AllianceBlock and CertiK's Audit Procedure

CertiK | Sept 11, 2020

Article's Poster

AllianceBlock provides the bridge between traditional and digital capital markets for all participants, reflecting how traditional finance would be designed today with current technology.

The Alliance Block DeFi Ecosystem is designed as a multi-sided protocol that enables its members to issue, transfer, own tokenized/ digitized asset, trade, in another word all services that exist in the traditional capital market, while being fully compliant with regulations. It allows any entity to create assets and applications without the need for approvals from centralized “trust” authorities. The objective is to create the world's first globally compliant decentralized capital market

The CertiK team was contracted by the AllianceBlock team to audit the design and implementation of their smart contracts, and its compliance with the EIPs it’s meant to execute on. The audited source code link can be found here.

Code Review Overview

The goal of the audit was to review the Solidity implementation for its business model, study potential security vulnerabilities, its general design and architecture, and uncover bugs that could compromise the software in production.

CertiK’s Auditing Process

A comprehensive examination has been performed, utilizing Dynamic Analysis, Static Analysis and Manual review techniques. The auditing process pays special attention to the following considerations:

  1. Testing the smart contracts against both common and uncommon attack vectors
  2. Assessing the codebase to ensure compliance with current best practices and industry standards
  3. Ensuring contract logic meets the specifications and intentions of the client
  4. Cross referencing contract structure and implementation against similar smart contracts produced by industry leaders
  5. Thorough line-by-line manual review of the entire codebase

Summary and Recommendations

The project's codebase is a typical EIP token implementation, along with batch token transfer and vesting mechanisms. The codebase strictly adheres to the standards and interfaces imposed by the OpenZepellin open-source libraries and as such its typical ERC-20 functions can be deemed to be secure.

During the audit process, CertiK and AllianceBlock worked together to remediate all issues found in the process. Although certain optimization steps CertiK pinpointed in the source code mostly referred to coding standards and inefficiencies, the minor flaw that was identified was remediated to ensure the security of the contracts.

“Smart Contract Security is imperative to the blockchain ecosystem. When you invest in a token, you want to ensure the Smart Contracts are secure in every way. CertiK, the leading blockchain security company, has an outstanding reputation and together with their great attention to detail and deep knowledge we made sure to achieve exactly that.” -- Matthijs de Vries, Founder & CTO of AllianceBlock.

“AllianceBlock’s codebase displays a high degree of technical expertise and engineering discipline. A series of assessments focused on identifying code patterns commonly associated with smart contract vulnerabilities were carried out during the audit, and we are happy to conclude that AllianceBlock’s smart contract abides to high security standards. We look forward to collaborating with the team in the near future.” Yvan Nasr, Head of Professional Service @ CertiK.

About AllianceBlock

AllianceBlock is building the first globally compliant decentralized capital market. Incubated by three of Europe’s most prestigious incubators: Station F, L39, and Kickstart Innovation in Zurich, and led by a heavily experienced team of ex-JP Morgan, Barclays, BNP Paribas, Goldman Sachs investment bankers, and quants, AllianceBlock is on the path to disrupt the $100 trillion securities market with its state-of-the-art and globally compliant decentralized capital market.

Twitter: https://twitter.com/allianceblock

Telegram: https://t.me/allianceblock

Website: www.allianceblock.io

About CertiK

CertiK is a technology-led blockchain security company founded by Computer Science professors from Yale University and Columbia University built to prove the security and correctness of smart contracts and blockchain protocols.

CertiK’s mission of every audit is to apply different approaches and detection methods, ranging from manual, static, and dynamic analysis to ensure that the project is checked against known attacks and potential vulnerabilities. CertiK leverages a team of seasoned engineers and security auditors to apply testing methodologies and verifications on the project, in turn creating a more secure and robust software system.

CertiK has serviced more than 100 clients with high quality auditing and consulting services, ranging from stablecoins such as Binance’s BGBP and Paxos Gold to decentralized oracles such as Band Protocol and Tellor.

Stay connected!

Remember to follow us on the platforms below to stay up-to-date with our latest updates and announcements.

Website: https://certik.io

Twitter: https://twitter.com/certik_io

Linkedin: https://www.linkedin.com/company/certik/

GitHub: https://github.com/CertiKProject

To request your FREE consultation send us an email to bd@certik.io