e-Money’s NGM Staking Token Code Review

CertiK | Jun 9, 2020

Article's Poster

e-Money is a leading issuer of interest-bearing, currency-backed tokens on blockchain that facilitates sub-second payments on a global scale.

Launched on the Cosmos Network, e-Money aims to provide equal access to transparent financial services on a global scale while greatly reducing costs by issuing tokens. Defining properties of these tokens include

  1. Interest Bearing
  2. Multi-currency
  3. Fully backed
  4. Transparent
  5. Protected

In its initial phases, e-Money will issue interest bearingEUR and CHF tokens as well as the Scandivian currencies. Unlike traditional tokens, interest is applied without the need to lock up funds, and follows the rate set by a central bank. All tokens are backed by government bonds and deposits held by the respective banks. In the long term, e-Money will support many global currencies to facilitate greater blockchain adoption.

Additionally, e-Money issues NGM tokens that are meant for staking and reward distribution purposes. A staked NGM token represents a proportional claim on all future staking rewards consisting of currency-backed tokens, meaning its value scales with the bank reserve. This ensures that the market value of the token is consistent with the value of its respective currency.

For more information on the e-money project, visit their homepage at https://e-money.com.

Audit Scope

CertiK was chosen to verify the soundness and utility of the e-Money blockchain, while ensuring that its logic meets the specification and intentions. In order to synthesize the full scope and validate the correctness, the team carefully examined each module in the e-Money stack by weighing its benefits against the complexity to begin.

The findings were compiled according to the functional categories:

  1. Prevention: hardening systems with guardrails to prevent incidents from happening in the first place
  2. Detection: identifying the presence of a vulnerability
  3. Response: proper responses to security incidents if/when they arise through system rollback/lockdown
  4. Monitoring: implementation of a perceptive transaction lifecycle monitoring cache to encourage prevention and detection

The team found e-Money’s model and Cosmos SDK implementation to be well designed and executed cleanly, demonstrating a good command over the relevant best practices.

Code Review Logistics and Results

CertiK’s mission of every audit is to apply different approaches and detection methods, ranging from manual, static, and dynamic analysis to ensure that the project is checked against known attacks and potential vulnerabilities. The engagement objectives included:

  1. Providing an estimate of the overall security posture of the system;
  2. Evaluating the difficulty of system compromise from an attacker;
  3. Identifying design-level risks to the security of the system;
  4. Identifying implementation flaws that illustrate systemic and extrinsic risks;
  5. Providing recommendations for best practices that could improve e-Money’s security post

After a thorough end to end analysis, e-Money’s implementation of NGM is structurally sound and follows all common industry standards. All issues that were found were addressed by the team and can be found under the following resources:

Remove one source of periodic integration test failure

Additional Audit Findings

Minor issues

“Given that the audit targeted both the architecture and codebase of the e-Money project (the theoretical model and its actual implementation), this audit gives us the ability to rate the project with a high degree of confidence.”

About CertiK

CertiK leads blockchain security by pioneering the use of cutting-edge Formal Verification technology on smart contracts and blockchains. Unlike traditional security audits, Formal Verification mathematically proves program correctness and hacker-resistance. CertiK was founded by Computer Science professors of Yale University and Columbia University, securing over $5B in assets, including many of the world’s top projects.

The research efforts of CertiK have received grants from IBM and the Ethereum Foundation, and notable investors include Binance Labs, Bitmain, Lightspeed Venture Partners, Matrix Partners, and NEO Global Capital, among others.

To request the audit/verification of your smart contracts, please email audit@certik.io or visit certik.io to submit the request.

Twitter:https://twitter.com/certik_io

Telegram:https://t.me/certikorg

LinkedIn:https://www.linkedin.com/company/certik