Ответы на SertiK Skynet
Для удобства поиска вопросов используйте F3.
Подпишись https://t.me/veksill
(ТаскOndo Finance | RWA)
Question 1 of 2Ondo Finance moved $95 million to BlackRock's BUIDL in 2024 as part of their long-term strategy.
Ответ:True
Question 2 of 2What specific actions does Ondo Finance take to ensure regulatory compliance?
Ответ:Conducts compliance checks and engages with regulatory bodies
(Таск Web3 Security with Skynet)
Question 1 of 2
What feature of Skynet helps users assess the security of Web3 projects?
Ответ: Security Scores
Question 2 of 2
Verified source code is one of the common security threats in Web3.
Ответ:False
(Таск Operational Security)
Question 1 of 2
Non-blockchain components such as websites and software applications must be secured, as they can be targeted by hackers.
Ответ: True
Question 2 of 2
What makes bug bounty programs beneficial for Web3 projects?
Ответ: They harness community expertise to identify bugs
(Таск Team and Insider Risks)
Question 1 of 2
Why is it risky to invest in projects with anonymous teams?
Ответ: Lack of accountability and transparency
Question 2 of 2
The CertiK KYC Badge means that CertiK ensures code safety.
Ответ: False
(Таск PEPE | Meme)
Question 1 of 2
What significant security measures did Pepe implement to enhance trust and transparency?
Ответ: Undergoing a CertiK audit of its token contract
Question 2 of 2
How is the ownership of Pepe tokens distributed among holders?
Ответ:The top 10 holders own less than 5% of the total supply.
(Таск Aptos | Layer 1)
Question 1 of 2
Aptos is a Layer 1 blockchain primarily designed to offer:
Ответ: A developer-friendly environment, focusing on scalability and security
Question 2 of 2
Move is the programming language at the core of Aptos for smart contract development.
Ответ: True
(Таск Ondo Finance RWA)
Question 1 of 2
Ondo Finance moved $95 million to BlackRock's BUIDL in 2024 as part of their long-term strategy.
Ответ: True
Question 2 of 2
What specific actions does Ondo Finance take to ensure regulatory compliance?
Ответ: Conducts compliance checks and engages with regulatory bodies
(Таск TON | Layer 1)
Question 1 of 2
What does the MasterChain do in TON's network?
Ответ:Ensures consistency and security across the network
Question 2 of 2
What peak transaction speed did TON achieve in CertiK's performance testing?
Ответ:Over 100,000 TPS
(Таск Ripple (XRP Ledger) | Layer 1)
Question 1 of 2
What did CertiK audit for the XRP Ledger?
Ответ:The security of its Automated Market Maker (AMM) implementation
Question 2 of 2
What do social monitoring insights indicate about the XRPL community?
Ответ: Highly active and engaged
(Таск Wormhole | Infrastructure)
Question 1 of 2
Wormhole was originally incubated by Jump Trading
Ответ:True
Question 2 of 2
What is the maximum bounty offered by Wormhole’s bug bounty program?
Ответ: $5M
(Таск EigenLayer | Infrastructure)
Question 1 of 2
What unique model does EigenLayer use to enhance the security of other protocols?
Ответ: Shared security model leveraging staked ETH
Question 2 of 2
What purpose does the insurance mechanism serve in EigenLayer's ecosystem?
Ответ:To provide a safety net in case of protocol failures or hacks
(Таск Ethena | Stablecoin)
Question 1 of 2
What method does Ethena use to stabilize its synthetic dollar, USDe?
Ответ: Delta hedging
Question 2 of 2
What unique financial tool does Ethena introduce to offer on-chain yields?
Ответ: Internet Bond
(Таск Code Security)
Question 1 of 2
What is the main purpose of conducting security audits on Web3 code?
Ответ:To identify and fix potential security vulnerabilities
Question 2 of 2
A code repository’s regular updates and community involvement can be indicators of the team’s commitment to a project.
Ответ:True
(Таск Market-Related Risks)
Question 1 of 2
What is a risk associated with tokens being concentrated in few wallets?
Ответ :It increases the risk of market manipulation
Question 2 of 2
Why is high trading activity viewed positively in token markets?
Ответ: It indicates strong interest and potential liquidity.
(Таск Governance and Security in DAOs)
Question 1 of 2
Which issue is a common risk in DAO governance?
Ответ: Centralization risks in smart contract
Question 2 of 2
Community approval is usually required before implementing changes to a DAO’s project model.
