CertiK
🟢 CertiK — занимается безопасностью блокчейнов, которая сочетает формальную проверку с технологией искусственного интеллекта для предоставления комплексных аудиторских услуг.
Они запустили Skynet Quest: путешествие по обеспечению безопасности Web3
Skynet Quest — это совершенно новая платформа, которая обеспечивает безопасность Web3 с помощью увлекательного обучающего опыта и инструментов. Выполняя квесты, пользователи получают практические знания о безопасности Web3, получают награды и разблокируют ценные инструменты.
Выполняя квесты и ежедневные задания, вы зарабатываете очки опыта (XP) и драгоценные камни. Опыт поможет вам повысить уровень и достичь новых целей, а драгоценные камни можно обменять на виртуальные награды, чтобы разблокировать более захватывающие путешествия.
💵Собрали в общей сложности около $300 000 000. Оценка $2млрд.
Goldman Sachs, SoftBank, Tiger Global, Sequoia Capital, Coinbase, Binance
💬 Тут нет прямых предпосылок на дроп и токен. Если спросить в дискорде у админов про токен или дроп, они ответят: токен не планируют, квесты это просто обучение, и никаких наград в виде токенов не будет.
Но это единственный способ, как мы можем повзаимодействовать с их продуктом. Так что я в любом случае делаю квесты и буду делиться ответами. Возможно, потом выкатят какие-то фантики по тирам для тех, кто выполнял квесты, и вот за эти фантики, возможно, что-то дадут.
Первая партия ответов
2.Web3 Security with Skynet
1.Security score
2.False
3.Operational Security
1.True
2.They harness community expertise to identify bugs
4.Team and Insider Risks
1.Lack of accountability and transparency
2.False
5. Pepe
1.Undergoing a CertiK audit of its token contract
2.The top 10 holders own less than 5% of the total supply
6. Aptos
1.A developer-friendly environment, focusing on scalability and security
2.True
7.Ondo
1.True
2.Conducts compliance checks and engages with regulatory bodies
Вторая партия ответов на Skynet Quest от Certik
Вопрос: Why is it important to conduct security audits on Web3 code?
Ответ: To identify and fix potential security vulnerabilities.
Вопрос: A code repository’s regular updates and community involvement can be indicators of the team’s commitment to a project.
Ответ: True
2️⃣ Governance and Security in DAOs
Вопрос: Which issue is a common risk in DAO governance?
Ответ: Centralization risks in smart contract
Вопрос: Community approval is usually required before implementing changes to a DAO’s project model.
Ответ: True
Вопрос: What is a risk associated with tokens being concentrated in few wallets?
Ответ: It increases the risk of market manipulation
Вопрос: Why is high trading activity viewed positively in token markets?
Ответ: It indicates strong interest and potential liquidity.
4️⃣ Community and Security Risks in Web3
Вопрос: Why is monitoring social media sentiment important for Web3 projects?
Ответ: Influences market stability and trust.
Вопрос: Transparency decreases trust in the Web3 community and should be minimized.
Ответ: False
5️⃣ Introduction to User Security
Вопрос: Why is user security particularly important in the world of crypto?
Ответ: Because crypto assets are often held in decentralized wallets with no central authority to help recover lost funds.
Вопрос: What additional security measure is recommended beyond a strong password?
Ответ: Two-Factor Authentication (2FA).
6️⃣ Introduction to Wallet Security
Вопрос: What is the primary risk of using custodial wallets?
Ответ: If the custodial service experiences a security breach, hack, or the service itself becomes inaccessible, you may lose access to your private keys.
Вопрос: What is a key practice for securing your wallet’s private keys?
Ответ: Storing them in a hardware wallet or encrypted offline location.
🔔 Третья партия ответов на Skynet Quest от Certik
1️⃣ Best Practices for Wallet Security
Вопрос: What should you regularly do with your wallet to ensure security?
Ответ: All of the above
Вопрос: What should you always double-check before sending funds from your wallet?
Ответ: The recipient’s wallet address to ensure it’s correct
2️⃣ Choosing a Secure Exchange
Вопрос: Which of the following are key factors to consider when choosing a secure crypto exchange?
