CertiK Review

Ask the Eden Labs team questions on our Telegram Group and receive updates, analysis, and research insights.

When analyzing a project, the Eden Labs team looks for projects that do something unique or do it much better than its competition. Quality projects should be able to explain complex ideas simplified to their audience. In addition, projects that rely heavily on a broad user base have to have an incentive for the first ten people to join the network before a million users is ever achievable. No project will succeed if it requires a million participants to bring any value to its users.

 

The CertiK platform is a framework for creating entirely trustworthy smart contracts. The project employs modular techniques to mathematically verify the functionality of smart contracts. By breaking down previously unverifiable contracts into smaller components that can be quickly and automatically verified in a decentralized manner.

 

Smart contracts are already an integral aspect of the blockchain ecosystem; they form the basis for the ICO market and are foundational to the architecture of many decentralized applications. Smart contracts allow companies and individuals to exchange value in trustless transactions, without the need for middlemen. Under the mantra, “code is law,” carelessly constructed and maliciously designed smart contracts will result in more than just lost ICO funds; mistakes will be catastrophic. Thus, smart contracts need to execute what’s advertised. And just as no one would employ a contract without the review of a licensed lawyer, smart contracts verification and review is critical. Today, the reality is that smart contracts are not fully trustable. Their inherent transparency exposes many avenues of attack from shrewd attackers examining the open source code and execution environment. The complexity of the contract and the carelessness of the programmer can result in many potential errors. No comprehensive solution currently exists.

 

The CertiK team has developed a decentralized proof engine that mathematically ensures that the specified smart contract is bug-free, hacker-resistant, and functionally verified. This process is accomplished through functional verification processes.

The project provides a solution through the use of certified kits. The kits include Smart Labeling, Layer Based Decomposition, Pluggable Proof Engines, Machine Checkable Proof Objects, Certified dApp Libraries, and Customized Certification Services. These components work to protect smart contracts by labeling the essential aspects of the smart contract and their intended functionality, and further deconstructing the verification task into smaller, more precise tasks. These smaller tasks are solved individually and validated by CertiK nodes. Proofs are then composed back into a fully stamped and verified smart contract.

 

The CertiK team is designing a platform to support the fully automatic review of the functionality of contracts. The project couples a labeling model with machine learning (deep learning) elements to accomplish this. Their system automates the labeling process through machine learning and contextualizes past proof efforts for learning evolution. The platform will then be able to mathematically identify and automatically split contracts into layers based on their proper functionality. This method will allow for a high level of verification precision and a dynamic, accurate, and automated contract review. Nodes running the CertiK software ensure that completed proofs are valid.

 

The CertiK platform’s use of certified kits allows for automated smart contract code review based on functionality. In other words, the platform confirms that smart contracts will actually do their pre-programmed task. Quantstamp and Zeppelin, the two main competitors, can only confirm the presence of certain code. In other words, these projects only confirm that the smart contracts contain X code snippet; it is the responsibility of the decentralized ecosystem and human reviewers to make conclusions as to the implications of said code. With interconnected smart contracts and highly complex provisioning, these types of review systems will not be sufficient. The CertiK platform will ensure that the analysis of smart contract security and identification of possible loopholes happen before the contract is released. ‘CertiK Labeling’, the “CertiK proof engine’ and ‘layer based decomposition,” form CertiK’s three main technical components.

The CertiK project uses labeling techniques to detect potential bugs, followed by strategies to confirm the expected behavior of the smart contract under review. By using the CertiK platform’s label-based, lightweight and expressive language, both goals can be achieved. Through the use of deep learning, the project aims to create a smart labeling framework such that most shared logic and properties found in other smart contracts can be aggregated for efficient labeling at a fraction of the time.

After labeling, the CertiK platform compiles together the labeled components of the smart contract. The CertiK compiler recognizes the labeling language and then uses automated SMT solvers to verify the functionality.

The third step of the process, layer-based decomposition, assists the aforementioned SMT solvers. These solvers verify correctness automatically but are hindered by what is known as the State Explosion Problem. This problem simply states that as the number of variables in the system increases, the size of the system state grows exponentially. This can significantly slow verification as every arbitrary interaction between components needs to be considered. To avoid this issue, layer based decomposition is introduced to sort and isolate all the elements into separate layers based on carefully designed rules. This can dramatically simplify the model and allow the solvers to perform their tasks without issue. Verification doesn’t account for every possible interaction, only the ones that are relevant to the system.

