The report detailed source code remediations to improve security. Blockcloud immediately leveraged CertiK’s audit reports and technical insights to enhance the overall security of their systems.
Overall, the experts from the CertiK team indicated that the code was well maintained, fully documented, and thoughtfully designed. The full audit report provided by CertiK can be accessed here.
About the Project
Blockcloud is a blockchain-based advanced TCP/IP that improves and upgrades the existing internet. Combining the advantages of blockchain and future internet technology, it reconstructs the technology layers below where current blockchain networks and internet application operate.
Blockcloud serves as the “building block” to provide constant connectivity for dynamic networks, aiming to provide better mobility, credit credibility, inventives, security, fairness and scalability to upper-layer applications. Blockcloud’s current application scenarios include:
- Internet of Vehicles (IoV) — an application of IoT within transportation, which combines Service-centric Networking (SCN) and Blockchain technology, enables superior connectivity and mobility, and provides decentralized trust as well as fair economic incentives.
- Smart Healthcare — an open, credible and fair incentive data system for all healthcare IoT devices, ensuring the privacy and security of data circulation.
- Smart Home — an application that allows all smart devices to securely access the decentralized blockchain and enables smart devices in different homes to communicate and coordinate directly.
- Edge Computing — a technology that verify the authenticity and effectiveness of the node service at a very low cost.
- Sharing Economy — a decentralized technical system which guarantees factors such as the authenticity of credit information, the reliable and secure authorization of shared resources and the speed of the fee settlement.
CertiK is a blockchain and smart contract verification platform founded by top Formal Verification experts from Yale and Columbia University and former senior software engineers from Google and Facebook. Different from the traditional testing approaches, CertiK attempts to mathematically prove blockchain ecosystems and smart contracts are hacker-resistant and bug-free. CertiK’s key features include a layer-based decomposition approach, pluggable proof engine, machine-checkable proof objects, certified dApp libraries, and smart labeling.
Trusted by the security industry, CertiK has reached strategic partnerships with the world’s top Exchanges such as Binance, OKEx, and Huobi, as well as Public Chains such as NEO, ICON, and QuarkChain. CertiK is incubated and invested in by Binance Labs, along with other world’s leading investors such as DHVC, FBG Capital, Bitmain, and Lightspeed.