Ternoa’s 2023 Audits: Ensuring Security and High Performance
Ternoa has undergone a series of extensive audits in 2023 to ensure its security, functionality, and performance. Various specialized teams have conducted these rigorous audits, including Parity, Certik, NCC Group, and highly-recommended labs such as SR Labs and Invisible Things Labs.
The launch of Ternoa’s Phase 4 brought about an array of groundbreaking features, including the introduction of Secret NFTs, enabling the crafting of NFTs containing confidential information and the capability to preserve private data and memories through our innovative Capsules. We also launched Transmission Protocols that facilitate the secure transmission of digital assets based on event-driven or time-oriented methods. But our advancements extended beyond this, with Phase 4’s inclusion of TEE (Trusted Execution Environment) technology and enclaves, allowing data access exclusively to current owners and sanctioned parties.
To safeguard security and performance of our code, we underwent multiple audits. Let’s delve into an in-depth look at all the audits performed on Ternoa, detailing their status and the purpose behind each audit.
Certik (April 2023)
Ternoa underwent a code audit in April and partnered with Certik, a leading firm specializing in blockchain security. CertiK is renowned for its in-depth evaluations to ensure security and compliance with industry best practices and standards. It offers smart contract auditing, code review, and security assessments. Their team of experienced security engineers, with a deep understanding of blockchain technology, conducted a thorough audit of Ternoa’s private content NFT pallets.
CertiK’s audit included an examination of Transmission Protocols, and Trusted Execution Environments (TEEs) pallets. Utilizing both Static Analysis and Manual Review techniques, they conducted a rigorous assessment to verify the integrity and resilience of Ternoa’s unique functionalities.
Substrate Builders Program by Parity (May 2023)
Ternoa, built on Substrate, a blockchain-building framework, reached Milestone 2 of the Substrate Builders Program in May. This program, designed to facilitate the growth of new blockchains, has enabled Ternoa to gain from Parity’s expertise, strengthening its blockchain’s robustness and efficiency. During Milestone 2, Parity performed an extensive phased review of Ternoa’s blockchain, including a crucial audit of its pallet code for Phase 4.
The pallets are essential components of the substrate stack, containing the specific business rules to be enforced by the chain. Each pallet is a modular piece of software written in RUST, designed to fulfill a unique function, allowing for easy combination. The audit included an in-depth examination of Secrets, capsules, and transmission protocols, and TEEs (Trusted Execution Environment) pallets, underlining Ternoa’s commitment to transparency and secure technology.
SR Labs (June 2023)
After completing Ternoa’s Phase 4 pallets audits, the company partnered with SR Labs to conduct a comprehensive security review of the Ternoa pallet code. SR Labs, a leading company in the decentralized systems space and a vital player in the Substrate Security Audit of Ternoa, is known for its significant contributions to the development of blockchain technology. They specialize in making decentralized systems more scalable, secure, and interoperable and are committed to global cybersecurity.
The collaboration with SR Labs encompassed an extensive examination of Ternoa’s innovative pallets with developments in utility NFTs, including rental NFTs, Soulbound Tokens, Auctions, and Royalties, as well as Ternoa’s staking and governance mechanisms.
NCC Group (July 2023)
NCC Group, a global giant in cybersecurity renowned for penetration testing and other security services, conducted a thorough audit of the enclave APIs within the Ternoa network. These APIs store and manage the data encryption keys of Secret NFTs and Capsules. The scope of NCC Group’s expertise includes identifying and exploiting vulnerabilities to help blockchains become resilient and secure.
The audit included:
- All public endpoints of the enclave APIs.
- Aiming to uncover configuration issues.
- Common API vulnerabilities.
- Data integrity compromise.
- Evaluating the effectiveness of implemented logic controls.
In addition to testing Ternoa’s enclaves for weaknesses, NCC conducted a thorough security assessment. They aimed to strengthen Ternoa’s network against possible attacks and assess its security based on any vulnerabilities.
Invisible Things Lab (July 2023)
Invisible Things Lab, a security research company renowned for specializing in embedded systems and IoT security, has a prominent reputation for uncovering vulnerabilities in complex systems. With years of experience working at the forefront of Intel SGX, they offer unparalleled expertise in devising, deploying, and auditing SGX-based solutions and consulting on SGX’s security.
They recently applied this expertise to Ternoa, conducting a code audit of the network’s secure enclave code and enclave sync functionality. This targeted examination was focused on identifying potential vulnerabilities within these crucial areas of Ternoa’s ecosystem. The audit’s completion represents a significant step in enhancing Ternoa’s enclave security, ensuring it remains resilient against potential threats and aligns with industry best practices.
Phase 5 Audits in Progress (Aug 2023)
Phase 5 of Ternoa is dedicated to enhancing decentralization, security, transparency, and community engagement within the network. The key features of this phase include:
- Decentralizing the TEE (Trusted Execution Environment)
- Secret node infrastructure
- Enabling external operators to register and manage secret nodes
- Open-sourcing the secret enclave code
- Introducing CAPS staking with APR rewards for secret node operators.
- Launching a dedicated metrics server will aid in computing secret nodes’ performance and availability.
The Substrate Builders Program by Parity and Invisible Things Lab are actively involved in the auditing process for Ternoa’s Phase 5 launch, examining the decentralized TEE secret node infrastructure and evaluating Ternoa’s secure enclave code and enclave sync functionality. Stay tuned for the latest updates on the progress of our Phase 5 audits.
Audits hold a fundamental role in the success and integrity of the Ternoa network, elevating the ecosystem to a high level of security, best practices, and standards. By partnering with industry leaders and top audit firms, Ternoa is committed to security, transparency, and excellent performance. These audits strengthen Ternoa’s underlying architecture and ensure its alignment with the evolving standards and best practices of the dynamic web3 landscape.