Ответ: All of the above
Вопрос: Choosing an exchange with both licensing and security certifications minimizes the risks associated with using a cryptocurrency exchange.
Ответ: True
Вопрос: Proof of Reserve (PoR) guarantees against future changes and hacking risks.
Ответ: False
Вопрос: What is a limitation of Proof of Reserve?
Ответ: All of the above
4️⃣ Recognizing Risk Signals on the Exchange
Вопрос: Why should you be cautious if someone you don't know approaches you on social media about using a specific exchange?
Ответ: They might be recommending a scam or fraudulent scheme
Вопрос: What could frequent or prolonged withdrawal freezes on an exchange indicate?
Ответ: The exchange has liquidity problems or internal issues
5️⃣ Important Exchange Security Features
Вопрос: What does ISO 27001 certification signify for a cryptocurrency exchange?
Ответ: The exchange has strong information security management systems
Вопрос: What is the benefit of choosing an exchange with both proper licensing and security certifications?
Ответ: It minimizes the risks associated with using a cryptocurrency exchange
Вопрос: Why is it important to keep your private key secure?
Ответ: If someone gains access to your private key, they gain access to your crypto assets.
Вопрос: What is a best practice for private key security?
Ответ: Store it offline, preferably in a hardware wallet.
7️⃣ Private Key Security: Seed Phrases
Вопрос: What is a recommended strategy for backing up your seed phrase?
Ответ: Create a backup and store it in secure locations.
Вопрос: What is the main risk of storing your seed phrase digitally (e.g., in cloud storage or email)?
Ответ: It can be hacked or accessed by unauthorized parties.
8️⃣ Losses Related to Private Key Compromises
Вопрос: How much was lost due to private key compromises in 2023?
Ответ: Nearly $881 million across 47 incidents.
Вопрос: Which of these exchanges did NOT experience a security incident related to a private key compromise?
Ответ: Binance
Вопрос: A dApp is a centralized application that primarily runs on mobile devices.
Ответ: False
Вопрос: What might indicate that a dApp is potentially malicious or risky?
Ответ: The dApp has limited documentation and transparency
1️⃣0️⃣ Identifying Malicious Activity on Websites & dApps
Вопрос: How can you protect yourself from phishing attacks related to crypto websites and dApps?
Ответ: Be cautious with emails and messages that ask for sensitive information, and always verify links and URLs before clicking
Вопрос: What might indicate that a website is a scam or fake?
Ответ: The URL has subtle differences from the legitimate site, like extra characters or misspellings
Четвертая партия ответов на Skynet Quest от Certik
Вопрос: What does the MasterChain do in TON's network?
Ответ: Ensures consistency and security across the network
Вопрос: What peak transaction speed did TON achieve in CertiK's performance testing?
Ответ: Over 100,000 TPS
2️⃣ Ripple (XRP Ledger) | Layer 1
Вопрос: What did CertiK audit for the XRP Ledger?
Ответ: The security of its Automated Market Maker (AMM) implementation
Вопрос: What do social monitoring insights indicate about the XRPL community?
Ответ: Highly active and engaged
Вопрос: Wormhole was originally incubated by Jump Trading
Ответ: True
Вопрос: What is the maximum bounty offered by Wormhole’s bug bounty program?
Ответ: $5M
4️⃣ EigenLayer | Infrastructure
Вопрос: What unique model does EigenLayer use to enhance the security of other protocols?
Ответ: Shared security model leveraging staked ETH
Вопрос: What purpose does the insurance mechanism serve in EigenLayer's ecosystem?
Ответ: To provide a safety net in case of protocol failures or hacks
Вопрос: What method does Ethena use to stabilize its synthetic dollar, USDe?
Ответ: Delta hedging
Вопрос: What unique financial tool does Ethena introduce to offer on-chain yields?
Ответ: Internet Bond
Вопрос: Friend.Tech launched its native token in May 2024, distributing it entirely to VCs.
