Back to all stories
Blogs
Case Study
HYCON's $HYC Token Audit
11/26/2019
HYCON's $HYC Token Audit

After Satoshi Nakamoto’s release of Bitcoin in 2008, different cryptocurrencies have been released on an almost-daily basis with one similar concept in mind: the underlying blockchain foundation.

With the introduction of the HYCON, Hyperconnected, coin, The Infinity Project aims to answer the problems:

  1. Given the current limitations of existing cryptocurrencies, what are the needs and wants of the market?
  2. What properties are necessary for a cryptocurrency to be adopted and integrated into the wider economy?

The overall vision for the Infinity Project is a flexible coin that meets market needs and provides a secure and seamless user-centric experience. A full node running on HYCON has access to a locally hosted web interface allowing for wallet operations, transactions, and blockchain exploration.

While researching and developing solutions, the Infinity team created HYCON, a fast and secure cryptocurrency that makes use of the SPECTRE protocol to enable high transaction speeds while still maintaining security. The SPECTRE protocol uses a DAG, a directed acyclic graph, to deploy a voting algorithm between pairs of blocks in order to specify their order.

(For example, Block X should be accepted before Block Y, and Block Y should be accepted before Block Z. The overall advantage of using SPECTRE over a typical blockchain structure allows nodes to publish blocks simultaneously without forking the chain.)

In addition, HYCON aims to build an asset, the $HYC token, that is fast, scalable, and secure. By solving the issue of interoperability between Ethereum and HYCON via Cross-Swap, $HYC can be stored through the HYCON Wallet (Pokiit), swapped with the mainnet, and even integrated with dApps.

etherscan-hycon

This gives users the freedom to access the token ecosystem and scalability of Ethereum with HYCON—ensuring a synergistic effect utilizing the mutual liquidity of HYCON and Ethereum.

In order to create the above mentioned strong foundation, HYCON chose to work with CertiK to compile a comprehensive security audit on the $HYC token.

CertiK’s Formal Verification Engine

CertiK’s smart label engine applied 100% Formal Verification coverage on the source code. Formal Verification is the highly specialized process that examines the entire code logic at-scale and mathematically ensures the program works only as it’s intended. To do that, Formal Verification thoroughly checks programs by calculating them against every possible value for all variables.

CertiK’s team of engineers also scanned the source code using proprietary static analysis tools and code review methodologies. Our team found no issues within the following vulnerabilities, among others:

  1. Reentrancy: When a malicious contract can call back into the calling contract before the first invocation of the function is finished.
  2. Delegate Call to Untrusted Callee: Calls into untrusted contracts, which is highly unsecure, and the target and arguments provided must be sanitized.
  3. Function Incorrectness: When function implementation does not meet the specification, leading to intentional or unintentional vulnerabilities.

After that end-to-end process, CertiK recommended HYCON to update their compiler to 5.10 from 5.0 to avoid low severity bugs such as:

  1. Signed Array Storage Copy: Assigning an array of signed integers to a storage array of different type can lead to data corruption in that array
  2. Dynamic Constructor Arguments Clipped: A contract's constructor that takes structs or arrays that contain dynamically-sized arrays reverts or decodes to invalid data.
  3. Uninitialized Function Pointer In Constructor: Calling uninitialized internal function pointers created in the constructor does not always revert and can cause unexpected behaviour.
  4. Incorrect Event Signature In Libraries: Contract types used in events in libraries cause an incorrect event signature hash.

The team is happy to announce that the $HYC token, issued by the Infinity Project, passes all of CertiK’s rigorous testing processes with a 99%. While the audit process paid special attention to assessing the codebase to ensure compliance with the current best practices and industry standards, the CertiK team is proud to help HYCON position themselves for wider blockchain and crypto adoption.

About CertiK

CertiK leads blockchain security by pioneering the use of cutting-edge Formal Verification technology on smart contracts and blockchains. Unlike traditional security audits, Formal Verification mathematically proves program correctness and hacker-resistance. CertiK was founded by Computer Science professors of Yale University and Columbia University, securing over $6.5B in assets, including many of the world’s top projects.

The research efforts of CertiK have received grants from IBM and the Ethereum Foundation, and notable investors include Binance Labs, Bitmain, Lightspeed Venture Partners, Matrix Partners, and NEO Global Capital, among others.

To request the audit/verification of your smart contracts, please email [email protected] or visit certik.io

Twitter: https://twitter.com/CertiKCommunity

Reddit: https://www.reddit.com/r/CertiKOrg/

Telegram: https://t.me/certikorg

LinkedIn: https://www.linkedin.com/company/certik