Quiz Answer for Certik Quest

Skynet Rating

Web3 Security with Skynet

What feature of Skynet helps users assess the security of Web3 projects?
- Security Scores

Verified source code is one of the common security threats in Web3.
- False

Introduction to Account Abstraction
What is NOT a benefit of Account Abstraction?
- Allowing for transactions to be conducted fully anonymously

What is a real-world example where Ethereum’s account abstraction can be useful?
- All of the above

Operational Security

Non-blockchain components such as websites and software applications must be secured, as they can be targeted by hackers.
- True

What makes bug bounty programs beneficial for Web3 projects?
- They harness community expertise to identify bugs
----------------------------------------------------------------------------------

Team and Insider Risks

Why is it risky to invest in projects with anonymous teams?
- Lack of accountability and transparency

The CertiK KYC Badge means that CertiK ensures code safety.
- False
----------------------------------------------------------------------------------

Governance and Security in DAOs

Which issue is a common risk in DAO governance?
- Centralization risks in smart contract

Community approval is usually required before implementing changes to a DAO’s project model.
- True
----------------------------------------------------------------------------------

Code Security

What is the main purpose of conducting security audits on Web3 code?
- To identify and fix potential security vulnerabilities

A code repository’s regular updates and community involvement can be indicators of the team’s commitment to a project.
- True
----------------------------------------------------------------------------------

Governance and Security in DAO

Which issue is a common risk in DAO governance?
- Centralization risks in smart contract

Community approval is usually required before implementing changes to a DAO’s project model.
- True
--------------------------------------------------------------------------------—

Market-Related Risks

What is a risk associated with tokens being concentrated in few wallets?
- It increases the risk of market manipulation

Why is high trading activity viewed positively in token markets?
- It indicates strong interest and potential liquidity.
--------------------------------------------------------------------------------—

Community and Security Risks in Web3

Why is monitoring social media sentiment important for Web3 projects?
- Influences market stability and trust

Transparency decreases trust in the Web3 community and should be minimized.
- False
--------------------------------------------------------------------------------—

Web3 Security
Introduction to User Security

Why is user security particularly important in the world of crypto?
-Because crypto assets are often held in decentralized wallets with no central authority to help recover lost funds

What additional security measure is recommended beyond a strong password?
- Two-Factor Authentication (2FA)
----------------------------------------------------------------------------------

CertiK Ventures

Which is not part of CertiK Ventures’ current portfolio?
- Shiba Inu

What is CertiK Ventures’ Vision?
- Foster the growth of security-first projects
----------------------------------------------------------------------------------

Insights on Market Analytics

Which of the following metrics is NOT included in the Skynet Market Analytics section?
- Fully diluted market cap

Which of the following factors might contribute to a potential drop in the Market Category Score? (Select all that apply)
- High price volatility
- Whale movement
- Irregular trading volume

Skynet Security Score incorporates insights from Market Analytics.
- True
--------------------------------------------------------------------------------—

Operational Security via Website Scan

Which are the primary categories of Website Scan? (Select all that apply)
- Network Security
- DNS Health
- Application Security

Negative scan results could suggest a project’s lack of attention to security.
- True

Further assessment and improvement of website security can be achieved through?
- Penetration Testing
--------------------------------------------------------------------------------—

GitHub Monitoring for Better Code Security

Which of the following factors are considered by the GitHub Impact Indicator?
- All of the above

If a project has a long existing GitHub account, age > 8 years, that means the project is secure and actively maintained?
- False

Good looking Activity Heatmap means improved code security
- False - Introducing new code may also introduce bugs and vulnerabilities
----------------------------------------------------------------------------------

Governance Activity Monitoring

Which of the statements best describes the governance indicator mentioned?
- It reflects the level of governance activity in comparison to other Web3 projects by aggregating various signals

Projects with low governance activity indicators suggests lower risk compared to higher ones.
- False

Which of the following values is not conveyed by governance activity?
- Project's financial performance
----------------------------------------------------------------------------------

Skynet Rating

Insights on Token Holder Analysis
- False

Which of the following metrics is NOT included in the Skynet Token Holder Analytics section?
- Total Value Locked (TVL)

Which of the following factors might indicate the potential centralization risk of a project?
- High percentage on project owner holding
----------------------------------------------------------------------------------

Security Rating for Pre-Launch Projects

Which of the following categories is not included in the pre-launch project rating?
- Market Stability