Ответ:True
(Таск Community and Security Risks in Web3)
Question 1 of 2
Why is monitoring social media sentiment important for Web3 projects?
Ответ:Influences market stability and trust
Question 2 of 2
Transparency decreases trust in the Web3 community and should be minimized.
Ответ:False
(Таск Introduction to User Security)
Question 1 of 2
Why is user security particularly important in the world of crypto?
Ответ: Because crypto assets are often held in decentralized wallets with no central authority to help recover lost funds
Question 2 of 2
What additional security measure is recommended beyond a strong password?
Ответ:Two-Factor Authentication (2FA)
(Таск Introduction to Wallet Security)
Question 1 of 2
What is the primary risk of using custodial wallets?
Ответ: If the custodial service experiences a security breach, hack, or service itself becomes inaccessible, you may lose access to your private keys.
Question 2 of 2
What is a key practice for securing your wallet’s private keys?
Ответ: Storing them in a hardware wallet or encrypted offline location
(Таск Best Practices for Wallet Security)
Question 1 of 2
What should you regularly do with your wallet to ensure security?
Ответ:All of the above
Question 2 of 2
What should you always double-check before sending funds from your wallet?
Ответ:The recipient’s wallet address to ensure it’s correct
(Таск Choosing a Secure Exchange)
Question 1 of 2
Which of the following are key factors to consider when choosing a secure crypto exchange?
Ответ: All of the above
Question 2 of 2
Choosing an exchange with both licensing and security certifications minimizes the risks associated with using a cryptocurrency exchange.
Ответ: True
(Таск Proof of Reserve )
Question 1 of 2
Proof of Reserve (PoR) guarantees against future changes and hacking risks.
Ответ:False
Question 2 of 2
What is a limitation of Proof of Reserve?
Ответ:All of the above
(Таск Recognizing Risk Signals on the Exchange)
Question 1 of 2
Why should you be cautious if someone you don't know approaches you on social media about using a specific exchange?
Ответ: They might be recommending a scam or fraudulent scheme
Question 2 of 2
What could frequent or prolonged withdrawal freezes on an exchange indicate?
Ответ:The exchange has liquidity problems or internal issues
(Таск Important Exchange Security Features)
Question 1 of 2
What does ISO 27001 certification signify for a cryptocurrency exchange?
Ответ:The exchange has strong information security management systems
Question 2 of 2
What is the benefit of choosing an exchange with both proper licensing and security certifications?
Ответ:It minimizes the risks associated with using a cryptocurrency exchange
(Таск Private Key Security)
Question 1 of 2
Why is it important to keep your private key secure?
Ответ:If someone gains access to your private key, they gain access to your crypto assets
Question 2 of 2
What is a best practice for private key security?
Ответ:Store it offline, preferably in a hardware wallet
(Таск Private Key Security: Seed Phrases)
Question 1 of 2
What is a recommended strategy for backing up your seed phrase?
Ответ:Create a backup and store it in secure locations
Question 2 of 2
What is the main risk of storing your seed phrase digitally (e.g., in cloud storage or email)?
Ответ:It can be hacked or accessed by unauthorized parties
(Таск Losses Related to Private Key)
Question 1 of 2
How much was lost due to private key compromises in 2023?
Ответ:Nearly $881 million across 47 incidents
Question 2 of 2
Which of these exchanges did NOT experience a security incident related to a private key compromise?
Ответ:Binance
(Таск Website & dApp Security)
Question 1 of 2
A dApp is a centralized application that primarily runs on mobile devices.
Ответ:False
Question 2 of 2
What might indicate that a dApp is potentially malicious or risky?
Ответ:The dApp has limited documentation and transparency
(Таск Identifying Malicious Activity on Websites & dApps)
Question 1 of 2
How can you protect yourself from phishing attacks related to crypto websites and dApps?
Ответ:Be cautious with emails and messages that ask for sensitive information, and always verify links and URLs before clicking
Question 2 of 2
What might indicate that a website is a scam or fake?
Ответ:The URL has subtle differences from the legitimate site, like extra characters or misspellings
(Таск FriendTech | Social)
Question 1 of 2
Friend.Tech launched its native token in May 2024, distributing it entirely to VCs.
Ответ:False
Question 2 of 2
What incentive does Friend.Tech provide through its bug bounty program?
Ответ:Rewards of up to 1,000,000 USDC based on bug severity
(Таск Worldcoin | Store of Value)
Question 1 of 2
Worldcoin uses biometric verification to ensure each person can only claim their share once.