Ответ: False
Вопрос: What incentive does Friend.Tech provide through its bug bounty program?
Ответ: Rewards of up to 1,000,000 USDC based on bug severity
7️⃣ Worldcoin | Store of Value
Вопрос: Worldcoin uses biometric verification to ensure each person can only claim their share once.
Ответ: True
Вопрос: What was a security vulnerability in Worldcoin’s Orb operator onboarding process?
Ответ: Operators could bypass verification without proper ID.
Пятая партия ответов на Skynet Quest от Certik
1️⃣ HACK3D Part 1: Top Incident Analyses
Вопрос: Which of the following is NOT listed as a top incident type in Q1 2024?
Ответ: Network Congestion
Вопрос: What was the eventual outcome of the attack on Munchables?
Ответ: The stolen assets were returned to the Munchables team
Вопрос: What event occurred shortly before the BitForex exit scam, raising suspicions of fraudulent activities?
Ответ: The CEO's resignation.
2️⃣ HACK3D Part 2: Private Key Compromise
Вопрос: What was the total loss attributed to private key compromises in Q1 2024?
Ответ: $239 million
Вопрос: Who suffered a loss of $112 million due to the compromise of personal private keys in Q1 2024?
Ответ: Chris Larsen
Вопрос: Storing all multisignature keys within the same BitWarden account is a secure practice.
Ответ: False
3️⃣HACK3D Part 3: Rounding Issue Exploits
Вопрос: What is the primary target of the Rounding Issue Exploit?
Ответ: Newly-deployed lending pools
Вопрос: What was the outcome of the flaw exploited in the Kyberswap incident?
Ответ: Drainage of funds
Вопрос: Solidity's computational libraries are designed for high-precision mathematical operations, minimizing the risk of rounding errors.
Ответ: False
4️⃣ Build trust and integrity in project teams with KYC
Вопрос: Why is KYC important for Web3 projects?
Ответ: It helps users trust the team behind a project
Вопрос: What does a CertiK KYC badge signify?
Ответ: The project team has undergone a thorough identity verification process
Вопрос: How does CertiK's KYC service protect against insider threats?
Ответ: By conducting rigorous identity checks on core team members
5️⃣ KYC Actors are Ramping Up Their Game
Вопрос: What is a key observation by CertiK regarding KYC fraud?
Ответ: Fraudsters are hiring professional actors to circumvent due diligence
Вопрос: What is CertiK's KYC Badge designed to do?
Ответ: Verify development teams and prevent fraud
Вопрос: Why do KYC actors target traditional banks?
Ответ: To open bank accounts and store illicit funds
6️⃣ Unveiling the KYC Actor Industry
Вопрос: What insight did CertiK gain from a KYC actor?
Ответ: Passing regular verifications is easy
Вопрос: What is the primary purpose of employing KYC actors according to CertiK's findings?
Ответ: To steal funds from investors
Вопрос: What is essential for due diligence in Web3 start-ups according to CertiK?
Ответ: Thorough background investigation by professional investigators.
Шестая партия ответов на Skynet Quest от Certik
1️⃣ Best Tools for Tracking Top Crypto Wallets
Вопрос: Which wallet tracking tool supports creating custom dashboards with personalized wallet insights?
Ответ: Dune Analytics
Вопрос: Wallet tracking tools offer specific trading directions to make users money.
Ответ: False
Вопрос: What does wallet tracking help with?
Ответ: Monitoring crypto market trends
Вопрос: CertiK's KYC Badge process includes a video interview and identity verification to assess the background of key team members.
Ответ: True
Вопрос: What are the main steps in CertiK's KYC verification process?
Ответ: Video Call, ID Check, Review & Award
Вопрос: The CertiK KYC Badge means that CertiK ensures code safety.
Ответ: False
3️⃣ Trap Phishing on Trusted Platforms
Вопрос: What are phishers trying to obtain from users in Web3 phishing scams?
Ответ: Crypto wallet private keys and mnemonic phrases
Вопрос: Phishing malware can steal private keys by asking users to download and run a fake game client.