Which of the Pre-Launch Stages represents the phase nearing a new market launch?
- Stage 2

Which of the following factors might boost the project’s pre-launch stage status closer to a new launch?
- All of the above
----------------------------------------------------------------------------------

RWA Security and Leaderboard

What is a critical step in ensuring the security of tokenized real-world assets?
- Conducting regular smart contract audits

True or False: Compliance with AML and KYC regulations is unnecessary for tokenized RWAs.
- False
--------------------------------------------------------------------------------—

Proof of Work versus Proof of Stake

Which consensus mechanism is used by Bitcoin?
- Proof of Work

Which is an advantage to using Proof of Stake?
- It saves massive amounts of energy

What is an advantage of using Proof of Work?
- It has a high bar of entry, making it hard for attackers to manipulate
----------------------------------------------------------------------------------

Security Score Impacts with OKX

What is the main purpose of integrating Skynet's Security Score with third-party platforms?
- To increase security awareness

Which feature is available for OKX Wallet users regarding Skynet's Security Score?
- Overall security score and subcategory scores
----------------------------------------------------------------------------------

Skynet Pulse - Real-Time Insights by Security Experts

How can users access the Skynet Pulse feature?
- By clicking on the heart icon at the top of the Skynet homepage

What information is provided next to each Pulse notification?
- The project’s security score and a link to their Skynet profile
----------------------------------------------------------------------------------

Apple Recognizes CertiK

How many times has Apple publicly thanked CertiK?
- 5

CVE #1 could have enabled hackers to do which of the following?
- Identify the structure of kernel memory

How did Apple address CVE #2?
- Improving buffer overflow protection

Web3 Security

Introduction to Wallet Security

What is the primary risk of using custodial wallets?
- If the custodial service experiences a security breach, hack, or service itself becomes inaccessible, you may lose access to your private keys.

What is a key practice for securing your wallet’s private keys?
- Storing them in a hardware wallet or encrypted offline location
-------------------------------------------------------------------

Best Practices for Wallet Security

What should you regularly do with your wallet to ensure security?
- All of the above

What should you always double-check before sending funds from your wallet?
- The recipient’s wallet address to ensure it’s correct
-------------------------------------------------------------------

Proof of Reserve

Proof of Reserve (PoR) guarantees against future changes and hacking risks.
- False

What is a limitation of Proof of Reserve?
- All of the above
-------------------------------------------------------------------

Recognizing Risk Signals on the Exchange

Why should you be cautious if someone you don't know approaches you on social media about using a specific exchange?
- They Might be recommending a scam or fraudulent scheme

What could frequent or prolonged withdrawal freezes on an exchange indicate?
- The exchange has liquidity problems or internal issues
-------------------------------------------------------------------

Important Exchange Security Features

What does ISO 27001 certification signify for a cryptocurrency exchange?
- The exchange has strong information security management systems

What is the benefit of choosing an exchange with both proper licensing and security certifications?
- It minimizes the risks associated with using a cryptocurrency exchange
-------------------------------------------------------------------

Web3 Security · Skynet Rating
Introduction to User Security

Why is user security particularly important in the world of crypto?
- Because crypto assets are often held in decentralized wallets with no central authority to help recover lost funds

What additional security measure is recommended beyond a strong password?
- Two-Factor Authentication (2FA)
-------------------------------------------------------------------

Web3 Security
Private Key Security

Why is it important to keep your private key secure?
- If someone gains access to your private key, they gain access to your crypto assets

What is a best practice for private key security?
- Store it offline, preferably in a hardware wallet
-------------------------------------------------------------------

Web3 Security
Private Key Security: Seed Phrases

What is a recommended strategy for backing up your seed phrase?
- Create a backup and store it in secure locations

What is the main risk of storing your seed phrase digitally (e.g., in cloud storage or email)?
- It can be hacked or accessed by unauthorized parties
-------------------------------------------------------------------

Web3 Security
Losses Related to Private Key Compromises

How much was lost due to private key compromises in 2023?
- Nearly $881 million across 47 incidents

Which of these exchanges did NOT experience a security incident related to a private key compromise?
- Binance
-------------------------------------------------------------------

Web3 Security
Website & dApp Security

A dApp is a centralized application that primarily runs on mobile devices.
- False

What might indicate that a dApp is potentially malicious or risky?
- The dApp has limited documentation and transparency
-----------------------------------------------------------------------------

Web3 Security
Stay Vigilant on Browser Plugins

Which of the following is NOT considered a good security practice when using plugins?
- Using plugins promoted by users on social platforms