After the review process, the certificate will either validate that the code is bug-free and hack-resistant or highlight potential risks and loopholes while providing counterexamples.

 

The CertiK team’s use of technology is impressive and well thought out; this system of automatic smart contract verification is certainly filling a gap in the ecosystem. The project’s use of deep learning methods is also intriguing as it means that the process will only continue to become more precise and refined. Because the verification process relies heavily on the labeling process – mislabeled sections will be wrongly layered, and the system could miss relevant interactions – testnet and mainnet proof of the platform’s engine will be critical.

 

 

The CertiK team has provided a simple roadmap highlighting the key release dates for essential components in the development timeline. The project is currently ready for public release, although no date has been provided for this. 

 

CTK tokens serve as the platform’s utility token. They are used on the platform to facilitate the exchange of security auditing services, as well as economic incentives for community participation in the CertiK ecosystem.

The total supply of CTK has been confirmed on Telegram as 100M.

 

Very little information has been released about the CTK token metrics, the team is still finalizing these details.

 

The CertiK project is currently in competition with projects such as ZeppelinOS and Quantstamp. These projects also focus on smart contract verification, although CertiK is different from the competition because current smart contract verification projects combine elements of human review with programmed review and only confirm whether code satisfies a set of conditions. The competition can’t confirm whether the code will execute as intended. CertiK however, does. This is what makes CertiK unique with respect to its competition.

Quantstamp attempts to solve this problem through an incentivized marketplace where users and developers review contracts and judge their accuracy. Their analysis is combined this with a tamper-proof, proof-of-audit hash. However, this process still relies on human capabilities and judgment, albeit through crowdsourcing. Projects such as Zeppelin OS are building an open sourced, decentralized platform of tools and services on top of the EVM (Ethereum Virtual Machine) to help developers rapidly deploy, manage and upgrade smart contracts. With Zeppelin, users will be incentivized to vouch for the correctness of code to ensure that no one user can make the determination. This method, much like Quantstamp, relies on human intervention which is limited in ability and prone to error.

 

The CertiK team has competitors to contend with, though it is clear that the CertiK platform has more impressive technology than the alternatives. Quantstamp has a sizeable team, but its human-led review method is prone to human error, which ideally, should be absent when verifying smart contracts. ZeppelinOS also falls short of the CertiK platform as its open source smart contract framework lacks verified libraries and they too conduct manual smart contract verification.

 

In the rapid, challenging, and dynamic industry of DLT startups, the team is an imperative component to a project’s success. The frequent need for pivoting and the challenges of a new industry necessitate a team with a strong background in distributed ledger technology, technical and engineering educations, and proven reputations. Team bios, LinkedIn profiles, past work experience, and publishing work are all reviewed and analyzed.

Prof. Ronghui Gu, Co-founder

  • Ph.D. in Computer Science from Yale University
  • Primary designer and developer of CertiKOS, the world’s first fully verified concurrent OS kernel
  • Wxpert in formal verification of system software

Prof. Zhong Shao, Co-founder

  • Ph.D. in Computer Science from Princeton University
  • Key developer of the SML/NJ compiler and the main architect of its FLINT certifying infrastructure
  • Has been a leading figure working on the highly visible research fields on cybersecurity, programming languages, operating systems, and certified software

Dr. Vilhelm Sjoberg, Research Scientist

  • Ph.D. in Computer Science from the University of Pennsylvania
  • An expert in software verification, programming languages, and type systems
  • Winner of 2016 ACM SIGPLAN John C. Reynolds Doctoral Dissertation Award

 

The team leaders for this project are experts on the subject matter of formal verification systems and are experienced in a range of computer science related fields. The team previously created CertiKOS, the first fully verified concurrent OS kernel. It is used in a number of high profile use cases, including DARPA and NSF programs. Overall the team most certainly has the technical skills to develop and complete this project. Currently, the listed team is quite small but the team has stated that they have recently doubled the team, adding much-needed engineers and business developers.

 

According to the project’s roadmap, the project hosted its private sale in February and CertiK 1.0 was launched in June. The project has a demo video on their website which highlights its capabilities. Currently, the project is slated for public release but no date has been provided.

