CertiK and OKChain’s Official Ecosystem Partnership

CertiK | Apr 30, 2020

Article's Poster

OKChain, a public chain developed by the leading OKex team, went fully open-source on April 16, 2020.

Based on the proprietary cross-chain design under the “Commercial Chain Alliance” concept and OpenDEX full-node operation, OKChain provides an efficient, free, and boundless ecosystem for its nodes.

CertiK joins OKChain Commercial Chain Alliance

OKChain redefines the concept of a public chain’s “boundless ecosystem”, implementing cutting-edge technologies and creating strategic partnerships such as the “Commercial Chain Alliance”, a group of early-stage partners including 10+ world-renowned institutions. OKChain’s mission is to interconnect users, value, and use cases through complementary and customized cross-chain technologies, solving long-standing problems in the blockchain world including TPS, security, and suitability.

As the premier blockchain security experts and developers of the CertiK Chain, CertiK is excited to join OKChain’s Commercial Alliance.

CertiK: Security Expert in the Blockchain World

The CertiK team leverages world-class Formal Verification technology from the research labs at Yale University and Columbia University to solidify the security of OKChain’s ecosystem.

Compared to the types of vulnerabilities found in simple programs or smart contracts, vulnerabilities in chains are defects that reflect inconsistencies of developers’ intentions against the actual needs, design, realization, configuration, and operation of the blockchain itself. These vulnerabilities can be found in various modules, and, if exploited by malicious hackers, can cause system infrastructure failures and result in major losses of digital assets and data.

But because every public chain has its own unique vision and design, there is no single security solution that fits all chains ideally. Due to these distinctive qualities, CertiK conducts comprehensive security evaluations and formulates customized service plans to ensure end-to-end soundness of each blockchain system.

CertiK’s security service offerings, to name a few, include:

  1. Penetration testing & security audits, with special concentrations on critical modules and program functionalities
  2. Security advisory regarding blockchain design and code implementation
  3. Full-node security monitoring service

As of today, the CertiK team has helped over 200 public chains and enterprise clients avoid security exploits at all levels by leveraging its world-class formal verification technology, along with other security expertise pertaining to its main service offerings:

Penetration Testing

Penetration testing is the most effective and direct diagnosis of a system's security conditions. CertiK offers rigorous red team/blue team penetration tests to various public chains, exchanges, wallets, and other on-chain dapps by following OWASP, NIST, and PTE industry standards. The security experts at CertiK adopt a systematic approach for each penetration test by leveraging automatic security scanning tools as well as manual review to pinpoint varying levels of security vulnerabilities and their relevant solutions.

Code Audit/Review:

Code audits offer a rigorous and robust hardening process that takes a blockchain system security to another level. Because public chain security is far more complicated than what you’d need for smart contracts, comprehensive code audits are required to achieve optimal security levels. During the audit process, the CertiK team provides information on vulnerability discovery, code optimization, and industry convention consultation, with a deepdive review of the blockchain infrastructure design, consensus algorithm, code implementation, and other critical modules.

Node Monitoring

Beyond aforementioned security offerings, CertiK also has a powerful Node Monitoring system to detect and react to real-time cyber attacks and data breach issues. Such rigorous threat intelligence helps chain users, exchanges, and developers take control of system operating conditions and address security concerns before they become major issues.

The CertiK Node Monitoring System can be adopted by any blockchain, providing security at the highest level. If any malicious/abnormal on-chain activities are discovered, CertiK sends out real-time alerts to help clients prevent foreseeable ill-intended activities and fix existing security loopholes to strengthen the system’s overall health.

There are many partnership opportunities between OKChain’s original “OpenDEX” concept and CertiK’s Node Monitoring system. According to the OKChain team, the “OpenDEX” concept revolutionizes the “proposal system” of traditional public chains and pioneers a high degree of openness and thorough decentralization, giving all participating nodes equal status and rights.

The CertiK team will work closely with the OKChain team to solidify the security framework of the decentralized platform, enabling OpenDEX to realize more innovative use-cases in a trustworthy environment.

The Partnership Between OKChain and CertiK Chain

In Q1 2020, the CertiK Foundation launched the CertiK Chain Full Testnet, developed by the CertiK team, along with the CertiK Block Explorer and DeepWallet web application. The Foundation will soon introduce incentive programs to facilitate on-chain activities and rewards to early participants & supporters.

