CertiK’s audit of ICON’s Python Implementation of the Service Engine

CertiK | Jul 9, 2020

Article's Poster

CertiK was excited to audit ICON’s Service Engine, utilized as a dependency of other projects. The goal of the audit was to review the Python implementation for its business model, study potential security vulnerabilities, its general design and architecture, and uncover bugs that could compromise the software in production.

What the Audit Entailed

A comprehensive examination was performed on the codebase using Manual Review, Static Analysis, and Dynamic Analysis:

  1. Manual Review: In depth review of security design and common practices
  2. Static Analysis: the process of debugging code without executing the program ensuring the code adheres to industry standards
  3. Dynamic Analysis: testing and evaluating the code in real-time to find errors in the program as it runs

Recommendations and Results

CertiK’s team of engineers states, “with regards to the codebase, the main recommendation we can make​ is to continue updating the codebase to match the latest major versions of Python and their respected standards,​ so that officially recognized libraries, as well as the team's custom codebase, deliver ​high code quality and security.​”

Additionally, the CertiK team of engineers advised ICON that all minor findings are carefully considered and assimilated in the codebase of the project to ensure that the highest code standard is achieved.

Min Kim, Co-Founder of the ICON Project, noted "We have known the Certik team for many years and continue to be impressed by their growth as the leading formal verification and auditing solution for the space and the strength of their team. We're excited to partner with them on our most recent audit and look forward to working with them again closely in the future."

About ICON

In 2018, ICON Foundation and CertiK formed a strategic partnership to enhance and grow our respective ecosystems. Today, we're excited to announce ICON's recent smart contract audit results.

Founded in 2017, the ICON Foundation leads the promotion and development of the ICON project, one of the largest open source blockchain software projects in the world and the largest blockchain project in Korea.

The project aims to build a decentralized network that allows digital organizations with different infrastructures to communicate and transact with one another without intermediaries.

About CertiK

CertiK leads blockchain security by pioneering the use of cutting-edge Formal Verification technology on smart contracts and blockchains. Unlike traditional security audits, Formal Verification mathematically proves program correctness and hacker-resistance. CertiK was founded by Computer Science professors of Yale University and Columbia University, securing billions in assets, including many of the world’s top projects.

The research efforts of CertiK have received grants from IBM and the Ethereum Foundation, and notable investors include Binance Labs, Bitmain, Lightspeed Venture Partners, Matrix Partners, and NEO Global Capital, among others.

To request an audit or verification of your smart contracts, please email us at audit@certik.org or visit certik.org

Follow us on social

Twitter: https://twitter.com/certik_io

LinkedIn: https://www.linkedin.com/company/certik