How do scammers carry out plugin attacks?
- Mimicking legitimate projects with similar functionality
- Sending unsolicited messages on social platforms
- Exploiting or taking over third-party plugins

Web3 Security ·
Identifying and Avoiding Phishing Scams in X Replies

Which of the following statements are correct?
- Display names on X can be misused to impersonate official accounts
- Scammers may disguise themselves using Gold Check accounts on X

In the MANEKI incident, what deceptive methods did the scammer use to trick users?
- Same display name as the official account
- A very similar username
- Same account profile picture

Which of the following is NOT true about the End of Thread practice?
- Users could always trust messages prior to the End of Thread
------------------------------------------------------------------------------

Web3 Security
Identifying Malicious Activity on Websites & dApps

How can you protect yourself from phishing attacks related to crypto websites and dApps?
- Be cautious with emails and messages that ask for sensitive information, and always verify links and URLs before clicking

What might indicate that a website is a scam or fake?
- The URL has subtle differences from the legitimate site, like extra characters or misspellings
------------------------------------------------------------------------------

Web3 Security
Intro to Airdrop Scams

Legitimate airdrops require you to provide your private key.
- False - projects never ask for such information.

Which is a common red flag of an airdrop scam?
- Requires software downloads from unverified sources
- Come via unsolicited messages on social media
- Website domain does not match the official site
------------------------------------------------------------------------------

Web3 Security
Choosing a Secure Exchange

Which of the following are key factors to consider when choosing a secure crypto exchange?
- All of the above

Choosing an exchange with both licensing and security certifications minimizes the risks associated with using a cryptocurrency exchange.
- True
------------------------------------------------------------------------------

Web3 Security ·
Common Web3 Phishing Methods

To prevent wallet phishing attacks, verify the data and understand the transaction before signing.
- True

You should always sign airdrops, even if the project team is unresponsive.
- False
------------------------------------------------------------------------------

Web3 Security
Importance of Bug Bounty Programs in Web3

Bug bounty programs in Web3 can offer rewards in the form of tokens and cash.
- True

What is a key benefit of bug bounty programs for Web3 projects?
- Use open source expertise for security

Which projects have published their bug bounty programs on Skynet?
- Massa
- Wemix
- Tonstakers
- Edu3Labs
------------------------------------------------------------------------------

Web3 Security
Evaluating Cryptocurrency News Sources

Community sources are inherently more trustworthy than those from professional sources.
- True

What should you check to evaluate the reliability of a news source?
- The author's credentials
- The publication's reputation
- Citations and references
- Consistency with other reliable sources
------------------------------------------------------------------------------

Web3 Security
Intro to Crypto Drainers

A crypto drainer can access your wallet through:
- All of the above

True or False: To protect against crypto drainers, it is recommended to use hardware wallets.
- True
------------------------------------------------------------------------------

Web3 Security
SIM Swap Attacks

How can an attacker obtain your personal information? (Select all that apply)
- Searching the dark web to find your previously leaked information.
- Browsing through your public social media accounts.

What is a common method to protect against SIM swap attacks?
- Use authentication apps like Okta or Authy.
------------------------------------------------------------------------------

Web3 Security
Protecting Yourself from Discord Scams

What tactic do scammers often use on Discord to exploit NFT investors?
- Posting fake offers for free mints or airdrops to exploit FOMO (Fear Of Missing Out)

What should you do if you suspect your Discord account has been compromised?
- Reset your password as soon as possible and ensure 2FA is enabled
------------------------------------------------------------------------------

Web3 Security
Hackers Infiltrating Crypto Job Boards

What is the annual revenue generated from fake hiring schemes?
- $600 million

How many North Koreans are directed to infiltrate the tech industry according to the UN?
- 4,000

What is one red flag during video interviews that can indicate a fake applicant?
- Refusing to turn on the camera
------------------------------------------------------------------------------

Web3 Security
Setting Up a Security War Room

What type of communication platforms should be used for a war room?
- Secure messaging apps

Why are drills and simulations important for a security war room?
- They identify weaknesses and improve team coordination

What should be included in a post-mortem analysis?
- All of the above
------------------------------------------------------------------------------

Web3 Security
Understanding and Preventing Sybil Attacks

What is a Sybil attack?
- An attack where one person creates multiple identities to take over a network.

What can a successful Sybil attack lead to in a blockchain network?
- All of the above.

