CertiK has completed a Security Audit of MultiVAC Project

CertiK | Apr 2, 2019

Article's Poster

CertiK has recently completed a successful audit of MultiVAC project, a next-generation public blockchain designed for large-scale and complex distributed applications. MultiVAC will hold a token sale on Kucoin on April 3rd, 2019.

Scalability has become synonymous with next-generation blockchain technologies, often being regarded as the next big hurdle that must overcome before achieving wider industry disruption. The scalability trilemma, described by Ethereum's Vitalik Buterin, states that you may only have two out of the three corners (decentralization, scalability, or security), making trade-offs inevitable.

(Source: Forbes)

Auditing Process

The MultiVAC token is based on standard ERC-20, adding some additional access control and burn token ability. Given MultiVAC will make its debut on Kucoin Spotlight on April 3rd, 2019, CertiK was asked to verify the source code for vulnerabilities, conducting a full-scan audit to make sure that security vulnerabilities are remediated before the IEO begins.

CertiK Smart Label Engine applied Formal Verification technology to detect issues such as Integer Overflow/Underflow, Function Incorrectness, Buffer Overflow, Reentrancy, etc. Rather than merely checking for bugs and vulnerabilities, CertiK’s team of experts leverage rigorous mathematical theorems to check whether source code meets its specification, computing all possible scenarios and providing proof that it is impossible for the checked vulnerabilities to exist.

(Source: CertiK Audit Report)

Here are some of the highlights:

  1. MultiVAC is a stoppable contract, but only the owner has the ability to stop and restart. This more constrained access model allows for greater control, along with the ability to mitigate potential emergencies and losses of funds.
  2. To prevent attack vectors in the approve function, MultiVAC also ensures that users must set the value back to 0, from an existing value that was previously set, before they can set a new value.
  3. The burn function uses address 0 as the receipt address, burning the desired tokens without decreasing the total supply of tokens.

Overall, the CertiK team indicated that the MultiVAC smart contract was highly secure. In addition to security remediations, the MultiVAC team also leveraged CertiK’s audit report and technical insights to enhance the overall design and security of their systems.

Full audit report provided by CertiK team can be accessed here.

About the Project

MultiVAC is the next-generation public blockchain designed for large-scale and complex distributed applications. It breaks through the limitations to blockchain scalability by developing the world’s first fully sharded blockchain with sharded transmission and storage, allowing DApp developers to trade off between the impossible triangle of decentralization, scalability and security. Furthermore, it maximizes throughput on every shard while maintaining decentralization and security, allowing decentralized blockchains to achieve industrial capacity.

MultiVAC is equipped with several technologies designed for performance and flexibility, pioneering a miner selection model that redefines sharding and smart contracts. To name a few:

  • VRF Dynamic Re-Sharding
  • Distributed Ledge Scheme based on Merkle Root
  • Byzantine Consensus Family
  • Flexible Computing Model

About CertiK

CertiK is a blockchain and smart contract verification platform founded by top Formal Verification experts from Yale and Columbia University. Incubated by Binance Labs, Certik has strategic partnerships with the world’s leading crypto exchanges such as Binance, OKEx, and Huobi, as well as protocols such as NEO, ICON, and QuarkChain.

CertiK’s formal verification method works differently than traditional testing approaches: rather than working manually, CertiK mathematically proves blockchain ecosystem and smart contracts are hacker-resistant and bug-free at scale. CertiK has secured over $4B in asset value, auditing several projects across all major protocols, including BNB, Terra, Crypto.com, and TUSD.

To request the audit/verification of your smart contracts, please email audit@certik.org or visit certik.org to submit the request.

Twitter: https://twitter.com/certikorg

Reddit: https://www.reddit.com/r/CertiKOrg/

Telegram: https://t.me/certikorg

LinkedIn: https://www.linkedin.com/company/certik