Leading blockchain auditor CertiK has released its report into RioDeFi’s codebase. The Polkadot-focused decentralized finance project has captured the interest of early adopters of the blockchain network founded by Dr. Gavin Wood. Projects that build on Polkadot use the Substrate framework, RioDeFi included. The CertiK team is renowned for the quality of its pen testers and smart contract auditors, and they have emerged from studying Rio’s core components with positive news: funds are safu.
CertiK didn’t quite word it that way in their report, but the message is clear enough: RioDeFi’s mobile wallet, blockchain and bridge all pass muster. CertiK’s engineers reported:
"Regarding the implementation of the privileged functionality handling and secure design around the framework with proper parameterization, the codebase was found to respect the frameworks specifications and be in alignment with the intended functionality as modules."
In other words, RioDeFi has passed with flying colors. CertiK did dispense some advice on enhancing the documentation pertaining to Rio’s code, but that is more of an academic matter than a security issue.
Rio Embodies Polkadot’s Version of DeFi
Polkadot will be much more than simply another DeFi ecosystem: it’s equally suited to everything from gaming to hosting business applications. Given the interest in decentralized finance right now, though, it’s natural that this should form the first use case for Polkadot’s family of heterogeneous blockchains. RioDeFi’s framework includes a mobile wallet for sending and receiving a range of crypto assets; a bridge to support cross-chain transactions; and a public blockchain built on Substrate.
RioChain, as it’s known, already has a major project committed to utilizing it: MANTRA DAO, the staking and lending project that recently completed its token sale and whose OM token is already listed on BitMax and Bithumb. MANTRA DAO has ambitious plans that include creating its own stablecoin and enabling staking of assets from a number of different blockchains. These goals will be boosted by the news that CertiK has certified RioChain as good for public use.
The Ethical Hackers
If your blockchain platform is to be hacked, it’s best that it’s done by a company you’ve hired to perform the task. Enter CertiK, pioneers of an advanced formal verification system for checking smart contracts and blockchain components. The company boasts of having audited more than 220 projects and 118,000 lines of code. Manual testing, static analysis, and formal verification are among the techniques CertiK uses to put smart contracts through their paces.
In reviewing the RioDeFi mobile wallet, CertiK concluded:
"The codebase makes good use of the framework specifics and Rust’s best practices. CertiK’s team of engineers found only some minor exceptions, which were swiftly fixed by the team."