Nested successfully passes its second security audit with Certik
After publishing early in July its first security audit under the supervision of the cybersecurity reference PeckShield, Nested considered that its community was entitled to demand even more in terms of security and decided to also submit to a second complete analysis by the other well-known industry leader, Certik.
Once again, this thorough investigation has demonstrated the robustness of the Nested protocol, and the quality of its smart contract architecture that will soon allow you to dive completely — and safely — into a new financial universe.
Certik, the reference in terms of DeFi protocol audit
Initially founded in 2017 by leading computer science academics from Yale and Columbia Universities, Certik became fully operational in 2020 in the tumult of a 2019 famous for an unfortunate record of the amount of hacks in the crypto industry.
With the whole industry agreeing on the urgency to start developing a strong immune system, it was under the sponsorship of the giant Binance that the Certik platform was born.
An initial fundraising record of 40 million dollars later, Certik could immediately start working on a goal as ambitious as strategic for the sustainability of the industry: to ensure the security of crypto projects, through code audits, detection of potential vulnerabilities, but also live monitoring with the Skynet tool and proactive security with Shield Pools.
Thanks to hundreds of audited projects and 23,000 security vulnerabilities detected and rectified, Certik has now become one of the references in the security sector. Giants of the Decentralized Finance industry such as PancakeSwap, Aave, or 1Inch trust Certik to ensure that the fortress is well guarded and that the vault remains inaccessible to anyone who would be malicious.
Finally, a few days ago, Certik announced that it had raised an additional $24 million in Series B funding after having closed a $37 million Series A round the previous month, in which Tiger Globa, Coinbase Ventures, and Shunwei Capital participated.
The development team at Nested works hard every day with one fundamental requirement: to ensure that its users will be able to benefit from the platform’s innovative services, without the slightest concern about the security of their funds, and their data.
Because there’s no point in getting the keys to the brand new Lamborghini if you have the slightest doubt about the power of the brakes and the quality of the seat belts.
Certik security report on Nested
This report was made public on July 16, 2021 and was based as much on the technical audit of the protocols, the smart contracts and the Nested platform, as on the study of the commits of the Github project, as well as the one of the NST token.
This is also an occasion to remind that Nested will be a multi-chain project, evolving from its launch on Ethereum and the Binance Smart Chain, before exporting to other networks like Polygon. For more information on the architecture, the value proposition of Nested Finance and the NST token, you can go have a look at this article.
After its initial review, Certik did not detect any “Critical” or “Major” level vulnerabilities and reported 8 “Medium” and 4 “Minor” issues. 7 mentions for information purposes have been added.
As mentioned in the report, these various vulnerabilities are already resolved (or partially resolved).
The vulnerabilities whose resolution is still pending are mainly related to decentralization, have been made explicit in the technical and governance dialogue between Nested and Certik, and are being addressed as a matter of priority.
« During the Phase 1 of the project, we will use a three-party multi-signature wallet for all protocol operations. During Phase 2, control of the protocol will be handed over to decentralized governance. » Nested’s answer in the Certik security report
Still on this topic, Adrien Supizet, CTO of Nested explains:
« Following the recommendations sent by Certik, Nested has set up a number of measures and upgrades of the platform. All improvements and updates of the protocol will be done with the famous TimelockController library developed by Openzeppelin with a delay of one week. This will give time to the community to check all the changes before they are live. »
The official launch of Nested has never been so close. But while the team is eager to bring new financial services with incredible potential to everyone, nothing is and will be more important than ensuring that our community will evolve in the safest possible conditions on this new playing field. Projects that voluntarily undergo verification and auditing are moving in the right direction, those like Nested Finance that undergo the exercise twice are opening the door to future industry standards. An industry that is only waiting for you now.