NEW YORK, 12/11/2020 - We’re excited to announce that CompliFi’s protocol has been successfully audited with CertiK. In more detail, a summary of the audit findings as documented by the CertiK Professional Services Division follows up.
CompliFi Protocol comprises a decentralized protocol for issuing several financial derivatives without counter-party risk and no default mechanism by design.
Combating drawbacks of traditional derivative platforms, such as losses from risks related to user positions’ arbitrary liquidations as well as network congestion, CompliFi takes a nuanced approach.
Instead of relying on the ability to extract more collateral from risk holders to ensure that the opposite side of the trade can be paid off in full, CompliFi constructs derivatives that are backed by a predetermined pool of collateral. There is no market risk involved, as this transaction is reversible.
Users can swap collateral for equal amounts of two ERC-20 tokens, whose sum is always adding up to a fixed quantity of collateral. At this point, there are two options:
- users can sell one of the two tokens at a secondary market
- users can wait until settlement to claim their final share of collateral
Additional features allowing the protocol to operate seamlessly include minimal governance, no margin calls or liquidations, and limited sensitivity to blockchain network congestion.
Code Review & Auditing Process
The initial review was conducted between October 14- November 5, by CertiK engineers Alex Papageorgiou and Sheraz Arshad.
A comprehensive examination has been performed, utilizing Static Analysis and Manual Review techniques. The auditing process focuses on the following considerations:
- Testing smart contracts against both common and uncommon attack vectors.
- Assessing the codebase to ensure compliance with current best practices and industry standards.
- Ensuring contract logic meets the specifications and intentions of the client.
- Cross-referencing contract structure and implementation against similar smart contracts produced by industry leaders.
- Through a line-by-line manual review of the entire codebase.
A total of 95 findings were reported on the vulnerability summary, the vast majority of which were informational (84), while only 3 medium and 8 minor issues were identified. Despite no critical and major issues were found, the CompliFi team alleviated all minor and medium issues, as well as most informational, pointing towards a well-written codebase by the team’s engineers.
You can review the full audit here.
“The complexity involved in risk management and collateral models is often subject to undermined vulnerabilities, hence CompliFi entrusted the integrity and security of its operations to CertiK Professional Services. We’re are excited to be the trusted security partner of choice for CompliFi” - Yvan Nasr, Global Head of Professional Services, CertiK
CompliFi (compli.fi) is a derivatives issuance protocol on Ethereum designed to entirely eliminate counterparty risk. It allows users to structure and issue a wide variety of tokenised risk products, tradable like any regular ERC20 token on third party protocols, while eliminating the need for collateral calls and liquidations.
CompliFi is dedicated to reaching the highest level of decentralisation, and has been designed from the outset to eschew all authority over user funds.
CertiK is an edge-standards cybersecurity firm founded by Computer Science professors hailing from Yale and Columbia University respectively, aiming to improve the security and correctness of smart contracts and blockchain protocols on a global scale.
Leveraging a seasoned team of multi-skilled engineers and security auditors, CertiK’s mission is to apply a plethora of high-level industry practices, covering the entire spectrum of static, manual, and dynamic analyses, in order to ensure each project subject to a formal audit is up-to-date with modern security standards while offering their services to the broader DLT community.
Over the past few years, CertiK has serviced more than 100 top-shelf blockchains, DeFi protocols, among other complex and/or custom smart contracts, including but not limited to Binance, Tera, Bancor, Shapeshift, and Blockstack.
Consult with one of our experts at email@example.com