How do consensus algorithms help defend against Sybil attacks?
- By making it impractical and costly for attackers to succeed.

Web3 Security
What Is a Keylogger?

How can you prevent hardware keyloggers?
- Regularly check USB ports for unfamiliar devices

What is a common use of software keyloggers by cybercriminals?
- Stealing sensitive information

Web3 Security
How to Create and Maintain Secure Passwords

Why should you avoid reusing passwords?
- To prevent hackers from accessing multiple accounts

What makes a password complex?
- A mix of upper and lower case letters, numbers, and special characters

How often should you change your passwords?
- Regularly to prevent expired passwords from being useful to hackers

Web3 Security
Cold Wallets

When should you consider using a cold wallet?
- Storing your crypto assets offline for safe and long-term storage

What are the different types of cold wallets?
- Paper Wallet
- Hardware Wallet
- Offline Software Wallet

What should you do when purchasing a hardware wallet?
- Always purchase a wallet directly from the manufacturer
- Check on hardware wallet's security features

CertiK Blog

HACK3D Part 1: Top Incident Analyses

Which of the following is NOT listed as a top incident type in Q1 2024?
- Network Congestion

What was the eventual outcome of the attack on Munchables?
- The stolen assets were returned to the Munchables team

What event occurred shortly before the BitForex exit scam, raising suspicions of fraudulent activities?
- The CEO's resignation
------------------------------------------------------------

CertiK Blog
HACK3D Part 2: Private Key Compromise

What was the total loss attributed to private key compromises in Q1 2024?
- $239 million

Who suffered a loss of $112 million due to the compromise of personal private keys in Q1 2024?
- Chris Larsen

Storing all multisignature keys within the same BitWarden account is a secure practice.
- False
------------------------------------------------------------

CertiK Blog
HACK3D Part 3: Rounding Issue Exploits

What is the primary target of the Rounding Issue Exploit?
- Newly-deployed lending pools

What was the outcome of the flaw exploited in the Kyberswap incident?
- Drainage of funds

Solidity's computational libraries are designed for high-precision mathematical operations, minimizing the risk of rounding errors.
- False
------------------------------------------------------------

CertiK Blog
Build trust and integrity in project teams with KYC

Why is KYC important for Web3 projects?
- It helps users trust the team behind a project

What does a CertiK KYC badge signify?
- The project team has undergone a thorough identity verification process

How does CertiK's KYC service protect against insider threats?
- By conducting rigorous identity checks on core team members
------------------------------------------------------------

CertiK Blog
KYC Actors are Ramping Up Their Game

What is a key observation by CertiK regarding KYC fraud?
- Fraudsters are hiring professional actors to circumvent due diligence

What is CertiK's KYC Badge designed to do?
- Verify development teams and prevent fraud

Why do KYC actors target traditional banks?
- To open bank accounts and store illicit funds
------------------------------------------------------------

CertiK Blog
Unveiling the KYC Actor Industry

What insight did CertiK gain from a KYC actor?
- Passing regular verifications is easy

What is the primary purpose of employing KYC actors according to CertiK's findings?
- To steal funds from investors

What is essential for due diligence in Web3 start-ups according to CertiK?
- Thorough background investigation by professional investigators
------------------------------------------------------------

CertiK Blog
Best Tools for Tracking Top Crypto Wallets

Which wallet tracking tool supports creating custom dashboards with personalized wallet insights?
- Dune Analytics

Wallet tracking tools offer specific trading directions to make users money.
- False

What does wallet tracking help with?
- Monitoring crypto market trends
------------------------------------------------------------

CertiK Blog
How CertiK Does KYC

CertiK's KYC Badge process includes a video interview and identity verification to assess the background of key team members
- True

What are the main steps in CertiK's KYC verification process?
- Video Call, ID Check, Review & Award

The CertiK KYC Badge means that CertiK ensures code safety.
- False
------------------------------------------------------------

CertiK Blog
Trap Phishing on Trusted Platforms

What are phishers trying to obtain from users in Web3 phishing scams?
- Crypto wallet private keys and mnemonic phrases

Phishing malware can steal private keys by asking users to download and run a fake game client.
- True
------------------------------------------------------------

CertiK Blog
Different Mechanisms for Honeypot Scams

What is a common red flag that a token may be a honeypot scam?
- An all-green chart with no sells

The blacklist mechanism in honeypot scams adds buyers to a whitelist, enabling them to sell their tokens freely.
- False
------------------------------------------------------------