Ответ:True
Question 2 of 2
What was a security vulnerability in Worldcoin’s Orb operator onboarding process?
Ответ:Operators could bypass verification without proper ID.
(Таск Losses Related to Private Key Compromises)
Question 1 of 2
How much was lost due to private key compromises in 2023?
Ответ:Nearly $881 million across 47 incidents
Question 2 of 2Which of these exchanges did NOT experience a security incident related to a private key compromise?
Ответ:Binance
(Таск HACK3D Part 1: Top Incident Analyses)
Question 1 of 3
Which of the following is NOT listed as a top incident type in Q1 2024?
Ответ:Network Congestion
Question 2 of 3
What was the eventual outcome of the attack on Munchables?
Ответ:The stolen assets were returned to the Munchables team
Question 3 of 3
What event occurred shortly before the BitForex exit scam, raising suspicions of fraudulent activities?
Ответ: The CEO's resignation
(Таск HACK3D Part 2: Private Key Compromise)
Question 1 of 3
What was the total loss attributed to private key compromises in Q1 2024?
Ответ:$239 million
Question 2 of 3
Who suffered a loss of $112 million due to the compromise of personal private keys in Q1 2024?
Ответ:Chris Larsen
Question 3 of 3
Storing all multisignature keys within the same BitWarden account is a secure practice.
Ответ: False
(Таск HACK3D Part 3: Rounding Issue Exploits)
Question 1 of 3
What is the primary target of the Rounding Issue Exploit?
Ответ:Newly-deployed lending pools
Question 2 of 3
What was the outcome of the flaw exploited in the Kyberswap incident?
Ответ:Drainage of funds
Question 3 of 3
Solidity's computational libraries are designed for high-precision mathematical operations, minimizing the risk of rounding errors.
Ответ:False
(Таск Build trust and integrity in project teams with KYC)
Question 1 of 3
Why is KYC important for Web3 projects?
Ответ: It helps users trust the team behind a project
Question 2 of 3
What does a CertiK KYC badge signify?
Ответ: The project team has undergone a thorough identity verification process
Question 3 of 3
How does CertiK's KYC service protect against insider threats?
Ответ:By conducting rigorous identity checks on core team members
(Таск KYC Actors are Ramping Up Their Game)
Question 1 of 3
What is a key observation by CertiK regarding KYC fraud?
Ответы:Fraudsters are hiring professional actors to circumvent due diligence
Question 2 of 3
What is CertiK's KYC Badge designed to do?
Ответы:Verify development teams and prevent fraud
Question 3 of 3
Why do KYC actors target traditional banks?
Ответ:To open bank accounts and store illicit funds
(Таск Unveiling the KYC Actor Industry)
Question 1 of 3
What insight did CertiK gain from a KYC actor?
Ответ:Passing regular verifications is easy
Question 2 of 3
What is the primary purpose of employing KYC actors according to CertiK's findings?
Ответ:To steal funds from investors
Question 3 of 3
What is essential for due diligence in Web3 start-ups according to CertiK?
Ответ:Thorough background investigation by professional investigators
(Таск Best Tools for Tracking Top Crypto Wallets)
Question 1 of 3
Which wallet tracking tool supports creating custom dashboards with personalized wallet insights?
Ответ:Dune Analytics
Question 2 of 3
Wallet tracking tools offer specific trading directions to make users money.
Ответ:False
Question 3 of 3
What does wallet tracking help with?
Ответ: Monitoring crypto market trends
(Таск How CertiK Does KYC)
Question 1 of 3
CertiK's KYC Badge process includes a video interview and identity verification to assess the background of key team members.
Ответ:True
Question 2 of 3
What are the main steps in CertiK's KYC verification process?
Ответ:Video Call, ID Check, Review & Award
Question 3 of 3
The CertiK KYC Badge means that CertiK ensures code safety.
Ответ:False
(Таск Trap Phishing on Trusted Platforms)
Question 1 of 2
What are phishers trying to obtain from users in Web3 phishing scams?
Ответ:Crypto wallet private keys and mnemonic phrases
Question 2 of 2
Phishing malware can steal private keys by asking users to download and run a fake game client.
Ответ:True
(Таск Different Mechanisms for Honeypot Scams)
Question 1 of 2
What is a common red flag that a token may be a honeypot scam?
Ответ:An all-green chart with no sells
Question 2 of 2
The blacklist mechanism in honeypot scams adds buyers to a whitelist, enabling them to sell their tokens freely.
