Citadel.one Undertakes A CertiK Audit To Enhance DAO Security

CertiK | Sept 9, 2021

Article's Poster

Citadel.one are on a mission to vastly improve the every day usage of crypto for investors. In line with the ethos of true decentralization, the Citadel team are transforming their platform into a DAO, complete with a governance token at its core.

In preparation for the move to DAO governance and operations, the team have pursued a CertiK Audit to ensure the security of the DAO, its participants, and the wider Citadel community. You can read the audit in full here.

Use-Case Profile

The Citadel DAO will enable its users to:

  • Make decisions about new networks and features, commission rate changes, and other financial settings
  • Take part in community-driven node ownership and profit share
  • Receive your share of admin fees from swaps, exchange & gateway, wrapped tokens
  • Determine grants for members, developers and third parties

In addition to this, it reflects the decentralized ethos of crypto at its core. Members of the DAO will be able to take part by holding XCT, the governance token of the Citadel.one DAO.

Code Review & Auditing Process

The audit was published on August 3rd, 2021. The methodology used was Static Analysis and Manual Review. 

The objective of the audit is to discover issues and vulnerabilities in the source code of the Citadel DAO project. 

A series of thorough security assessments have been carried out to help said project protect its users by finding and fixing known vulnerabilities that could cause unauthorized access, loss of funds, cascading failures, and/or other vulnerabilities. The auditing process focused on the following considerations:

  • Testing smart contract(s) against both common and uncommon attack vectors.
  • Assessing the codebase to ensure compliance with current best practices and industry standards.
  • Ensuring contract logic meets the specifications and intentions of the client.
  • Cross-referencing contract structure and implementation against similar smart contracts produced by industry leaders.
  • Through a line-by-line manual review of the entire codebase.

Twenty one (21) findings were identified and presented in the vulnerability summary, of which seven (7) were of informational nature, four (4) were minor, one (1) was medium, and ten (10) were major. No critical issues were found during the auditing process, and the Citadel One team acknowledged or resolved all findings highlighted by the CertiK Professional Services team.

About Citadel.one

Citadel.one is on a mission to create a painless way to deal with crypto every day. With a focus on UI/UX, the team has launched a successful mobile application, analytical dashboard, and a DAO. Users can stake, send, and exchange their crypto assets with a user-friendly non-custodial platform with multiple blockchain integrations.

Launched in mid-July'20, Citadel.one has grown into a mature platform with an extensive feature set and a loyal user base. Now, they’re moving toward a more decentralised form of operations. Citadel.one will be transformed into a DAO with an XCT governance token. 

About CertiK

CertiK is an edge-standards cybersecurity firm founded by Computer Science professors hailing from Yale and Columbia University respectively, aiming to improve the security and correctness of smart contracts and blockchain protocols on a global scale.

Leveraging a seasoned team of multi-skilled engineers and security auditors, CertiK’s mission is to apply a plethora of high-level industry practices, covering the entire spectrum of static, manual, and dynamic analyses, in order to ensure each project subject to a formal audit is up-to-date with modern security standards while offering their services to the broader DLT community.

Consult with one of our experts at bd@certik.io

Stay connected!