CertiK has conducted a security audit for Airbloc

CertiK | May 14, 2019

Article's Poster

CertiK has successfully conducted a security audit for Airbloc, a consent-based real-time personal data exchange platform, over their token based smart contract.

The Audit Process

The purpose of this audit is to make sure the to-be-verified smart contracts are robust enough to avoid potential unexpected loopholes and immune to classical security issues. The project went through 2 rounds of iterations without any high impact vulnerabilities found, while several low-impact ones were revealed and coding recommendations were brought to Airbloc team for potential enhancements. We are glad to see the quick response from the client and also the later on commits regarding the issues we addressed.

CertiK team has applied a suite of technologies over the source code including the proprietary formal verification by applying smart labels, together with traditional testing, static analysis and model checkings. With the final update of source code and delivery of the audit report, we conclude that the contract is not vulnerable to any classically known anti-patterns or security issues. We appreciate that Airbloc team’s efforts on developing the smart contract, as well as seeking multiple opinions before the mainnet release for better quality and bigger responsibility to its supporters and token holders.

Here is a highlight over the `Zero Owner` issue found in the source code. Basically, `transferOwnership` is considered as a double-bladed sword, an easy mistake, like providing a wrong address for the new owner, will deprive the owner and orphan the administrative authority such as token lock/unlock. Though the likelihood is rare as those operations shall be carefully handled by the client team, we suggested to either have a list of owners (one primary and the rest for backup), or a step further to have a multisig smart contract handling privileged operations over the smart contract.

During the initial iteration, we found some low-impact CertiK’s Formal Verification engine concluded that although highly unlikely, Airbloc smart contract had a subtle bug that could cause undesired behavior.

A word from Airbloc

We chose CertiK as a preferred partner to audit Airbloc’s token contract because of their sophisticated verification framework. We were particularly impressed by their thorough assessments which helped to ensure that Airbloc’s token contract was trustworthy and free from security vulnerabilities.

-- Lee-On | Chief Strategy Officer of Airbloc

About Airbloc

Airbloc is a consent-based real-time personal data exchange platform. A project that aims to realize true enterprise adoption, it has formed partnerships with industry-leading companies such as Hankyung (Korea’s 2nd Largest Financial Newspaper) and Battle Comics (Korea’s 2nd Largest Comics Platform with over 1M users). For its promising technology, Airbloc gained funding support by leading renowned traditional and blockchain institutions such as Messaging Giant LINE Corporation’s Blockchain Venture Fund, Huobi Capital, and OKEX Capital, Bgogo, Fenbushi Digital, and many more.

Airbloc aims return data ownership back to individuals, allow applications to collect and monetize data legitimately, and allow enterprises to exchange explicitly consented data with an auditable source of provenance for their business intelligence, research, and targeted marketing purposes.

Airbloc is a Reverse ICO completed back in June 2018 led by a leading Korean big data data company, Airbridge, that was recognized in 2016 as a promising technology company by the South Korean government. Since 2016, the company has been tracking the data of over 50M devices equivalent to 2/3 of the entire Korean mobile population through its big data analytics. The company behind Airbloc was awarded by KB Kookmin Card, Korea’s largest credit card company in July 2018 as the top 10 promising technological companies in Korea with expertise in big data infrastructure.

About CertiK

CertiK is a blockchain and smart contract verification platform founded by top Formal Verification experts from Yale and Columbia University. Incubated by Binance Labs, Certik has strategic partnerships with the world’s leading crypto exchanges such as Binance, OKEx, and Huobi, as well as protocols such as NEO, ICON, and QuarkChain.

CertiK’s formal verification method works differently than traditional testing approaches: rather than working manually, CertiK mathematically proves blockchain ecosystem and smart contracts are hacker-resistant and bug-free at scale. CertiK has secured over $4B in asset value, auditing several projects across all major protocols, including BNB, Terra, Crypto.com, and TUSD.

To request the audit/verification of your smart contracts, please email audit@certik.org or visit certik.org to submit the request.

Twitter: https://twitter.com/certikorg

Reddit: https://www.reddit.com/r/CertiKOrg/

Telegram: https://t.me/certikorg

LinkedIn: https://www.linkedin.com/company/certik