CertiK Blog
Introduction to Formal Verification

Formal verification is a mathematical approach that helps identify vulnerabilities not found through conventional testing or code reviews.
- True

What does the specification language BISSOL help with in the formal verification process?
- Defining properties of contracts to be verified
------------------------------------------------------------

CertiK Blog
How Exit Scammers Mint Tokens Undetected

What do exit scammers use to mint additional tokens without triggering a Transfer event?
- Bypassing the totalSupply metric

Locked liquidity pool tokens create a false sense of security for investors during a rug pull scam.
- True
------------------------------------------------------------

CertiK Blog
Introduction of Diamond Agency Contract

Facets in diamond proxy contracts are smaller contracts that implement specific features and are managed by a central diamond proxy.
- True

Why should the initialize function be protected in diamond proxies?
- To prevent unauthorized access to privileged roles
------------------------------------------------------------

CertiK Blog
Recognizing the Misuse of CertiK's Brand

What should you do if you're approached by someone claiming to represent CertiK but you doubt their legitimacy?
- Verify their credentials using CertiK’s Employee Verification tool

Fake recovery services often target individuals who have already suffered financial losses, promising to recover funds but demanding upfront fees.
- True
------------------------------------------------------------

CertiK Blog
Top Compliance Risks in Crypto

Which compliance risk involves using blockchain transactions for illegal activities like money laundering or terrorism financing?
- Exposure to illicit activities

CertiK’s SkyInsights analyzes transaction fees and doesn’t help companies comply with global regulations.
- False

How does SkyInsights help companies comply with global crypto regulations?
- By maintaining a repository of global regulations
------------------------------------------------------------

CertiK Blog
Hedgey Finance Event Analysis

The Hedgey Finance exploit was due to a missing line of code that failed to revoke campaign approvals after cancellations, allowing unauthorized token transfers.
- True

How much was initially stolen in the Hedgey Finance exploit?
- $2 million
------------------------------------------------------------

CertiK Blog

Bot-Driven Wash Trading in Exit Scams
- True

Which platform do scammers use to distribute tokens among multiple addresses? (Select all that apply)
- Disperse.app
- CoinTool

What might trigger social bots to broadcast posts on scammer tokens? (Select all that apply)
- Increased liquidity
- High trading volumes
- Rising market up
------------------------------------------------------------

CertiK Blog
Sonne Finance Incident Analysis

True or False: The precision loss vulnerability in CompoundV2 forks was first discovered in April 2023
- True

What was the total amount lost in the Sonne Finance exploit?
- $20 Million
------------------------------------------------------------

CertiK Blog
Advanced Formal Verification of ZK Proofs

Which of the following best describes a Zero Knowledge Proof (ZKP)?
- A way to verify the correctness of a computation without revealing its details.

True or False: The Load8 data injection bug in zkWasm is caused by improper tracking of call and return instructions, allowing hackers to inject fake returns and manipulate the execution sequence.
- False
------------------------------------------------------------

CertiK Blog
How AI is Transforming KYC for Crypto Project Teams

What is a primary benefit of using AI in identity verification for KYC processes?
- Increased precision and speed in verifying identities

CertiK uses AI to enhance its background check process for its CertiK KYC badge.
- True
------------------------------------------------------------

CertiK Blog
Understanding the Impact of FIT21 on Crypto Compliance

FIT21 distinguishes between digital assets considered as securities, commodities, and other forms of digital property.
- True

What is one of the key goals of FIT21 for the U.S. blockchain and cryptocurrency sectors?
- To foster innovation and growth
------------------------------------------------------------

CertiK Blog ·
SkyKnight

What is the primary purpose of SkyKnight?
- To offer a fast and detailed security assessment tool for memecoins

What are the key features of SkyKnight?
- Deep analysis of smart contract code and comprehensive reporting

Who can benefit from using SkyKnight?
- Investors and developers
------------------------------------------------------------

CertiK Blog ·
SkyInsights: Crypto Compliance

What is the primary objective of SkyInsights for Crypto AML and Compliance?
- To identify and analyze suspicious activities in cryptocurrency transactions

Which regulatory body in the USA registers all Money Services Businesses dealing in Convertible Virtual Currency?
- FinCEN

Which of the following are key features of SkyInsights? (Select all that apply)
- Entity Labeling & Categorization
- Asset Movement Tracing and Logging
- Customizable Case Management & Audit Trails
------------------------------------------------------------