Ответ:False
(Таск Introduction to Formal Verification)
Question 1 of 2
Formal verification is a mathematical approach that helps identify vulnerabilities not found through conventional testing or code reviews.
Ответ:True
Question 2 of 2
What does the specification language BISSOL help with in the formal verification process?
Ответ:Defining properties of contracts to be verified
(Таск How Exit Scammers Mint Tokens Undetected)
Question 1 of 2
What do exit scammers use to mint additional tokens without triggering a Transfer event?
Ответ:Bypassing the totalSupply metric
Question 2 of 2
Locked liquidity pool tokens create a false sense of security for investors during a rug pull scam.
Ответ: True
(Таск Introduction of Diamond Agency Contract)
Question 1 of 2
Facets in diamond proxy contracts are smaller contracts that implement specific features and are managed by a central diamond proxy.
Ответ:True
Question 2 of 2
Why should the initialize function be protected in diamond proxies?
Ответ:To prevent unauthorized access to privileged roles
(Таск Recognizing the Misuse of CertiK's Brand)
Question 1 of 2
What should you do if you're approached by someone claiming to represent CertiK but you doubt their legitimacy?
Ответ:Verify their credentials using CertiK’s Employee Verification tool
Question 2 of 2
Fake recovery services often target individuals who have already suffered financial losses, promising to recover funds but demanding upfront fees.
Ответ:True
(Таск Top Compliance Risks in Crypto)
Question 1 of 3
Which compliance risk involves using blockchain transactions for illegal activities like money laundering or terrorism financing?
Ответ:Exposure to illicit activities
Question 2 of 3
CertiK’s SkyInsights analyzes transaction fees and doesn’t help companies comply with global regulations.
Ответ:False
Question 3 of 3
How does SkyInsights help companies comply with global crypto regulations?
Ответ:By maintaining a repository of global regulations
(Таск Hedgey Finance Event Analysis)
Question 1 of 2
The Hedgey Finance exploit was due to a missing line of code that failed to revoke campaign approvals after cancellations, allowing unauthorized token transfers.
Ответ:True
Question 2 of 2
How much was initially stolen in the Hedgey Finance exploit?
Ответ: $2 million
(Таск Insights on Market Analytics)
Question 1 of 3
Which of the following metrics is NOT included in the Skynet Market Analytics section?
Ответ:Fully diluted market cap
Question 2 of 3
Which of the following factors might contribute to a potential drop in the Market Category Score? (Select all that apply)
Ответ:1-2-3
Question 3 of 3
Skynet Security Score incorporates insights from Market Analytics.
Ответ: True
(Таск Operational Security via Website Scan)
Question 1 of 3
Which are the primary categories of Website Scan? (Select all that apply)
Ответ: 1-3-4
Question 2 of 3
Negative scan results could suggest a project’s lack of attention to security.
Ответ:True
Question 3 of 3
Further assessment and improvement of website security can be achieved through?
Ответ: Penetration Testing
(Таск GitHub Monitoring for Better Code Security)
Question 1 of 3
Which of the following factors are considered by the GitHub Impact Indicator?
Ответ: All of the above
Question 2 of 3
If a project has a long existing GitHub account, age > 8 years, that means the project is secure and actively maintained?
Ответ: False
Question 3 of 3
Good looking Activity Heatmap means improved code security
Ответ: False - Introducing new code may also introduce bugs and vulnerabilities
(Таск Governance Activity Monitoring)
Question 1 of 3
Which of the statements best describes the governance indicator mentioned?
Ответ:It reflects the level of governance activity in comparison to other Web3 projects by aggregating various signals
Question 2 of 3
Projects with low governance activity indicators suggests lower risk compared to higher ones.
Ответ:False
Question 3 of 3
Which of the following values is not conveyed by governance activity?
Ответ:Project's financial performance
(Таск Insights on Token Holder Analysis)
Question 1 of 3
Governance related metrics such as token holder changes won’t impact Skynet security rating.
Ответ:False
Question 2 of 3
Which of the following metrics is NOT included in the Skynet Token Holder Analytics section?
Ответ:Total Value Locked (TVL)
Question 3 of 3
Which of the following factors might indicate the potential centralization risk of a project?
Ответ:High percentage on project owner holding
(Таск CertiK Ventures)
Question 1 of 2
Which is not part of CertiK Ventures’ current portfolio?
Ответ:Shiba Inu
Question 2 of 2
What is CertiK Ventures’ Vision?