Ответ: True
4️⃣ Different Mechanisms for Honeypot Scams
Вопрос: What is a common red flag that a token may be a honeypot scam?
Ответ: An all-green chart with no sells
Вопрос: The blacklist mechanism in honeypot scams adds buyers to a whitelist, enabling them to sell their tokens freely.
Ответ: False
5️⃣ Introduction to Formal Verification
Вопрос: Formal verification is a mathematical approach that helps identify vulnerabilities not found through conventional testing or code reviews.
Ответ: True
Вопрос: What does the specification language BISSOL help with in the formal verification process?
Ответ: Defining properties of contracts to be verified
6️⃣ How Exit Scammers Mint Tokens Undetected
Вопрос: What do exit scammers use to mint additional tokens without triggering a Transfer event?
Ответ: Bypassing the totalSupply metric
Вопрос: Locked liquidity pool tokens create a false sense of security for investors during a rug pull scam.
Ответ: True
7️⃣ Introduction of Diamond Agency Contract
Вопрос: Facets in diamond proxy contracts are smaller contracts that implement specific features and are managed by a central diamond proxy.
Ответ: True
Вопрос: Why should the initialize function be protected in diamond proxies?
Ответ: To prevent unauthorized access to privileged roles
8️⃣ Recognizing the Misuse of CertiK's Brand
Вопрос: What should you do if you're approached by someone claiming to represent CertiK but you doubt their legitimacy?
Ответ: Verify their credentials using CertiK’s Employee Verification tool
Вопрос: Fake recovery services often target individuals who have already suffered financial losses, promising to recover funds but demanding upfront fees.
Ответ: True
9️⃣ Top Compliance Risks in Crypto
Вопрос: Which compliance risk involves using blockchain transactions for illegal activities like money laundering or terrorism financing?
Ответ: Exposure to illicit activities
Вопрос: CertiK’s SkyInsights analyzes transaction fees and doesn’t help companies comply with global regulations.
Ответ: False
Вопрос: How does SkyInsights help companies comply with global crypto regulations?
Ответ: By maintaining a repository of global regulations
1️⃣0️⃣ Hedgey Finance Event Analysis
Вопрос: The Hedgey Finance exploit was due to a missing line of code that failed to revoke campaign approvals after cancellations, allowing unauthorized token transfers.
Ответ: True
Вопрос: How much was initially stolen in the Hedgey Finance exploit?
Ответ: $2 million
Седьмая партия ответов на Skynet Quest от Certik
Вопрос: Which is not part of CertiK Ventures’ current portfolio?
Ответ: Shiba Inu
Вопрос: What is CertiK Ventures’ Vision?
Ответ: Foster the growth of security-first projects
2️⃣ Insights on Market Analytics
Вопрос: Which of the following metrics is NOT included in the Skynet Market Analytics section?
Ответ: Fully diluted market cap
Вопрос: Which of the following factors might contribute to a potential drop in the Market Category Score?
Ответ:
High price volatility,
Whale movement,
Irregular trading volume
Вопрос: Skynet Security Score incorporates insights from Market Analytics.
Ответ: True.
3️⃣ Operational Security via Website Scan
Вопрос: Which are the primary categories of Website Scan? (Select all that apply)
Ответ:
Network Security
DNS Health
Application Security
Вопрос: Negative scan results could suggest a project’s lack of attention to security.
Ответ: True
Вопрос: Further assessment and improvement of website security can be achieved through?
Ответ: Penetration Testing
4️⃣ GitHub Monitoring for Better Code Security
Вопрос: Which of the following factors are considered by the GitHub Impact Indicator?
Ответ: All of the above
Вопрос: If a project has a long existing GitHub account, age > 8 years, that means the project is secure and actively maintained?
Ответ: False
Вопрос: Good looking Activity Heatmap means improved code security
Ответ: False - Introducing new code may also introduce bugs and vulnerabilities
5️⃣ Governance Activity Monitoring
Вопрос: Which of the statements best describes the governance indicator mentioned?
Ответ: It reflects the level of governance activity in comparison to other Web3 projects by aggregating various signals.
