Skynet is a scalable security solution that leverages automated technologies to check deployed smart contracts for vulnerabilities. There are six metrics – called Security Primitives – that Skynet uses to arrive at an overall security score, on a scale of 0-100.
Skynet Security Primitive #5: Safety Analysis
CertiK | Dec 14, 2021
In this short series, we’re going to dive into each of these six primitives and take a look at the different areas they cover and data they provide.
At the end of this series, you’ll better understand how Skynet stays ahead of the market to provide timely security insights. And you’ll gain knowledge of what to look out for when researching a project’s security, making your journey through the metaverse safer and more rewarding.
Primitive #1: Social Sentiment
Primitive #2: On-Chain Monitoring
Primitive #3: Governance
Primitive #4: Market Analysis
The Skynet Safety Analysis primitive provides a comprehensive overview of the functioning of a project.
PancakeSwap’s Skynet Safety Analysis
Evaluations are broken down into six categories:
Let’s take a look at each of these categories.
Five different metrics go into a project’s security analysis.
Exploits & Incidents track a project’s history of exploited vulnerabilities. The highest scoring projects have never been exploited.
A project will score highly on the Bug Bounty metric if it has a well-promoted and lucrative bug bounty program.
An Established Reputation is a good sign for the overall trustworthiness of a project. A proven track record of taking security seriously will boost a project’s score.
The level of Decentralization refers to the number of special privileges held by the internal team. The fewer the better.
The Historical Audits section tracks a project’s code audits. Code should be audited every time it is deployed with new changes.
Active Usage follows the number of daily end users. The more users, the more adoption, and the greater implied importance of the project.
Well-established projects score highly on the Explorer Verification metric. Having source code and team wallets tagged and easily-identifiable on blockchain explorers such as Etherscan and BSCScan make it simple for users and analysts to track token flows and code updates.
High-scoring projects on the Active Maintenance module are updated at least weekly either on the protocol or community level.
High-scoring projects have Documentation hubs or whitepapers with detailed explanations of their technical stacks. How-to guides and FAQs make it easy for new users to get acquainted with the protocol.
Testnet Deployments show a commitment to security and thorough testing prior to mainnet deployment. Users, auditors, and other third-parties can familiarize themselves with the project on testnet and raise any issues that come up before real funds are deposited into the platform.
Source Code Quality is a general heuristic derived from the overall proportion of a project’s code that has been audited and reviewed. Utilizing third-party open-source libraries such as OpenZeppelin is one example of how established and reviewed dependencies can contribute to the overall quality of a project’s source code.
Major Exchange Listings are a vote of confidence from companies that have diligence teams and no wish to incur liability for unreputable projects. These listings also provide users and investors with deep orderbooks where they can trade the asset with minimal slippage.
Insurance & Protections help provide investors with peace of mind that they will be covered in the event of any loss due to vulnerabilities in the project.
Projects that score highly for transparency have public repositories of their Open Source code available on GitHub.
Accessible Identities are not always the norm in the anon-friendly DeFi world, but knowing who is behind a project can reassure users and investors that they have some recourse in the event of loss or hack.
* * * * *
These are the metrics that make up the overall Safety Analysis primitive. Social Sentiment, On-Chain Monitoring, Governance, Market Analysis, and the Security Oracle are the other five primitives that combine to form a project’s Skynet Security Score.
Keep an eye out for the sixth and final installment in this series, where we’ll take a look at the workings of the CertiK Security Oracle.