Ответ: Foster the growth of security-first projects
(Таск Bot-Driven Wash Trading in Exit Scams)
Question 1 of 3
True or False: Scammers use Tornado Cash to withdraw funds for creating scam tokens.
Ответ:True
Question 2 of 3
Which platform do scammers use to distribute tokens among multiple addresses? (Select all that apply)
Ответ: 1-4
Question 3 of 3
What might trigger social bots to broadcast posts on scammer tokens? (Select all that apply)
Ответ: 1-2-3
(Таск Sonne Finance Incident Analysis)
Question 1 of 2
True or False: The precision loss vulnerability in CompoundV2 forks was first discovered in April 2023
Ответ: True
Question 2 of 2
What was the total amount lost in the Sonne Finance exploit?
Ответ: $20 million
(Таск Advanced Formal Verification of ZK Proofs)
Question 1 of 2
Which of the following best describes a Zero Knowledge Proof (ZKP)?
Ответ: A way to verify the correctness of a computation without revealing its details.
Question 2 of 2
True or False: The Load8 data injection bug in zkWasm is caused by improper tracking of call and return instructions, allowing hackers to inject fake returns and manipulate the execution sequence.
Ответ: False
(Таск zkSwap Finance | DeFi)
Question 1 of 3
What model does zkSwap Finance use to reward users?
Ответ:Swap to Earn
Question 2 of 3
How many files did CertiK audit of zkSwap Finance in December 2023?
Ответ: 6
Question 3 of 3
zkSwap Finance’s team is fully anonymous and unverified.
Ответ: False - The team has been KYC verified by CertiK
(Таск Security Rating for Pre-Launch Projects)
Question 1 of 3
Which of the following categories is not included in the pre-launch project rating?
Ответ: Market Stability
Question 2 of 3
Which of the Pre-Launch Stages represents the phase nearing a new market launch?
Ответ: Stage 2
Question 3 of 3
Which of the following factors might boost the project’s pre-launch stage status closer to a new launch?
Ответ: All of the above
(Таск Stay Vigilant on Browser Plugins)
Question 1 of 2
Which of the following is NOT considered a good security practice when using plugins?
Ответ: Using plugins promoted by users on social platforms
Question 2 of 2
How do scammers carry out plugin attacks?
Ответ: 1-2-3
(Таск How AI is Transforming KYC for Crypto Project Teams)
Question 1 of 2
What is a primary benefit of using AI in identity verification for KYC processes?
Ответ: Increased precision and speed in verifying identities
Question 2 of 2
CertiK uses AI to enhance its background check process for its CertiK KYC badge.
Ответ: True
(Таск Intro to Airdrop Scams)
Question 1 of 2
Legitimate airdrops require you to provide your private key.
Ответ: False - projects never ask for such information.
Question 2 of 2
Which is a common red flag of an airdrop scam?
Ответ: 1-2-3
(Таск Common Web3 Phishing Methods)
Question 1 of 2
To prevent wallet phishing attacks, verify the data and understand the transaction before signing.
Ответ:True
Question 2 of 2
You should always sign airdrops, even if the project team is unresponsive.
Ответ: False
(Таск Edu3Labs | The Future of Education)
Question 1 of 3
What are the 3 key areas Edu3Labs focuses on?
Ответ: 1-2-4
Question 2 of 3
What KYC Badge level Edu3Labs achieved from CertiK?
Ответ:Gold
Question 3 of 3
Which exchanges users can trade NFE?
Ответ: 1-3
(Таск Core DAO | Infrastructure)
Question 1 of 2
Core DAO combines Delegated Proof of Work (DPoW) and Delegated Proof of Stake (DPoS) in its consensus mechanism.
Ответ:True
Question 2 of 2
What ensures the scalability and security of Core DAO's blockchain?
Ответ: Satoshi Plus consensus mechanism
(Таск Understanding the Impact of FIT21 on Crypto Compliance)
Question 1 of 2
FIT21 distinguishes between digital assets considered as securities, commodities, and other forms of digital property.
Ответ: True
Question 2 of 2
What is one of the key goals of FIT21 for the U.S. blockchain and cryptocurrency sectors?
Ответ: To foster innovation and growth
(Таск Identifying and Avoiding Phishing Scams in X Replies)
Question 1 of 3
Which of the following statements are correct?
Ответ: 1-4
Question 2 of 3
In the MANEKI incident, what deceptive methods did the scammer use to trick users?
Ответ: 1-3-4
Question 3 of 3
Which of the following is NOT true about the End of Thread practice?
Ответ: Users could always trust messages prior to the End of Thread