Back to all stories
Case Study
CertiK Audits PlotX Protocol To Ensure Integrity Of Token Smart Contracts
CertiK Audits PlotX Protocol To Ensure Integrity Of Token Smart Contracts

Use-Case Profile

PlotX is a non-custodial, decentralized prediction protocol that enables web3 users to predict the future price of crypto assets using prediction markets.

That is possible thanks to the innovative way in which PlotX uses an Automated Market Making algorithm - one that generates markets, settles markets and distributes rewards among the network’s users, all in an autonomous fashion.

Users get a consistent experience of making predictions on hourly, daily and weekly markets around the price of crypto assets like BTC, ETH, YFI etc. Furthermore, PlotX uses GovBlocks (also used in Nexus Mutual) for on-chain governance.

Code Review & Auditing Process

Among other aspects of the PlotX codebase, the CertiK Professional Services team was tasked with the examination of the native $PLOT token, as well as delicate smart-contracts related to Vesting and Staking operations.

Our PS team initiated the process by conducting a system-based analysis of the entire codebase. In addition, we followed our standardized procedure.

A comprehensive examination has been performed, utilizing Dynamic Analysis, Static Analysis, and Manual review techniques. The auditing process pays special attention to the following considerations:

  • Testing smart contractsagainst both common and uncommon attack vectors.
  • Assessing the codebase toensure compliancewith current best practices and industry standards.
  • Ensuring contractlogic meets the specificationsand intentions of the client.
  • Cross-referencingcontract structure and implementation against similar smart contracts produced by industry leaders.
  • Thoroughline-by-line manual reviewof the entire codebase.

Notable Recommendations

We were unable to identify any severely exposed attack vectors subject to exploitment while reviewing and testing the smart-contracts in question, as well as their response to a variety of potential scenarios.

Furthermore, we relayed our findings, and optimization advice to the PlotX team, and the full audited source code can be found here.

After mutual discussion, we concluded that the ideal choice is to skip on some minor recommendations as they are not substantial optimizations and would require changes across the whole codebase.

“This was the third and final audit of the PlotX Smart Contracts by CertiK Professional Services.

CertiK has been at the forefront of improving the security of smart contracts in the broader blockchain spectrum and we absolutely loved working with their Professional Services team.

PlotX Protocol and the $PLOT token are scheduled for launch on the Ethereum mainnet, and getting the security audits in time has been an important milestone.”

-Ish Goel, Co-founder of PlotX

About PlotX

PlotX is a non-custodial, decentralized prediction protocol that enables web3 users to predict the future of crypto assets using prediction markets.

Dubbed as the Uniswap of Prediction Markets, PlotX uses an Automated Market Making algorithm to create, settle markets and distribute rewards on the Ethereum Blockchain without any counterparty risk. Markets are focused on crypto-pairs like BTC, ETH, YFI etc and are automatically created in intervals of 1h, 1d and 1w.

Over 2400 unique addresses have made more than 10,000 predictions on PlotX since the launch of their alpha on kovan testnet.

Learn more by visiting the PlotX websiteor following them on Twitter, Telegram or Discord

About CertiK

CertiK is a technology-led blockchain security company founded by Computer Science professors from Yale University and Columbia University built to prove the security and correctness of smart contracts and blockchain protocols.

CertiK’s mission of every audit is to apply different approaches and detection methods, ranging from manual, static, and dynamic analysis to ensure that the project is checked against known attacks and potential vulnerabilities. CertiK leverages a team of seasoned engineers and security auditors to apply testing methodologies and verifications on the project, in turn creating a more secure and robust software system.

CertiK has serviced more than 100 clients with high quality auditing and consulting services, ranging from stablecoins such as Binance’s BGBP and Paxos Gold to decentralized oracles such as Band Protocol and Tellor.

Remember to follow us on the platforms below to stay up-to-date with our latest updates and announcements.

Consult with one of our experts at [email protected]

Stay connected!

Website|Twitter|Linkedin|GitHub|CertiK Shield