Back to all stories
Case Study
Social Trading Platform Aluna Tightens Security With A CertiK Audit
Social Trading Platform Aluna Tightens Security With A CertiK Audit

NEW YORK, 08/03/2021 - We’re excited to announce that Aluna. Social’s codebase which contains the Aluna Token, the Aluna Rewards Pool, the Aluna Token Vesting, and the Aluna Boost Pools smart contracts were successfully audited by CertiK.

Use-Case Profile

Aluna is a gamified social trading ecosystem for the Web 3.0 world. ALN is the utility token at the heart of the Aluna ecosystem, and its core functions are to:

  • Bootstrap the community, ecosystem, utility and liquidity.
  • Fuel the incentive and gamification mechanisms on ALN-powered platforms.
  • Coordinate decentralized governance and reward the community of governors.

Aluna’s flagship product, Aluna.Social, is a gamified social trading terminal that rewards top traders and enables beginners to learn from and auto-copy the world's best traders. Traders earn ALN for being active and making meaningful contributions such as by sharing their trades and climbing the leaderboard.

Auditing the ALN codebase ensures the security and integrity of these smart contracts that power Aluna’s governance, incentive mechanisms, and liquidity mining. The audited ALN token smart contracts notably include:

  • Aluna Token Vesting contract which secures 85% of total ALN supply that is locked up and vested.
  • Aluna Boost Pools contract which powers the liquidity mining and yield farming campaigns and adopts Boost.Finance’s novel yield-boosting concept.
  • Aluna Rewards Pool contract which will enable fees to be added automatically to the treasury.

Code Review & Auditing Process

The initial review was conducted between September 7th and November 27th 2020, by CertiK security engineers Alex Papageorgiou, and Angelos Apostolidis.

The CertiK Professional Services team assigned to Aluna reviewed the code implementation for a variety of smart-contracts their respective functions, as well as their implementation in the codebase, effectively going through the most significant parts of it responsible for the core functionality of the system, as pointed out in the project’s statements.

A comprehensive examination will be performed, utilizing Static Analysis and Manual Review techniques. The auditing process focuses on the following considerations:

  • Testing smart contracts against both common and uncommon attack vectors.
  • Assessing the codebase to ensure compliance with current best practices and industry standards.
  • Ensuring contract logic meets the specifications and intentions of the client.
  • Cross-referencing contract structure and implementation against similar smart contracts produced by industry leaders.
  • Through a line-by-line manual review of the entire codebase.

A total of 43 findings were addressed on the vulnerability summary, the vast majority of which were informational (38), while only 3 minor and 2 medium issues were identified. No major or critical issues were found during the auditing process, and the Aluna Social team alleviated all issues highlighted by the CertiK Professional Services team, pointing towards a well-written codebase by the team’s engineers.

You can review the full audit here.

About Aluna

Aluna plans to expand their feature-set by integrating the Aluna Token in order to incentivize users to share their trades on the platform in exchange for rewards thus creating a positive feedback loop all of that while providing a social environment where traders can learn from each other in an attempt to create a profitable and collaborative community.

Aluna.Social is a gamified social trading terminal for managing multiple exchange accounts from one place. With a transparent social environment, top traders are rewarded monetary and reputationally, and beginner traders can learn from experts and automatically mirror trades. Aluna.Social is currently integrated with 5 exchanges, including BitMEX, Binance, Bitfinex, Bittrex and Poloniex, and has over 10,000 users.

About CertiK

CertiK is an edge-standards cybersecurity firm founded by Computer Science professors hailing from Yale and Columbia University respectively, aiming to improve the security and correctness of smart contracts and blockchain protocols on a global scale.

Leveraging a seasoned team of multi-skilled engineers and security auditors, CertiK’s mission is to apply a plethora of high-level industry practices, covering the entire spectrum of static, manual, and dynamic analyses, in order to ensure each project subject to a formal audit is up-to-date with modern security standards while offering their services to the broader DLT community.

Over the past few years, CertiK has serviced more than 100 top-shelf blockchains, DeFi protocols, among other complex and/or custom smart contracts, including but not limited to Binance, Tera, Bancor, Shapeshift, and Blockstack.

Consult with one of our experts at [email protected]

Stay connected!

Website| Twitter| Linkedin| GitHub| CertiK Shield