What is a smart contract audit and why should you care?
The Studyum team has had a hectic month as we’ve been running several projects in parallel. Behind the scenes of our IDO pre-sale fundraise, our technical team invited Certik, a leading blockchain security consultancy, to implement a security audit. The project was a comprehensive examination of our Stud Token smart contracts to review standard compliance and fund security. So why does it matter?
The Stud Token smart contract
There’s no doubt about it; blockchain will change the world, and we intend to be a part of that revolution. However, the prospect of hacks is something that all blockchain applications must take seriously from the very beginning. Is blockchain secure? Well, yes, but then it’s not quite as simple as that.
Major cryptocurrencies like Bitcoin and Ethereum are safe because they are powered and secured by numerous validators. However, just because blockchains are protected, one should never assume that the applications running on them are. A secure blockchain does not equal a secure blockchain application.
Such applications interact with the blockchain through smart contracts. For example, Studyum has an ERC20 token that acts as a utility token executed as a smart contract on the Ethereum network. As with any software, inferior code can lead to vulnerabilities in security. Since blockchain applications (including ours) regularly control financial assets, from our perspective, developing a technical strategy to remove any vulnerabilities is a no-brainer.
The best way to ensure high-grade security is through a detailed audit of the smart contracts by independent and proven experts.
How a smart contract audit works
Smart contract security auditing analyzes and corrects code errors and security vulnerabilities in a blockchain application. A professional audit by a leading security auditing firm like Certik typically involves the following:
- Agree to specification
- Run tests
- Run automated symbolic execution tools
- Manual analysis of the code
- Generate a report
The Certik x Studyum audit report
We’re not going to dive into the exhaustive detail of this process here. Suffice to say that Certik independently applied multiple engineers to code review, with the results compared afterward to ensure the highest levels of diligence. After a battery of tests, automated analysis, and manual analysis, the auditing team shared a report with Studyum’s project team.
In their first audit of June 5th, Certik expressed concerns regarding some of our centralized operations. We immediately addressed this feedback by decentralizing the governance of the entire token to improve transparency and trust. Our second sprint phase of works enabled Certik to mark all issues as resolved.
Therefore, Studyum is Certik approved.
The trusted Stud token smart contract
Passing the Certik audit process with no significant findings (or issues) means the Stud Token smart contract has a high level of reliability and that our community members’ funds are safe and properly managed.
Unsurprisingly, we take our tech stack development very seriously. As Studyum grows, we will continually invest in best-in-class technical resources and solutions. That is a guarantee.
For anyone interested, you can review our Certik audit report here.
Written by Martin O'Toole