The CertiK Professional Services Division regularly checks source code in order to identify any potential issues. The CertiK team has provided details regarding the scope of Idealogy’s audit and has also commented on some of the issues found while auditing the source code.
Ideaology is described as a “community-led” crowdfunding platform, which serves as a launchpad for blockchain or distributed ledger tech (DLT) startups. It aims to support various projects by providing a “productive” environment to grow and exchange unique ideas, locate and/or exchange the appropriate human resources, and let investors keep track of the progress of an initiative, along with its background before making investments directly into the actual platforms.
The initial review was carried out between February 6 and February 9, 2021, by the CertiK security engineers Alex Papageorgiou and Angelos Apostolidis.
This report shared by CertiK summarizes the key findings of CertiK Professional Services engineers during their code audit (as they pertain to Ideaology’s implementation of their native crowdfunding smart contract).
While the findings mostly refer to optimizations and Solidity coding standards, the Ideaology team is asked to “remediate the high severity exhibits (one major, two medium, and one minor issue) on the next version of their codebase.”
The extensive investigation of the smart contract in question included Static Analysis and Manual Review processes. The auditing mainly focused on the following:
- Testing smart contract against “common and uncommon attack vectors.”
- Assessing the codebase “to ensure compliance with current best practices and industry standards.”
- Ensuring contract logic “meets the specifications and intentions of the client.”
- Cross-referencing contract structure and implementation “against similar smart contracts produced by industry leaders.”
- A thorough “line-by-line manual review of the entire codebase.”
As noted by the CertiK team, there were a “total of sixteen (16) findings [that] were identified and presented in the vulnerability summary, of which the majority was of informational nature (12).”
Additionally, there were “one (1) minor, two (2) medium, and one (1) major issues [idenfitied] during the auditing process, and the Ideaology team swifted to alleviate all findings highlighted by the CertiK Professional Services team, pointing towards a well-written codebase by the team’s engineers.”
Yvan Nasr, Global Head of Professional Services, CertiK, remarked:
“Blockchain-powered crowdfunding operations such as the one offered by Ideaology, naturally have to deal with a plethora of Web3 users and their respective funds. Therefore, the health and security of the contracts responsible for the safety of these funds should be of high-quality and in accordance with modern industry standards. We’re happy to be the security partner of choice for Ideaology and we’re excited to see their commitment in securing their userbase.”