e-Money is a leading issuer of interest-bearing, currency-backed tokens on blockchain that facilitates sub-second payments on a global scale.
Launched on the Cosmos Network, e-Money aims to provide equal access to transparent financial services on a global scale while greatly reducing costs by issuing tokens. Defining properties of these tokens include
- Interest Bearing
- Fully backed
In its initial phases, e-Money will issue interest bearingEUR and CHF tokens as well as the Scandivian currencies. Unlike traditional tokens, interest is applied without the need to lock up funds, and follows the rate set by a central bank. All tokens are backed by government bonds and deposits held by the respective banks. In the long term, e-Money will support many global currencies to facilitate greater blockchain adoption.
Additionally, e-Money issues NGM tokens that are meant for staking and reward distribution purposes. A staked NGM token represents a proportional claim on all future staking rewards consisting of currency-backed tokens, meaning its value scales with the bank reserve. This ensures that the market value of the token is consistent with the value of its respective currency.
For more information on the e-money project, visit their homepage at https://e-money.com.
CertiK was chosen to verify the soundness and utility of the e-Money blockchain, while ensuring that its logic meets the specification and intentions. In order to synthesize the full scope and validate the correctness, the team carefully examined each module in the e-Money stack by weighing its benefits against the complexity to begin.
The findings were compiled according to the functional categories:
- Prevention: hardening systems with guardrails to prevent incidents from happening in the first place
- Detection: identifying the presence of a vulnerability
- Response: proper responses to security incidents if/when they arise through system rollback/lockdown
- Monitoring: implementation of a perceptive transaction lifecycle monitoring cache to encourage prevention and detection
The team found e-Money’s model and Cosmos SDK implementation to be well designed and executed cleanly, demonstrating a good command over the relevant best practices.
Code Review Logistics and Results
CertiK’s mission of every audit is to apply different approaches and detection methods, ranging from manual, static, and dynamic analysis to ensure that the project is checked against known attacks and potential vulnerabilities. The engagement objectives included:
- Providing an estimate of the overall security posture of the system;
- Evaluating the difficulty of system compromise from an attacker;
- Identifying design-level risks to the security of the system;
- Identifying implementation flaws that illustrate systemic and extrinsic risks;
- Providing recommendations for best practices that could improve e-Money’s security post
After a thorough end to end analysis, e-Money’s implementation of NGM is structurally sound and follows all common industry standards. All issues that were found were addressed by the team and can be found under the following resources:
“Given that the audit targeted both the architecture and codebase of the e-Money project (the theoretical model and its actual implementation), this audit gives us the ability to rate the project with a high degree of confidence.”
CertiK leads blockchain security by pioneering the use of cutting-edge Formal Verification technology on smart contracts and blockchains. Unlike traditional security audits, Formal Verification mathematically proves program correctness and hacker-resistance. CertiK was founded by Computer Science professors of Yale University and Columbia University, securing over $5B in assets, including many of the world’s top projects.
The research efforts of CertiK have received grants from IBM and the Ethereum Foundation, and notable investors include Binance Labs, Bitmain, Lightspeed Venture Partners, Matrix Partners, and NEO Global Capital, among others.
To request the audit/verification of your smart contracts, please email email@example.com or visit certik.io to submit the request.