CertiK Logo
CertiK Logo
Products
Company
incident-response
Back to all stories
Blogs
What Makes a Web3 Project Worth Trusting?
10/14/2022

The concept of trust in crypto is a nuanced topic. Trustlessness is one of the industry’s foundational doctrines. Trustlessness refers to the fact that decentralized systems have no single entity that users must trust for the system to function correctly. Instead, anyone can perform their own audit of the system by examining the rules that govern it and determining whether the system is following those rules. Don’t trust, verify, as the saying goes.

This is a noble goal. Transparent, decentralized systems have nowhere to hide; everything is out in the open. This is one of the core value propositions of blockchains. It’s interwoven with the nature of the technology: the whole point of blockchain networks is that they can function without trust. There’s no need to trust the word of anyone else when you can look at the facts and come to your own conclusions.

There’s just one problem. Most people do not have the technical expertise necessary to perform comprehensive audits of different blockchains and the projects built on top of them. So where does this leave us? Is the whole notion of trust and trustlessness a moot point?

Not quite. Projects can be verifiably trustless on the backend, they just need to find a way to communicate that to their non-technical community members. A big part of building trust with a community is transparency and a verifiable commitment to security.

There are a number of steps a Web3 project can take to demonstrate a real commitment to building trust with its community.

What Makes a Web3 Project Worth Trusting?

Step 1. KYC

KYC stands for Know Your Customer. KYC is most often required when signing up to a centralized exchange or platform, as these entities are subject to anti-money laundering (AML) laws. They need to know who they’re doing business with to ensure that they’re fully compliant with all relevant regulations.

But there’s another side of KYC. Projects can go through a KYC process to prove that they have nothing to hide. Since teams in Web3 can easily be anonymous, it’s difficult for a potential user of a platform to determine whether anyone involved in a new project has been involved in previous projects that were less than reputable.

CertiK’s KYC verification increases accountability and trust while reducing the risk of fraud and abuse. Projects that earn a KYC badge have demonstrated that they’re committed to their project and willing to stand behind it. This is a strong sign to their community that they are willing to earn trust through actions, not just words.

Betaswap.gg KYC Badge Betaswap.gg’s KYC Verification

Step 2. Code Auditing

After passing KYC verification, the next step is for a project to get its code audited. In Web3, a single line of code can secure hundreds of millions of dollars of value. It’s essential that this code is as secure as possible.

Code auditing involves the line-by-line inspection of a smart contract. At CertiK, we take a multifaceted approach to auditing to ensure the most comprehensive results possible. First, code goes through our AI-powered automated review process. This catches the most common bugs and vulnerabilities.

Auditing Flow

Next, our team of expert auditors manually review the code to pick up on anything the AI might have missed. Not all vulnerabilities have been identified and added to the library that the AI draws from, so adding human intelligence to the mix is the necessary next step.

The final step is formal verification. Formal verification is an advanced mathematical process that calculates all possible values for all variables in a contract, essentially forecasting and analyzing every state the contract could possibly take. With careful calibration from auditors who are experts in verifying smart contracts, this process provides the ultimate level of coverage.

Step 3. Skynet Trust Score

While KYC and code auditing are essential pre-deployment processes, a trustworthy project will adopt post-deplyoment measures to ensure that its platform functions safely in the adversarial environment of the blockchain.

Skynet is an on-chain monitoring tool that uses AI to continuously scan contract code using our ever-expanding database of bugs and vulnerabilities. Combined with active flash loan detection and DEX liquidity monitoring, Skynet makes it easy for project leaders to get detailed and instantaneous insights into the functioning of their platforms.

And users can take advantage of Skynet too. Web3 projects that have enabled Skynet will have their Skynet Trust Score displayed on their project’s entry on the Security Leaderbaord.

SHIB Skynet Trust Score SHIB's Skynet Trust Score

This provides current and prospective users with a quick and easy way to gauge a project’s overall security. For deeper insights, just scroll down the Leaderboard entry to read the audit report, overlay security tools onto the token’s price chart, and get detailed data on the project’s social sentiment.

Trust in Trustlessness

CertiK’s Security Suite makes it easy for projects to demonstrate their commitment to security and transparency, while making the results of these quantifiable processes freely available to all users. We realize that not everyone is a smart contract expert, which is why we’ve assembled a team of some of the best auditors in the world. It’s also why we make all the results of our audits free and easy to access. Raising the standard of security and transparency in Web3 is a team effort. Our tools make it easy for all users to analyze projects and make informed decisions about whether or not they’re trustworthy enough to invest in or interact with.