CertiK Works with Most Protocol to Audit MostERC20

CertiK | Aug 14, 2020

Article's Poster

What is Most?

Most Protocol brings algorithmic-stable tokens into the crypto world in a fully trustless manner. The protocol aims to build a mechanism to incentivize token holders to sell tokens when in high demand, and hold when over circulated. Key advantages includes:

  1. Price Resilient: the MOST token supply inflates when the price is below $1 and deflates the other way around, which aligns with the Quantity Theory of Money.
  2. Permissionless Money: No token sale, small team reservation, let MOST be a permissionless monetary system that nobody controls.
  3. Native Oracle: Most protocol utilizes native Uniswap price information as an oracle feed, thus is self-contained and autonomous.

CertiK and Most Protocol worked together to audit and verify the $MOST ERC20 token.

Goal of the Audit

The overall objective of the audit was to review the implementation and design of the Most ERC20 smart contracts. A comprehensive examination has been performed, utilizing the following techniques:

  1. Dynamic Analysis: testing and evaluating the code in real-time to find errors in the program as it runs
  2. Static Analysis: the process of debugging code without executing the program ensuring the code adheres to industry standards
  3. Manual Review: In depth review of security design and common practices from our team of security experts

CertiK Methods and Testing Summary

CertiK’s auditing process paid special attention to the following considerations:

  1. Testing the smart contracts against both common and uncommon attack vectors
  2. Assessing the codebase to ensure compliance with current best practices and industry standards
  3. Ensuring contract logic meets the specifications and intentions of the client
  4. Cross referencing contract structure and implementation against similar smart contracts produced by industry leaders
  5. Thorough line-by-line manual review of the entire codebase by industry experts

Recommendations

“With regards to the codebase, the main recommendation we can make is the expansion of the documentation to address the functionalities of the contracts from an external perspective rather than an on-code perspective. Additionally, we advise that all our findings are carefully considered and assimilated in the codebase of the project to ensure that the highest code standard is achieved,” stated by CertiK’s engineers.

Overall the codebase of the contracts should be refactored to assimilate the findings in the CertiK report, enforce linters and coding styles, as well as correct any spelling errors and mistakes that appear throughout the code.

While most of the issues CertiK pinpointed were of negligible importance, the development team behind Most was able to swiftly deal with the issues identified in the report. Throughout the audit, CertiK and Most maintained a direct communication channel to amend any issues found in the report.

About CertiK

CertiK is a technology-led blockchain security company founded by Computer Science professors from Yale University and Columbia University built to prove the security and correctness of smart contracts and blockchain protocols.

CertiK’s mission of every audit is to apply different approaches and detection methods, ranging from manual, static, and dynamic analysis to ensure that the project is checked against known attacks and potential vulnerabilities. CertiK leverages a team of seasoned engineers and security auditors to apply testing methodologies and verifications on the project, in turn creating a more secure and robust software system.

CertiK has serviced more than 100 clients with high quality auditing and consulting services, ranging from stablecoins such as Binance’s BGBP and Paxos Gold to decentralized oracles such as Band Protocol and Tellor.