This blog is contributed by Certik
With the recent partnership between Binance Smart Chain (BSC) and CertiK, we are extremely excited to share how you can get your BSC smart contracts secured. This article specifically focuses on the integration of CertiK Security Oracle and QuickScan, which provides scoring as a guideline for security. Stay tuned for the Integration Guides of our other security offerings, including CertiKShield, which is a decentralized system for reimbursing your lost or stolen crypto.
CertiK QuickScan
What is it?
The best way to identify and fix security vulnerabilities is to take the time to conduct thorough, third-party audits. However, as the leading global security auditor in blockchain, we know that blockchain projects are often in a hurry, and they want security analysis immediately without delay.
The CertiK QuickScan uses automated scanning technologies to analyze a wide range of known security vulnerabilities at scale. This lightweight, yet powerful scanning system is backed by a combination of static and dynamic technologies, which produce security primitives to produce security scores:
- Whitelist Primitive
- Retrieves certificates issued on CertiK Chain, such as proof of audits
- Blacklist Primitive
- Retrieves real-time security intelligence monitoring systems
- Bytecode Analysis Primitive
- Uses static security analysis tools to detect errors in the bytecode when deployed on the BSC virtual machine
- Source Code Analysis Primitive
- Static security checks, including fuzzing and formal verification, to detect errors in the source code
As QuickScan evolves, more Security Primitives are being developed to continue to enhance the coverage for smart contracts.
Depending on the smart contract’s complexity, it may take around 5 – 15 minutes for each smart contract to complete a QuickScan. For reference, here’s a list of a few BSC smart contracts and their processing details.
Upon completion, each smart contract obtains a score, which is public and broadcasted through the Security Oracle network via CertiK-maintained oracle operators. A QuickScan score intends to serve as a rough risk indicator for a smart contract, with lower scores suggesting higher potential for hacks and malfunctions.
DISCLAIMER:
CertiK QuickScans are helpful tools for the space to quickly receive security information for smart contracts, but they should not be used to replace full security audits, which utilize additional technologies and manual expertise to analyze complex and critical vulnerabilities. For a full, customized audit from CertiK security experts, either visit the CertiK website or submit your request here. All projects with QuickScan scores will receive discounts on their full audit.
How do I get it?
To request a QuickScan, BSC projects must first fill out this form and our integration team will get back to you shortly to make sure we have all the required documentation.
At this current stage, endpoints are not yet publicly available, so a cached version of those endpoints are deployed on CertiK Chain as smart contracts, which are invocable to check for the most updated security scores.
CertiK Security Oracle
What is it?
CertiK Security Oracle is an invokable, real-time relayer of security insights, providing security scores ranging between 0 and 255. Security scores are generated and aggregated by a network of decentralized oracle operators using various security checking technologies. Check out this article to learn more about the Security Oracle.
How do I set it up?
For BSC smart contract developers, it is extremely easy to interact with our Security Oracle contract deployed on mainnet. Interfaces like `getSecurityScore(address contractAddress)` are all publicly viewable functions, free of charge.
Take a tour at our Security Oracle GitHub repository, where source code and sample integration code are all listed for you to reference. In most cases, you could simply write the one-line `require()` statement to enjoy the benefits of real-time and on-chain security insights!
“`
require(SecurityOracle(_ctkAddr).getSecurityScore(addr) > 200, “revert due to high security risk!”);
“`
There may be some scenarios where BSC smart contract scores are unavailable because a QuickScan has not yet been requested or completed—our list of QuickScan’ed projects are growing every day, so keep checking! As blockchain is a decentralized effort, we’re also allowing people unrelated to the targeted smart contract to submit this form to give us a list of highly demanded projects.
As for interested developers in the community, we’re also providing grants of $BNB to grow our Security Oracle task ambassadors. Contact us for more information!
“`
INPUTFILE=”/home/ubuntu/task-scheduler/tasks.csv”
CCLI=”/opt/chain/certikcli”
addrlist=(`cat $INPUTFILE | tr -d ‘\r’`)
for ((i=1;;i++)); do
for addr in “${addrlist[@]}”; do
echo $(date)
$CCLI tx oracle create-task –contract $addr –function 0x00000000 –bounty 1000000uctk –from taskcreator –fees 5000uctk -y -b block
sleep 240
done
done
exit 0
“`
CertiKShield
What is it?
The CertiKShield system is an insurance-like protocol that enables users to purchase protection against the loss or theft of their digital assets. Any blockchain project may create a CertiKShield Pool, providing their users with the option to protect themselves against any unexpected losses or malfunctions. Additionally, blockchain projects will also be eligible to receive reimbursements if their own assets are irretrievably lost or stolen.
The funds of the CertiKShield Pool are filled by liquidity providers who stake their funds as collateral, in exchange for higher rewards.
In order to be eligible for the CertiKShield system, the project’s smart contracts must have Security Oracle scores publicly available. Contracts with higher scores will receive lower rates for protection, whereas riskier contracts, or those with lower scores, will be charged higher rates for protection.
How do I set it up?
You’ll first need to receive a Security Oracle score, so use these links to submit a request for a QuickScan or a full security audit.
Once you have a publicly viewable Security Score on our Explorer, our team will contact you to set the parameters of the CertiKShield, including your reimbursement limit and the ideal CertiKShield Pool size.
If you already have a Security Oracle score, request the creation of your CertiKShield Pool directly here!
Onboarding Workflow
We encourage all BSC projects to integrate with CertiK for an enhanced security environment. All interested BSC projects should follow the steps below, and our integration team will be in touch shortly:
- Send us your request by visiting https://certik.foundation or simply fill out this form;
- We will respond back quickly and create a shared communication channel to gather any additional technical information, such as contract source codes or testnet addresses;
- Your source codes will be lightly updated (just a few lines!) to integrate with the Security Oracle;
- Once the code is ready, we will conduct a QuickScan on all your contracts for security scores;
- Full audits are always recommended as many projects contain complicated business logic that require thorough review from security experts;
- Now you’ve made the necessary efforts to confidently launch!
- Once deployed to BSC mainnet, we will gather the contract addresses and showcase your project’ status on Featured Projects;
- Our CertiKShield insurance experts will then follow up with your team to discuss the coverage details based on indicators like current user traffic and amount of locked assets.
Where can I find the security information of other projects?
As one of the leading security firms in industry, we often get inquiries from the community asking about whether certain contracts have been audited. The goal of the Security Oracle is to make this information more accessible, and to further that goal, we’ve revamped our Explorer to show a detailed view of the security information, including:
- Audit Report History for users to read for themselves
- Security Oracle scores for a quick snapshot of the security level
- CertiKShield Pool details, such as how much protection is available for purchase and an estimate of how much liquidity providers are earning
At CertiK, our mission is to provide streamlined solutions and tackle security pain points with our proprietary technologies. Additionally, our caring team of security experts is always on standby.
Leverage the best of CertiK and Binance Smart Chain’s technologies and let’s #BUIDL!
Contact
If you’re interested in receiving a QuickScan or CertiKShield Pool for your BSC smart contract, submit a request here. You can reach the Binance Smart Chain team on the Binance Chain Developer Telegram Group and the CertiK team on www.certik.io or via bd@certik.org for your free 30-minute consultation.