Вопрос: Projects with low governance activity indicators suggests lower risk compared to higher ones.
Ответ: False
Вопрос: Which of the following values is not conveyed by governance activity?
Ответ: Project's financial performance
6️⃣ Insights on Token Holder Analysis
Вопрос: Governance related metrics such as token holder changes won’t impact Skynet security rating.
Ответ: False
Вопрос: Which of the following metrics is NOT included in the Skynet Token Holder Analytics section?
Ответ: Total Value Locked (TVL)
Вопрос: Which of the following factors might indicate the potential centralization risk of a project?
Ответ: High percentage on project owner holding
7️⃣ Security Rating for Pre-Launch Projects
Вопрос: Which of the following categories is not included in the pre-launch project rating?
Ответ: Market Stability
Вопрос: Which of the Pre-Launch Stages represents the phase nearing a new market launch?
Ответ: Stage 2
Вопрос: Which of the following factors might boost the project’s pre-launch stage status closer to a new launch?
Ответ: All of the above
🔔Восьмая партия ответов на Skynet Quest от Certik (https://t.me/Enthusiast_Research/393)
1️⃣ zkSwap Finance | DeFi (https://skynet.certik.com/quest/zkswap-finance?referralId=8023719880463906161)
Вопрос: What model does zkSwap Finance use to reward users?
Ответ: Swap to Earn (zkSwap Finance) (Introduction | zkSwap Finance).
Вопрос: How many files did CertiK audit of zkSwap Finance in December 2023?
Ответ: 6 files.
Вопрос: zkSwap Finance’s team is fully anonymous and unverified.
Ответ: False - The team has been KYC verified by CertiK (Introduction | zkSwap Finance) (zkSwap Finance
2️⃣ Advanced Formal Verification of ZK Proofs
(https://skynet.certik.com/quest/advanced-formal-verification-of-zk-proofs?referralId=10160151948413847194)
Вопрос: Which of the following best describes a Zero Knowledge Proof (ZKP)?
Ответ: A way to verify the correctness of a computation without revealing its details.
Вопрос: True or False: The Load8 data injection bug in zkWasm is caused by improper tracking of call and return instructions, allowing hackers to inject fake returns and manipulate the execution sequence.
Ответ: False
3️⃣ Bot-Driven Wash Trading in Exit Scams (https://skynet.certik.com/quest/bot-driven-wash-trading-in-exit-scams?referralId=10983255217096017565)
Вопрос: True or False: Scammers use Tornado Cash to withdraw funds for creating scam tokens.
Ответ: True
Вопрос: Which platform do scammers use to distribute tokens among multiple addresses? (Select all that apply)
Ответ:
Disperse.app
CoinTool
Вопрос: What might trigger social bots to broadcast posts on scammer tokens? (Select all that apply)
Ответ: Increased liquidity, High trading volumes, Rising market up
4️⃣ Common Web3 Phishing Methods (https://skynet.certik.com/quest/common-web3-phishing-methods?referralId=4072956503717723939)
Вопрос: To prevent wallet phishing attacks, verify the data and understand the transaction before signing.
Ответ: True
Вопрос: You should always sign airdrops, even if the project team is unresponsive.
Ответ: False
5️⃣Stay Vigilant on Browser Plugins (https://skynet.certik.com/quest/stay-vigilant-on-browser-plugins?referralId=10373089216080060726)
Вопрос: Which of the following is NOT considered a good security practice when using plugins?
Ответ: Using plugins promoted by users on social platforms
Вопрос: How do scammers carry out plugin attacks? (Select all that apply)
Ответ: Mimicking legitimate projects with similar functionality,
Sending unsolicited messages on social platforms,
Exploiting or taking over third-party plugins
6️⃣ Sonne Finance Incident Analysis (https://skynet.certik.com/quest/sonne-finance-incident-analysis?referralId=7048575237485634295)
Вопрос: True or False: The precision loss vulnerability in CompoundV2 forks was first discovered in April 2023
Ответ: True
Вопрос: What was the total amount lost in the Sonne Finance exploit?
Ответ: $20 million