CertiK Logo
CertiK Logo
Products
Company
incident-response
Back to all stories
Blogs
Skynet Security Primitive #3: Governance
11/30/2021

Skynet is a scalable security solution that leverages automated technologies to check deployed smart contracts for vulnerabilities. There are six metrics – called Security Primitives – that Skynet uses to arrive at an overall security score, on a scale of 0-100.

Skynet Security Primitive #3: Governance

In this short series, we’re going to dive into each of these six primitives and take a look at the different areas they cover and data they provide. 

At the end of this series, you’ll better understand how Skynet stays ahead of the market to provide timely security insights. And you’ll gain knowledge of what to look out for when researching a project’s security, making your journey through the metaverse safer and more rewarding.

Primitive #1: Social Sentiment 

Primitive #2: On-Chain Monitoring

Governance

Governance is what puts the De in DeFi. 

Decentralized protocols have governance forums where users can propose, debate, and vote on ideas in an open, collaborative process. 

These ideas can be anything from minor cosmetic updates to the frontend, to new token listings or even major upheavals of the way the platform functions. All the power lies with the token holders, whose votes are backed by the proportion of governance tokens they hold.

Any protocol that is governed in such a way is a DAO – a Decentralized Autonomous Organization.

As you can imagine, when the power to make any and all decisions lies with a DAO, it’s important for investors to pay close attention to the votes and actions it undertakes (if they’re not getting directly involved themselves).

This is why Governance is the third of the six Security Primitives that make up Skynet’s Security Score.

So how does it work?

PancakeSwap’s Skynet Governance Module

Let’s break this down.

Along the top row, you’ll see Governance Score, Social Link Status, Token Listing, and Privileged Transactions in the Last 72 Hours.

The Governance Score is an overall rating of the platform’s decentralization and the health of its DAO. It’s made up of all of the following metrics.

Social Link Status checks whether the project’s website, Twitter page, and Telegram channel are online. As these are the main places where users can get real-time updates, it’s important that they maintain uptime.

Token Listing does a similar thing, checking CoinGecko, CoinMarketCap, and various exchanges to see if the token is listed and up to date. Delistings are not a good sign for the long-term strength of a project.

Privileged Transactions lists the number of – you guessed it – privileged transactions in the last 72 hours. A privileged transaction is one initiated by an address that has power to modify a platform’s smart contracts. A truly decentralized DeFi protocol should only be able to be updated or changed after its DAO has voted on and approved the changes.

Below this top row, you’ll find Privileged Addresses, Privileged Functions, and Recent Privileged Transactions.

The Privileged Addresses section lists all the addresses that have the power to initiate privileged transactions (as defined above). You can click on the address or contract to be taken to its listing on a block explorer – BSCScan in this case, since PancakeSwap runs on Binance Smart Chain.

Privileged Functions outlines the code functions that privileged addresses can invoke. In this case we’ve got burn, constructor, and mint. The burn function sends tokens to an address where they cannot be retrieved. The constructor function is called when initializing a contract. It sets the contract’s variables to the correct state. Mint creates new tokens, often for liquidity mining rewards.

And finally, we’ve got Recent Privileged Transactions. This is very similar to the section above it, but here we get a list of all privileged transactions, not just in the last 72 hours. It’s a great way to see how often a platform’s smart contracts are modified, by who, and for what purpose.


Governance is an important metric to look at when analyzing a project’s overall security. Smart contracts are immutable, except when there are privileged addresses that can make updates. It’s a platform’s governance that controls these privileged addresses, which is why Governance is one of the six Security Primitives that make up Skynet’s Security Score.