CertiK Audits Benchmark Protocol

The CertiK Security Team has successfully completed an audit of Benchmark Protocol’s smart contract which underpins the P2P Benchmark Marketplace. The audited code consists of the upcoming cross-chain P2P marketplace, details of which follow.

Use-Case Profile

Benchmark Protocol is an elastic stablecoin-alternative bridging capital markets to DeFi. $MARK (ERC-20), the token of Benchmark Protocol, is that stablecoin alternative. The token augments supply based on the Special Drawing Rights (SDR). The SDR is a composite international reserve asset, consisting of the U.S. Dollar, Euro, Great British Pound, Chinese Yuan, and Japanese Yen. …


The CertiK Security Team has successfully completed an audit of XEND Finance’s smart contract’s delta related to the rewarding group creator. The code in the audit is comprised of code related to rewarding a group’s creator with a percentage of the commission fee as well as to track total $XEND token rewards. A summary of the audit and its findings follows up.

Use-Case Profile

As a decentralized Credit Union, Xend Finance (XF) serves to optimize, improve, and add value to the core operations of Credit Unions globally, while also allowing users to form their own cooperatives and pool their money, no matter…


CertiK has set out on a joint strategic venture alongside Convergence Finance to ensure the security of their protocol and wider ecosystem. With Converge Finance’s security-centric approach, something which is naturally shared by CertiK, we’re confident that the team have paved the way for a deep level of trust and reliability in their project.

Convergence — Secured by CertiK

As part of the strategic partnership, the Convergence protocol underwent a thorough audit by a team of security experts at CertiK HQ. The audit leveraged a combination of static analysis and manual review and was focused on ConvX, Convergence’s decentralized interchangeable asset protocol.

Our team of…


How to Make the Most of Remote Work

In March 2020, the working life for many of us changed drastically. Water cooler catch-ups turned into Slack powered instant messages, whilst the weekly meeting was powered by Zoom and the boss didn’t know you’re still wearing your slacks on your lower half.

Echoing the distributed nature of blockchain, the CertiK team have worked from a variety of locations around the world from day one.

Remote working can be, and has been, a huge change for a lot of us. …


NEW YORK, 31/03/2021— The codebase for CompliFi’s automated market maker (AMM) pool contract has undergone an audit by the CertiK Auditing Team. Through the utilization of this AMM, anyone is able to create a pool and finalize it, following that any user is able to join the pool and receive pool tokens. The summary of the audit and its findings follows up.

Use-Case Profile

CompliFi Protocol comprises a decentralized protocol for issuing a wide range of financial derivatives without the risk of default, liquidations, or collateral calls.

In early February, CompliFi expanded their product offering beyond the aforementioned derivatives issuance protocol to…


Zenfuse — Token Timelock Security Verification

NEW YORK, 25/03/2021- The Zenfuse Team has successfully undergone an audit of their ‘Token Timelock’, an ERC-20 timebased lock mechanism most often utilized to release developer funds at a certain point in the future. A summary of the audit and its findings follows up.

Use-Case Profile

With a mission to make trading effortless and more profitable for both beginners and professionals, Zenfuse enables trading on multiple cryptocurrency exchanges from one secure account on both desktop and mobile.

ZEFU, the native token and the unit of exchange in the Zenfuse ecosystem, serves a number of use cases; including, but not limited to, staking…


On March 14th, the CertiK Security Team discovered a novel type of attack which was leveraged against the DeFi stablecoin project; True Seigniorage Dollar. The attack resulted in a total loss of approximated $16,600. In order to conduct this, the attacker took advantage of the principle of the Decentralized Autonomous Organization (DAO) mechanism in order to conduct an attack without manipulating conventional ‘vulnerabilities’.

Technical Analysis

The Attack Process:

  1. The attacker (0x50f753c5932b18e9ca28362cf0df725142fa6376) acquired a large number of True Seigniorage Dollar tokens (TSD) at a low price. They then leveraged those tokens for voting power and forcibly passed proposal №

Ternoa’s Native Token Implementation Successfully Audited By CertiK

We’re happy to announce that the implementation of Ternoa blockchain’s native token CapsuleCoin, was successfully audited by CertiK Professional Services Division. In this spotlight, we elaborate on the scope of the audit, as well as present some of the issues found during the auditing process.

Use-Case Profile

Ternoa is a Polkadot ecosystem parachain, build to upscale the NFT sub-culture to its next level of existence offering time capsules, cross-chain, and cross-platform NFT interoperability, and highly secured and encrypted on-chain, in association with Sia, Storj, and Arweave to mention a few.

An array of protocols in the form of autonomous smart contracts empower…


Social Trading Platform Aluna Tightens Security With A CertiK Audit

NEW YORK, 08/03/2021 — We’re excited to announce that Aluna. Social’s codebase which contains the Aluna Token, the Aluna Rewards Pool, the Aluna Token Vesting, and the Aluna Boost Pools smart contracts were successfully audited by CertiK.

Use-Case Profile

Aluna is a gamified social trading ecosystem for the Web 3.0 world. ALN is the utility token at the heart of the Aluna ecosystem, and its core functions are to:

  • Bootstrap the community, ecosystem, utility and liquidity.
  • Fuel the incentive and gamification mechanisms on ALN-powered platforms.
  • Coordinate decentralized governance and reward the community of governors.

Aluna’s flagship product, Aluna.Social, is a gamified social…


On March 5th, 2021, PAID Network suffered from a “mint” attack caused by private keys mismanagement. The proxy owner’s private keys were used (or compromised) to swap the deployed code audited by CertiK with the malicious one containing the burn and mint functions used during the attack. Such burn and mint functions were not present in the audited code. We are not able to confirm what transpired up to the point the contract ownership was transferred to the address that executed the burn and mint functions, but we can conclude these are the actions that occurred. View the full audit…

CertiK

Official Website: https://certik.io

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store