CertiK Blog
OKX and CertiK Fast Pass Program

What role does CertiK play in the Fast Pass Program?
- Providing rigorous security audits for projects

How can users benefit from the Fast Pass Program?
- By receiving regular updates and detailed security reports
------------------------------------------------------------

CertiK Blog
Normie Incident Analysis

What measure could likely have prevented NORMIE’s security incident?
- A Smart Contract Audit

What was the initial vulnerability in the NORMIE contract?
- Allowing any address receiving a specific number of tokens to become a premarket_user
------------------------------------------------------------

CertiK Blog
Basics of Hackathons

Hackathons are places where white hat hackers receive rewards from bug counties
- False

Competitive hackathons usually competitions between:
- Small Teams
------------------------------------------------------------

CertiK Blog ·
Hack3d Report Q2 H1 2024 - Part 1: Overview and Key Highlights

Which type of attack was the most costly in Q2 2024?
- Phising

What was the total financial loss due to security incidents in H1 2024?
- $1.19 billion
------------------------------------------------------------

CertiK Blog ·
Hack3d Report Q2 H1 2024 - Part 2: Insights and Future Security Enhancements

What critical lesson was learned from the phishing attacks on DMM Bitcoin and 0x1e22?
- The need for user education and enhanced verification processes

What is a crucial step to prevent address poisoning attacks?
- Meticulously verifying wallet addresses before transactions
------------------------------------------------------------

CertiK Blog
The Memecoin Markets of Springfield

Newly launched coins without any prior history/backing is susceptible to rugpulling.
- True

As an inexperienced cryptotrader, you should trade heavily in newly launched coins as it consistently returns a profit.
- False

Which address acted as the central fund collection hub for the rugpullers?
- Chief Wiggum
------------------------------------------------------------

CertiK Blog
Ordinals and the BRC-20 Standard

What is the BRC-20 token standard primarily used for on the Bitcoin network?
- Token creation and transfer

The BRC-20 token standard relies on JSON file inscriptions for its operations.
- True
------------------------------------------------------------

CertiK Blog ·
Top Performing Cryptocurrencies of H1 2024

What was the purpose of the merger between SingularityNET, Fetch.ai, and Ocean Protocol?
- To form a decentralized AI alliance

Which token saw significant growth due to the launch of the TokenFi platform?
- FLOKI
------------------------------------------------------------
CertiK Blog
WazirX Hack Incident Analysis

How did attackers exploit WazirX?
- Compromised private key in a multisig wallet

What was WazirX's immediate response to the hack?
- Paused all trading and withdrawals

How much is WazirX offering as a bounty for the recovery of stolen funds?
- 10% of the total amount

------------------------------------------------------------
CertiK Blog ·
CertiK's Journey to Samsung's Security Hall of Fame

What did CertiK's Skyfall team achieve in 2023?
- Secured a top five place in Samsung's Mobile Security Hall of Fame

How many vulnerabilities did Skyfall discover in the Samsung Blockchain Keystore?
- Seven

What types of vulnerabilities were found in the Samsung Blockchain Keystore?
- Critical and high severity vulnerabilities
------------------------------------------------------------
CertiK Blog
Understanding BGP Hijacking and Internet Routing Security

What does BGP hijacking involve?
- Diverting traffic by announcing unauthorized IP address blocks

What are some key measures to prevent BGP hijacking?
- Resource Public Key Infrastructure (RPKI)
- Route Origin Authorization (ROA)
- Route Origin Validation (ROV)

What was the result of the KLAYswap BGP hijacking attack?
- Losses of $1.9 million
------------------------------------------------------------
CertiK Blog
UtopiaSphere Incident Analysis

What was the amount exploited from UtopiaSphere on 21 July 2024?
- $521K

What mechanism was exploited in the UtopiaSphere incident?
- swapBurn()
------------------------------------------------------------
CertiK Blog
Vanity Address and Address Poisoning

What is the main risk of address poisoning?
- Sending funds to a scam address

How can you protect yourself from address poisoning?
- Always double-check the entire address

Vanity addresses are impossible to detect and there are no tools available to help users identify them
- False
------------------------------------------------------------
CertiK Blog
Navigating DAO Governance and the Compound DAO Incident

What was the primary controversy in the Golden Boys' proposal to Compound DAO?
- The funds would be stored in a vault controlled by them

What legal structure is recommended for DAOs to protect members from personal liability?
- Limited Liability Corporation (LLC)

