Cook Protocol Audits Native Token Smart Contract With CertiK

CertiK | Feb 19, 2021

Article's Poster

NEW YORK, 16/02/2021 - We’re happy to announce that Cook Finance had successfully audited their native ERC-20 token contract implementation with CertiK Professional Services Division. In this spotlight, we elaborate on the scope of the audit, as well as present some of the issues found during the auditing process.

Use-Case Profile

Cook Protocol is a completely decentralized cross-chain asset management platform built for ordinary investors and professional asset managers to unlock an entirely new universe of DeFi innovations.

Code Review & Auditing Process

The initial review was conducted between February 3d, 2021, and February 10th, 2021, by CertiK security engineers Angelos Apostolidis, and Minzhi He.

This report represents the results of CertiK's engagement with Cook Finance on their implementation of the Cook Token smart contract. Our findings mainly refer to optimizations and Solidity coding standards, hence the issues identified pose no threat to the contract deployment's safety.

A series of thorough security assessments were carried out, the goal of which is to help Cook in protecting their users by finding and fixing known vulnerabilities that could cause unauthorized access, loss of funds, cascading failures, and/or other vulnerabilities. Alongside each security finding, a recommendation on fixes and/or mitigation methods were provided to the team for alleviation.

The in-depth investigation of the smart contract in question included Static Analysis and Manual Review techniques. The auditing process focused on the following considerations:

  • Testing smart contract against both common and uncommon attack vectors.
  • Assessing the codebase to ensure compliance with current best practices and industry standards.
  • Ensuring contract logic meets the specifications and intentions of the client.
  • Cross-referencing contract structure and implementation against similar smart contracts produced by industry leaders.
  • Through a line-by-line manual review of the entire codebase.

Only seven (7) findings were identified and presented in the vulnerability summary, of which all were of informational nature. No major or critical issues were found during the auditing process, and the Cook team alleviated all findings highlighted by the CertiK Professional Services team, pointing towards a well-written codebase by the team’s engineers.

You can review the full audit here.

About Cook Protocol

Cook Protocol is a trustless, transparent and well-incentivized cross-chain asset management platform that allows investors and fund managers to manage their wealth through highly customized cross-chain investment portfolios. We provide investors with a wide variety of asset management services and fund managers with advanced trading tools and highly liquidized funds, giving these players access to leveraged diversification. We are setting out on the mission to bring finance to the masses and revolutionize the DeFi space by focusing on the 3 pillars of interoperability, useability and capital efficiency to maximize both returns and utility to investors and fund managers.

The founding team has very strong technical and business backgrounds, coming from top universities such as Stanford, UC Berkeley, Carnegie Mellon and world famous companies like Google, Youtube, Dropbox. The team has 40+ years of combined experience in software engineering and 10+ years of combined experiencein blockchain.

For any inquiry, please contact us at hello@cook.finance

Join our community:

Website| Telegram| Twitter| Reddit| Medium

About CertiK

CertiK is an edge-standards cybersecurity firm founded by Computer Science professors hailing from Yale and Columbia University respectively, aiming to improve the security and correctness of smart contracts and blockchain protocols on a global scale.

Leveraging a seasoned team of multi-skilled engineers and security auditors, CertiK’s mission is to apply a plethora of high-level industry practices, covering the entire spectrum of static, manual, and dynamic analyses, in order to ensure each project subject to a formal audit is up-to-date with modern security standards while offering their services to the broader DLT community.

Over the past few years, CertiK has serviced more than 100 top-shelf blockchains, DeFi protocols, among other complex and/or custom smart contracts, including but not limited to Binance, Tera, Bancor, Shapeshift, and Blockstack.

Consult with one of our experts at bd@certik.io

Stay connected!

Website| Twitter| Linkedin| GitHub| CertiK Shield