Security Reviews: The First Building Block
At CertiK, audits are our bread and butter. Our team has been doing it for more than five years, combing through thousands of projects to identify vulnerabilities, flag them, propose remediations, and publish the findings. We use a combination of expert manual review and automated tools to ensure that when a project makes claims about its security, they’re verifiable. We can’t force projects to adopt the highest level of security measures, but we can (and do) shout out those that do and call out those that don’t.
Skynet’s Security Scores
Skynet serves as our in-house (but freely available to the public) security rating and insights platform. After we audit a project, it gets a Skynet Security Score. This is a careful calculation based on more than twenty different factors. Everyone can see the score, making it a transparent metric of how committed a project is to meaningful security measures. In an industry with over 10,000 platforms, being able to point to a simple security score helps a project get noticed.
Tailored Tips for Better Security
Getting a score is just the start. We also give projects specific suggestions on how they can boost their security, pointing out exactly where they can improve. Working your way up the leaderboard provides an incentive with a strongly positive externality: improved security for all users. It also fosters an environment in which security is given the consideration it deserves.
Spreading the Word
Our security scores get even more eyes on them thanks to partnerships with big names like CoinMarketCap, OKX, and CoinGecko. This means highly-ranked projects get to show off their commitment to security to an even wider audience, helping them stand out in a crowded market.
Beyond Audits: Building a Secure Web3 World
But there's more to security than just audits. We're all about creating a safer Web3 space, so we also offer things like:
Bug Bounty Programs: Here, we connect projects with skilled security experts who can find and fix vulnerabilities. Managing these programs, we make sure that the wider community of ethical hackers can contribute to a project’s security and get rewarded for it.
Team KYC: By verifying the real-world identities of team members, we help address the trust issues inherent in the crypto space’s (pseudo)anonymous nature. We keep personal details private while giving project founders who want to publicly demonstrate their commitment to their project the opportunity to do so.
Contract Verification: Users know that the code that's audited should be the code that's used. That's where our Contract Verification service comes in. It verifies that the smart contract code deployed on the blockchain is the same as the one we audited.
Diligence Insights: Looking to give your community a clearer view of your on-chain actions? Our Diligence Insights feature on Skynet lets projects do just that. By sharing data about on-chain activity, projects can strengthen their bond with the community, enhancing transparency and fostering greater engagement.
We’re committed to raising the standard of security and transparency in the Web3 world. If you're a builder, reach out today to learn how we can help you build secure, resilient, and highly-functional platforms that define the future of the onchain industry. We can help with auditing, penetration testing, improving your Skynet Security Score, KYC, contract verification, bug bounty programs, crypto compliance and risk management with SkyInsights, advisory, and more.
