CertiK Audit, InterFi Audit, and KYC
CertiK Audit
CertiK is a pioneering blockchain cybersecurity start-up founded by Computer Science professors from Yale University and Columbia University. By applying the rigor of proprietary Formal Verification technology on smart contracts and blockchain protocols, CertiK has been able to secure over $4.39B in assets, including many of the world’s top blockchain projects.
Summary
This report has been prepared for Cure Token to discover issues and vulnerabilities in the source code of the Cure Token project as well as any contract dependencies that were not part of an officially recognized library. A comprehensive examination has been performed, utilizing Static Analysis and Manual Review techniques.
The auditing process pays special attention to the following considerations:
Testing the smart contracts against both common and uncommon attack vectors.
Assessing the codebase to ensure compliance with current best practices and industry standards.
Ensuring contract logic meets the specifications and intentions of the client.
Cross referencing contract structure and implementation against similar smart contracts produced by industry leaders.
Thorough line-by-line manual review of the entire codebase by industry experts.
The security assessment resulted in findings that ranged from critical to informational. We recommend addressing these findings to ensure a high level of security standards and industry practices. We suggest recommendations that could better serve the project from the security perspective:
Enhance general coding practices for better structures of source codes;
Add enough unit tests to cover the possible use cases;
Provide more comments per each function for readability, especially contracts that are verified in public;
Provide more transparency on privileged activities once the protocol is live.
View Certik Audit:
https://leaderboard.certik.io/projects/cure-token
Certik Audit ‘Major’ Findings Clarifications and Explanations:
CUR-01 – “Centralized Risk”:
The marketing wallet is currently owned by project owner Jacob Beckley, who is fully doxed. It is necessary to be owed to fuel the donations, which are the core concept of the project. A Multi-Sig wallet is planned with board managers and will be managed based on majority approval.
CUR-02 – “Key Metrics Can be Changed”:
The total taxation fee for CURE transactions is currently 8% and will never rise above the original 12%. The core team is fully doxxed with officially registered audit companies within the USA with legal accountability. The obvious solution would be to renounce the contract but that almost entirely negates the chances of getting listed on a major exchange platform, so this will be addressed later if it is still deemed an issue.
CUR-07 – “Logical Issue of Percentage Used to Buy Back Tokens:”
The buyback feature is activated and deactivated by the team as needed to stabilize price fluctuations. The limit is the same here, as the team can change as needed to help the price – using very high limit is effectively the same as disabling the buyback altogether.
CUR-10 – “Centralization Risk:” The contract is owned by project lead Jacob Beckley, who is fully doxxed and legally accountable through USA registration processes. Safe methods for ownership similar to those suggested in the audit are currently being discussed and implemented by way of a Multi-Sig wallet.
CUR-15 : “Centralized Risk in Charity Well Asset:” The charity wallet asset function is considered Major only due to the controlling ownership - the function is there to prevent the contract from accumulating too many funds on the buyback function – it enables the project to sweep the contracts and collect the funds unused by the buyback. This once again refers back to point 1 and 2, which is that Jacob Beckley is fully doxed and legally accountable.
InterFi Audit Summary
InterFi team has performed a line-by-line manual analysis and automated review of the smart contract. The smart contract was analyzed mainly for common smart contract vulnerabilities, exploits, and manipulation hacks. According to the smart contract audit:
CURE Token’s smart contract source code has LOW RISK SEVERITY.
CURE Token has successfully PASSED the smart contract audit.
CURE Token has successfully PASSED the team KYC verification with InterFi. Please visit our GitHub to access the KYC certificate.
LOW RISK SEVERITY
This level vulnerabilities can be ignored. They are code style violations, and informational statements in the code. They may not affect the smart contract execution
About InterFi Network
InterFi Network provides intelligent blockchain solutions. InterFi is developing an ecosystem that is seamless and responsive. Some of our services: Blockchain Security, Token Launchpad, NFT Marketplace, etc. InterFi’s mission is to interconnect multiple services like Blockchain Security, DeFi, Gaming, and Marketplace under one ecosystem that is seamless, multi-chain compatible, scalable, secure, fast, responsive, and easy-to-use.
InterFi is built by a decentralized team of UI experts, contributors, engineers, and enthusiasts from all over the world. Our team currently consists of 6+ core team members, and 10+ casual contributors. InterFi provides manual, static, and automatic smart contract analysis, to ensure that project is checked against known attacks and potential vulnerabilities.
To learn more, visit https://interfi.network
To view our audit portfolio, visit https://github.com/interfinetwork
To book an audit, message https://t.me/interfiaudits