What method is suggested to improve governance participation in DAOs?
- Implementing weekend-free voting and experimenting with AI proxy voting

Project Focus
PEPE | Meme

What significant security measures did Pepe implement to enhance trust and transparency?
- Undergoing a CertiK audit of its token contract

How is the ownership of Pepe tokens distributed among holders?
- The top 10 holders own less than 5% of the total supply.
---------------------------------------------------------------
Project Focus
Aptos | Layer 1

Aptos is a Layer 1 blockchain primarily designed to offer:
- A developer-friendly environment, focusing on scalability and security

Move is the programming language at the core of Aptos for smart contract development.
- True
---------------------------------------------------------------
Project Focus
Ondo Finance | RWA

Ondo Finance moved $95 million to BlackRock's BUIDL in 2024 as part of their long-term strategy
- True

What specific actions does Ondo Finance take to ensure regulatory compliance?
- Conducts compliance checks and engages with regulatory bodies
---------------------------------------------------------------
Project Focus
TON | Layer 1

What does the MasterChain do in TON's network?
- Ensures consistency and security across the network

What peak transaction speed did TON achieve in CertiK's performance testing?
- Over 100,000 TPS
---------------------------------------------------------------
Project Focus
Ripple (XRP Ledger) | Layer 1

What did CertiK audit for the XRP Ledger?
- The security of its Automated Market Maker (AMM) implementation

What do social monitoring insights indicate about the XRPL community?
- Highly active and engaged
---------------------------------------------------------------
Project Focus
Wormhole | Infrastructure

Wormhole was originally incubated by Jump Trading
- True

What is the maximum bounty offered by Wormhole’s bug bounty program?
- $5M
---------------------------------------------------------------
Project Focus
EigenLayer | Infrastructure

What unique model does EigenLayer use to enhance the security of other protocols?
- Shared security model leveraging staked ETH

What purpose does the insurance mechanism serve in EigenLayer's ecosystem?
- To provide a safety net in case of protocol failures or hacks
---------------------------------------------------------------
Project Focus
Ethena | Stablecoin

What method does Ethena use to stabilize its synthetic dollar, USDe?
- Delta hedging

What unique financial tool does Ethena introduce to offer on-chain yields?
- Internet Bond
---------------------------------------------------------------
Project Focus
FriendTech | Social

Friend.Tech launched its native token in May 2024, distributing it entirely to VCs.
- False

What incentive does Friend.Tech provide through its bug bounty program?
- Rewards of up to 1,000,000 USDC based on bug severity
---------------------------------------------------------------
Project Focus
Worldcoin | Store of Value

Worldcoin uses biometric verification to ensure each person can only claim their share once.
- True

What was a security vulnerability in Worldcoin’s Orb operator onboarding process?
- Operators could bypass verification without proper ID.
---------------------------------------------------------------
Project Focus
zkSwap Finance | DeFi

What model does zkSwap Finance use to reward users?
- Swap to Earn

How many files did CertiK audit of zkSwap Finance in December 2023?
- 6

zkSwap Finance’s team is fully anonymous and unverified.
- False - The team has been KYC verified by CertiK
---------------------------------------------------------------
Project Focus ·
Edu3Labs | The Future of Education

What are the 3 key areas Edu3Labs focuses on?
- AI
- Education
- Blockchain

What KYC Badge level Edu3Labs achieved from CertiK?
- Gold

Which exchanges users can trade NFE?
- Gate.io
- MEXC
---------------------------------------------------------------
Project Focus ·
Core DAO | Infrastructure

Core DAO combines Delegated Proof of Work (DPoW) and Delegated Proof of Stake (DPoS) in its consensus mechanism.
- True

What ensures the scalability and security of Core DAO's blockchain?
- Satoshi Plus consensus mechanism
---------------------------------------------------------------
Project Focus
Arbitrum | Layer 2

Who were the original developers of Arbitrum?
- Offchain Labs

Does Arbitrum run a Bug Bounty program? If so, how much?
- Yes - $2,000,000
---------------------------------------------------------------
Project Focus ·
Diamante Blockchain | Infrastructure

What did the April 2024 security audit conducted by CertiK find about Diamante Blockchain's smart contracts?
- No Medium, Major, or Critical issues

What does the Gold KYC Badge signify in the context of Diamante Blockchain's team?
- The team has been comprehensively verified, demonstrating high transparency

What applications are supported by Diamante Blockchain?
- PayCircle and CreditCircle
---------------------------------------------------------------
Project Focus ·
PAW Chain | Ecosystem

How many signatures are required for funds to be moved from PAW Chain’s Treasury multisig wallet?
- 6

What was the primary purpose of the CertiK KYC verification for the PAW Chain team?
- To ensure team transparency and reduce risk

What is the function of PAW Aggregator in the PAW Chain ecosystem?
- Consolidates liquidity across various blockchains to offer the best swap rates
---------------------------------------------------------------
Project Focus ·
Trinique | RAT

What is the name for Trinique utility token?

