V SYSTEMS Smart Contract Audit

CertiK | Oct 29, 2019

Article's Poster

Although blockchain technology still remains to be widely adopted, it continues to grow and adapt. As Bitcoin and Ethereum advanced, many began to understand how powerful blockchains can be.

V SYSTEMS aims to build a cloud-based database for application developers to instantly create blockchains. Their object-oriented platform empowers developers to carry out complex applications in a simple and decentralized setting.

For example, finance platforms require an extensive amount of data. Along with other applications like gaming and social media, V SYSTEMS offers cloud developing and modular design tools to alleviate the stress when building code and data. This enables developers to focus on conducting business on the blockchain, without having to worry about the security repercussions.

Created to transform the digital economy era, V SYSTEMS re-architects Proof of Stake (PoS) to Supernode Proof of Stake (SPoS)—a key pillar that builds the platform. SPoS is a high-performance version of PoS that enables security against the 51% attack, self governance, and scalability.

Other key advantages of SPoS include:

  • Sidechain management
  • Smart assets management
  • Consensus management
  • Interchain processing
  • Transaction processing

With V SYSTEMS’s database solution, privacy hacks could be completely avoided. As a vital step to building this strong foundation, VSYS worked with CertiK to ensure the safety of their smart contracts.

Scope of Work

V SYSTEMS wanted a review of their Non-Turing-Complete smart contract technology development, which is planned into three phases:

  1. Token creation, distribution, and issuance
  2. Token trading and management
  3. Token performance optimization

Considering the technology development and industrial needs for smart contracts, V SYSTEMS will eventually adopt the Turing-Complete model. In essence, this means that:

Smart contract ownership cannot be transferred, but the token issue right can be transferred. The contract creator has the final right to interpret the token issue right.

The smart contract itself cannot be modified. It's a simple consensus and cannot be modified at will, but the parameters of some contracts can be changed. The contracts with modifiable parameters are relatively weak in consensus. These parameter revisions will provide choices and an advanced notice.

Workflow Overview

In regards to how transactions are registered and executed on smart contracts, the workflow is as follows:

RegisterContractTransaction is an input parameter for RegisterContractTransactionDiff, while ExecuteContractFunctionTransaction is an input parameter for ExecuteContractFunctionTransactionDiff.

These two classes would read states from contract transaction and calculate the difference to proceed the status updates.

Similarly, the graph above shows how functions get the opcodes to use the contract and token data. ExecuteContractFunctionTransactionDiff class has a function call from ExeConTx(), which is implemented in ExecutionContext. Once the function fromExeConTx() is called, ExecuteContractFunctionTransactionDiff returns ExecutionContext.

Function apply() calls fromExeConTx() and fromRegConTx() to convert ExecuteContractFunctionTransactionDiff and RegisterContractTransactionDiff to OpcFuncDiffer. Then by calling OpcFuncDiffer.apply(), the two transaction diff objects get the opcodes to use the contract and token data.

Outcome

Overall, CertiK found the source code to exhibit good health. VSYS implements preventative measures to ensure high quality code that aligns with best practices in the space, including:

  1. Assigning proper access control for functions
  2. Using check-effects-interactions patterns to minimize state changes after external calls
  3. Providing test scripts and coverage for potential defect scenarios

With the final update of source code and delivery of the audit report, CertiK concludes that the design of the smart contracts is structurally sound and not vulnerable to any classically known anti-patterns or security issues.

About V SYSTEMS

V SYSTEMS is a general purpose blockchain database for decentralized applications. Led by Chief Architect Sunny King, the V SYSTEMS blockchain has implemented his new innovative consensus algorithm—Supernode Proof of Stake (SPoS). V SYSTEMS aims to deliver decentralized database cloud technology that is scalable and durable, with high finality, performance, and the highest resistance to 51% attacks.

The network is operated as a cloud platform that can support efficient and agile development of a vast variety of applications, including, but not limited to, decentralized finance applications (DeFi), entertainment, social media, tokenization, dapp deployment and many more.

Twitter: https://twitter.com/VSYSCoin

Telegram:https://t.me/VSYSOfficialGroup

Medium:https://medium.com/vsystems

YouTube: https://www.youtube.com/channel/UC3tnJX2dztNKh2yJxFVSDAw?

Reddit: https://www.reddit.com/r/V_SYSTEMS/

About CertiK

CertiK leads blockchain security by pioneering the use of cutting-edge Formal Verification technology on smart contracts and blockchains. Unlike traditional security audits, Formal Verification mathematically proves program correctness and hacker-resistance. CertiK was founded by Computer Science professors of Yale University and Columbia University, securing over $6B in assets, including many of the world’s top projects.

The research efforts of CertiK have received grants from IBM and the Ethereum Foundation, and notable investors include Binance Labs, Bitmain, Lightspeed Venture Partners, Matrix Partners, and NEO Global Capital, among others.

To request the audit/verification of your smart contracts, please email audit@certik.org or visit certik.org

Twitter: https://twitter.com/certikorg

Reddit: https://www.reddit.com/r/CertiKOrg/

Telegram: https://t.me/certikorg

LinkedIn: https://www.linkedin.com/company/certik