Protect Your Project Today
Strengthen your project with the largest web3 security provider.
A CertiK security expert will review your request and follow up shortly.

CertiK Audits Terra’s New CosmWasm Smart Contract Solution

News ·Announcements ·
CertiK Audits Terra’s New CosmWasm Smart Contract Solution

CertiK is proud to announce another successful audit of Terra’s CosmWasm smart contract solution. The initial audit was completed in 2019.

Scope of Audit

Terra, one of the largest blockchain payment networks, is supported by a family of stablecoins which are pegged to the world's major currencies. The main goal of the CosmWasm solution is to provide functionality that allows smart contracts to interact with other smart contracts, and be deployed on different blockchain platforms. The solution is a WebAssembly smart contract system, and is based on the Cosmos SDK and Tendermint BFT consensus protocol.

Procedural Process

The CertiK team launched the audit by analyzing the specifications of the project and the key areas of interest, which includes reviewing the unit testing of the code and launching fuzzing against targets in the codebase.

After, the team passed the code through automated tooling and gathered all the output to manually review each one of the issues that were returned from the tooling. The main process of the audit was the manual review of the key areas of interest and was divided into 3 parts: the language-specific, SDK, and wasm examination of the codebase, and target in scope.

The team of expert engineers reviewed the codebase written in golang and rust for language-specific problems and proper use of the language itself. In parallel, they also examined the usage and proper implementation of the Cosmos SDK. Additionally, the wasm implementation and targets generated by the codebase in local testnet and latest testnet were also reviewed.

Learnings and Findings

For the moment contracts can be only written in ​Rust,​ but the Terra team has stated that more programming languages are currently being looked into for future integration.

CosmWasm takes advantage of the Actor model to communicate through messages, which has the advantage of a fully encapsulating state and removes classes of bugs such as the infamous solidity ​re-entrancy attack.​

Recommendations and Outcome

The recommendations expressed by the audit were mostly regarding the usage of pointers within the codebase. CertiK’s team of engineers found no major or critical issues related to the codebase, a few of which were minor and informational.

Overall, the audit has found that the Terra team has done a good job implementing the specifications of the project into code. The usage of language is of a very high standard with good code coverage on unit testing. The SDK specifics are also well-implemented concerning the requirements of the framework and the same applies to the Cosmos wasm implementation.

Finally, the audit did all the necessary recommendations to the Terra team, and issues were discussed and addressed.

About CertiK

CertiK is a technology-led blockchain security company founded by Computer Science professors from Yale University and Columbia University built to prove the security and correctness of smart contracts and blockchain protocols.

CertiK’s mission of every audit is to apply different approaches and detection methods, ranging from manual, static, and dynamic analysis to ensure that the project is checked against known attacks and potential vulnerabilities. CertiK leverages a team of seasoned engineers and security auditors to apply testing methodologies and verifications on the project, in turn creating a more secure and robust software system.

CertiK has serviced more than 100 clients with high quality auditing and consulting services, ranging from stablecoins such as Binance’s BGBP and Paxos Gold to decentralized oracles such as Band Protocol and Tellor.

Consult with one of our experts at [email protected]

Stay connected!

Website|Twitter|Linkedin|GitHub

Related Blogs

Technical Deep Dive | CertiK Helped Fix a DoS Vulnerability in Solana’s Big-Integer Modular Exponentiation
Technical Blogs ·Educational

Technical Deep Dive | CertiK Helped Fix a DoS Vulnerability in Solana’s Big-Integer Modular Exponentiation

This article takes an in-depth look at the importance of blockchain transaction fee models and their critical role in ensuring network security and efficient operation. By comparing the transaction fee models of Ethereum and Solana, it highlights how unsafe transaction pricing can introduce network security risks. The article especially focuses on a compute-unit (CU) accounting error in Solana’s big-integer modular exponentiation syscall discovered and reported by the CertiK team, which could lead to a potential remote DoS attack. It further analyzes Solana’s smart-contract pricing model, PoH-related timing mechanics, and parallel transaction processing, and reproduces the remote DoS process and cost via experiments on a private Solana cluster.

CertiK’s Path Forward: Advancing Trust, Transparency, and Web3 Infrastructure
News ·Announcements

CertiK’s Path Forward: Advancing Trust, Transparency, and Web3 Infrastructure

As conversations at the 2026 World Economic Forum at Davos-Klosters, Switzerland continue to influence how global leaders engage with emerging technologies, one message is becoming increasingly clear: Web3 is entering a new phase defined by institutional participation, regulatory engagement, and long-term infrastructure.

Binance Wallet Integrates CertiK’s Skynet Token Scan
News ·Announcements

Binance Wallet Integrates CertiK’s Skynet Token Scan

Binance Wallet is enhancing user security by integrating Skynet Token Scan, a powerful tool developed by CertiK’s security researchers. This new feature puts on-demand security intelligence directly into the hands of Binance Wallet users, empowering them to make safer, more informed decisions.