- TNQ

The TNQ token derives its value from active user base, token transaction volume, total value locked, and the performance of the asset classes.
- True

Which KYC verification badge did Trinique's team receive from CertiK?
- Gold
---------------------------------------------------------------
Project Focus ·
Mint Club | Build Your Bonding Curve

What type of assets can be created using Mint Club's platform?
- ERC20 tokens and ERC1155 NFTs

Which best describes the purpose of the MINT token on Mint Club?
- Base token for functionality and bonding curves

What recognition did Mint Club's core team receive after completing KYC verification by CertiK?
- Gold badge
---------------------------------------------------------------
Project Focus ·
Mint Club | Building Your Bonding Curve

What type of assets can be created using Mint Club's platform?
- ERC20 tokens and ERC1155 NFTs

What’s the creator benefit of using Mint Club's Creator Royalties feature?
- It lets creators easily set royalties from 0% to 50% on their assets.

What’s the creator benefit of using Mint Club's Airdrop tool?
- It simplifies the airdrop process with Public and Private options.

What’s the creator benefit of using Mint Club's Bulksender tool?
- It allows creators to distribute tokens or NFTs on over 12 networks.
---------------------------------------------------------------
Project Focus ·
HanChain | Transforming Music Copyright

What services does HanChain provide to enhance fan engagement?
- MusiKhan, NFT-PLAY, AdKhan, and staking options

How has HanChain ensured security for its platform and team?
- Top 10% security score, Certik's KYC verification, and ISO27001 certification

What benefits does HanChain's decentralized copyright holder identity verification provide to artists?
- Copyright protection and fair compensation through royalties
---------------------------------------------------------------
Project Focus ·
OpenGPU | Harnessing Decentralized GPU Computing

What does OpenGPU leverage to support AI and blockchain applications?
- Decentralized GPU computing

How many operations per second can OpenGPU support?
- 5000

What is the purpose of OpenGPU Devnet?
- To test and innovate with advanced tools

How can users monetize their idle GPU resources on OpenGPU?
- By joining the decentralized computing network
---------------------------------------------------------------
Project Focus ·
Patex | Latin American Blockchain Ecosystems

What is the main focus of the Patex ecosystem?
- A comprehensive solution for the LATAM region

What is the primary function of the Patex Network?
- To solve scalability issues, increase transaction speeds, and reduce fees

What is the role of the PATEX token in the Patex Ecosystem?
- It serves as the main currency for transactions

How does the Bug Bounty Program help Patex?
- By identifying and fixing security vulnerabilities
---------------------------------------------------------------
Project Focus ·
Mintlayer | Build on Bitcoin

What is the primary function of Mintlayer's blockchain architecture?
- To improve direct token interoperability with Bitcoin

How does Mintlayer enhance decentralization?
- By providing a built-in DEX for P2P transfers

What types of tokens does Mintlayer support?
- Both fungible and non-fungible tokens

What is the purpose of Mintlayer's staking protocol?
- To enable users to participate in the block signer auction and earn rewards
---------------------------------------------------------------
Project Focus ·
Solidus AI Tech | High-Performance Computing

What security measures has Solidus AI Tech taken?
- Active bug bounty program
- Team KYC verification
- Security audit with automated formal verification

What can users access through the GPU Marketplace?
- High-performance computing power

What is the primary function of the $AITECH token within the Solidus AI Tech ecosystem?
- Payment for AI and GPU services

How many core team members are verified by CertiK?
- 5
---------------------------------------------------------------
Project Focus ·
Script Network | Open Source Video Protocol

What is Script Network?
- A Layer 1 open-source live TV platform, protocol, and storage network

What is the purpose of $SCPT in the Script Network ecosystem?
- Governance and staking

How does Script Network ensure security and trust within its ecosystem?
- By completing security assessments, maintaining an active KYC verification, and a bug bounty program

What can users do with Script TV?
- Watch multiple channels 24/7/365 and earn rewards