 

Partnerships represent both institutional investors as well as enterprise involvement. As with advisors, partnerships legitimize projects. A focus is placed on projects engaged with enterprises and corporations within their respective industry.

  • IoTeX
    • IoTeX is the auto-scalable and privacy-centric blockchain infrastructure for the Internet of Things (IoT). IoTeX’s global team is comprised of Ph.Ds in Cryptography, Distributed Systems, and Machine Learning, top-tier engineers, and experienced ecosystem builders.
  • Nebulabs
    • An incubation lab that is united, open, and mutualistic, dedicated to supporting startups on the Nebulas platform. Nebulabs provides technical, financial, and blockchain business planning support.

 

The CertiK team’s partnerships both with IoTeX and Nebulabs are a good fit as both projects incorporate smart contracts which will utilize CertiK’s verification system to enhance their security. IoTeX is a blockchain project building privacy-centric infrastructure for the Internet of Things ecosystem and they will continue to work with each other to ensure smart contract security for IoTeX. Nebulabs is the startup incubator of Nebulas, a next-generation public blockchain. The CertiK platform will provide formal verification for smart contracts developed on the Nebulas blockchain, enabling programs in the Nebulas ecosystem to be more robust and resilient to hacks.

 

Social media and community engagement measures both how many in the community are aware of the project, as well as what the project’s level of engagement is within the community. It’s important to see active posting on Twitter and Medium, as well as a well-administered Telegram or Slack.

  • Twitter. Active account with 1,224 followers and 18 tweets since joining in May 2018.
  • Medium. Well managed, active account with 596 followers and 13 articles.
  • Youtube. Active channel with 177 Subscribers and 4 videos.
  • Telegram. Large Telegram community with over 37K members.

website is the initial representation of a project’s professionalism; it serves as the first impression for potential investors; and acts as a key tool in conveying the team’s vision. Thus, the importance of reviewing the website for clarity, sophistication, quality, transparency, and professionalism.

The CertiK website is well designed with comprehensive information on most key aspects of the project, providing links to more detailed documents including the whitepaper and keynote. It incorporates clean graphics and professional photos. The website only lacks information about any other team members in the project, as currently only the three team leaders are mentioned.

 

The CertiK team has dedicated most of its efforts towards building a strong Telegram presence and has largely succeeded. Its other publishing platforms do not have the significant social media presence and awareness that some other projects benefit from, but they are making progress in that area.  

 

  1. The project has not published any details about the token. It is important for a project to publish the supply of tokens, their allocation, and information regarding the token sale.
  2. Currently, only three team members are detailed. They have announced that they have greatly expanded their team, with the addition of engineers and business developers, but so far, no hires have been made public.
  3. The CertiK project currently lacks any advisors. It is important for a blockchain project to work with industry relevant advisors, as building a quality project in the current ecosystem necessitates the involvement of experts from a multiplicity of fields. Drawing on the expertise of other industry experts is critical.

 

The CertiK platform is an impressive piece of technology, with only a few minor concerns. The project currently lacks essential information regarding additional token economic details beyond just the number of tokens which will be circulated. Although the team has mentioned many additional hires have been made, there have been no publicised hirings or developments regarding the team. Additionally, the project does not list any relevant blockchain advisors, which could limit their growth potential. 

 

A highly accredited, accomplished team is developing the CertiK platform. Due to the nascence of smart contract technology, the full potential for a project conducting smart contract formal verification has yet to be realized. As smart contracts govern more significant quantities of assets and more valuable ecosystems, a certification system will be critical to ensuring the correctness of code to prevent unwanted losses or hacks. Current formal verification methods offered by competitors are lacking. The review methods are time-consuming and prone to human error, both of which could allow for catastrophic mistakes. With CertiK, this process is automated and thorough; if successful, the CertiK platform’s use of deep learning will provide a constantly evolving ecosystem, setting the bar for the speed, efficiency, and quality of smart contract review.

 


 

Did you like our analysis of CertiK?

Follow Eden Block on Twitter and stay tuned to our latest tweets
Join our Eden Labs Telegram Group and be part of the conversation
Follow us on LinkedIn for announcements and updates

Disclaimer: This is not investment advice, merely our opinion and analysis on the project. Do your own research.

2 Comments

Leave a Reply

Your email address will not be published.

Share This

Copy Link to Clipboard

Copy