CertiK joins the OKChain Commercial Chain Alliance to provide innovative, security-enhanced features and services to inspire and nurture bolder use cases within the OKChain ecosystem, and to enable stronger synergies with other Alliance members as they realize the full potential of their own contributions to blockchain technology.

The CertiK Chain and OKChain have many shared design concepts and development plans which could illuminate future synergies. The CertiK Chain will add value to the OKChain Alliance in these unique perspectives:

1. Limitless Use Cases of Cross-Chain Technology

Similar to OKChain, CertiK Chain is based on the Tendermint-BFT consensus, aiming to build a borderless cross-chain ecosystem. The vision of CertiK Chain is to provide enterprise and individual users access to CertiK Chain’s security services — including voting, storaging, certifying — through cross-chain technology. The CertiK Chain will provide a unified security standard, with the intention of expanding these standards to the rest of the industry.

2. On-chain Security of Smart Contracts

Unlike traditional software development environments, blockchains don’t have permission controls or detection feedback on smart contacts, lacking the security needed.

Smart Contract security is an “off-chain” verification process with no information available on-chain. The CertiK Chain revolutionizes this convention by not only making chain security more than just a “property”, but also a semantic component of the CertiK Chain. This feature mimics a software development control system on the CertiK Chain, allowing developers to closely control smart contract security during the development stage. Additionally, this feature is fully compatible with CertiK Chain’s native programming language— DeepSEA, a language to write verified smart contracts, developed by CertiK team along with Yale University and Columbia University.

The Full Testnet version of the CertiK Chain helps users better control their on-chain smart contracts. Users will have the ability to choose to interact with certain verified smart contracts. For example, the smart contracts on the CertiK Chain adopt the Formal Verification certification as a proof to recognize and interact with each other. In an application with asset transfer features, transactions will execute automatically if the smart contract called has a Formal Verification proof. Otherwise, additional manual approval will be needed or presets/thresholds (if applicable) will be referred to further determine if the transaction should be executed.

In future versions of CertiK Chain, users will be able to leverage the CertiK Chain’s security features to protect their smart contracts running on other blockchains. Additionally, smart contracts written in DeepSEA will be able to enjoy moreadvanced functionalitieson the CertiK Chain, which cannot be achieved by Solidity smart contracts based on Ethereum.

3. Trustworthy Governance Model

DPoS governance is always a challenging topic in the blockchain industry. Since the number of Supernodes on a blockchain are finite, higher efficiency can only be achieved by compromising decentralization to a certain extent. OKChain applies separate governance mechanisms and instant confirmation based on DPoS consensus features, helping different blockchains realize the value and data transmission between multiple isomeric chains. CertiK Chain adopts a dual-governance model by adding a Security Certifier role, separating functionality from security to achieve a more balanced, practical, and extensible development environment trusted by developers.

4. End-to-End Public Chain Security

CertiK Chain applies a unique set of technologies to reconstruct a secure public chain system, including CertiKOS, the world’s first formally verified concurrent multicore operating system kernel; CertiK Virtual Machine (CVM), the virtual machine fully compatible with Ethereum programming language; and DeepSEA, a programming language that incorporates Formal Verification in semantics. These technologies are researched and developed by the CertiK team in partnership with Yale and Columbia University.

From the operating system to the built-in support of formally verifying smart contracts on-chain, the CertiK Foundation further enhances blockchain security by integrating DeepSEA onto the CertiK Chain. Developers are now able to develop and deploy DeepSEA smart contracts through DeepWallet in the CertiK Chain Full Testnet. In future DeepSEA versions, users will be able to earn rewards through incentive programs.

CertiK Chain is a public chain that dramatically improves blockchain security by using military-grade, enterprise technology to build a secure and trusted ecosystem from the ground up, allowing all applications built on top to focus on realizing use cases without compromising security.

The collaboration between CertiK Chain and OKChain will bring a more secure end-to-end ecosystem for all users to come.

Conclusion

OKChain selected alliance members that had five main components: a public blockchain, a wallet, an explorer, a PoS mining pool, and others. CertiK is one of the early strategic partners along with fellow alliance members Byton, Conflux, Ontology, and IrisNet.

According to the OKChain team:“Based on the cross-chain technology design, OKChain aims to promote the ecological implementation of complementary applications, realizing the interchange of value, users, use cases, applications and eventually building a comprehensive value-adding public chain alliance ecosystem.”As a security expert and major public chain partner within the ecosystem, CertiK envisions a borderless public chain ecosystem built on the unbreakable promise of security.