Passing a CertiK Audit: Insights

Vemate
2 min readJul 19, 2022

--

A Smart Contract is the beating heart of any crypto project, and we treat it with utmost importance. That is precisely why we have reached out to the best audit company to conduct the audit — CertiK.

Some aspects were pointed out by CertiK that needed addressing, and we did just that. Therefore, redeployment and reallocation were carried out in full, and we have now addressed the issues they brought to our attention to the best of our abilities by taking the following actions:

  • Vested full 10% Marketing wallet, with 15% to be released upon listing and then 7% monthly;
  • Vested full 9.5% Reserve for CEX listing wallet, with 20% to be released upon listing and then 7% monthly with 10% in the last month;
  • Locked full 8% Team tokens for 12 months
  • Locked 35% Presale tokens, 20% Token Liquidity tokens as well as 1.1% from Staking, Referral, Partnership and Airdrop wallet tokens until our planned Presale date. This was done via PinkLock.
  • Allocated 10% Private Sale tokens plus 1.34% from Staking, Referral, Partnership and Airdrop wallet tokens to Private Sale users. This was allocated as per the selection made by the users — vesting/staking to the Private sale Contract.

You can find the Private Sale Contract address here, where we have also locked and vested the above mentioned tokens: 0x6C0B36E65026AA6B2DE96f2046Fe3BdDBF6a0e8b

Besides that, we have also created a multi-signature account via Gnosis that can be authorised by 2/3 master wallets using Gnosis Safe at this address: 0x7420bec08C03A9A436B143464009Ea6A43B518DD;

This account will contain all the tokens that will be unvested from the contract as well as all the tokens that have remained unlocked which number at 7,576,469 VMT. These tokens have remained unlocked as we are about to transfer funds to pay for marketing agreements (where it was agreed that the payment would be made in Vemate tokens or both stablecoins and Vemate tokens) as well as staff payment, airdrops, prizes and/or partnerships.

We have used a 3 wallet Gnosis multi-signature account which is difficult to interface with Remix IDE on purpose, to make it much more difficult for any malicious actors to transfer ownership unless they have highly specialised knowledge. Incidentally, this also makes the task laborious for us also. Furthermore, 2/3 authorizations are required for this to take place. Each wallet is stored on a Linux OS machine that is not connected to the network unless a transaction is carried out. The machines in question serve no other purpose.

These are the authorising wallets:

0x1537a76331C72A8E43021604B3c633b5A896447a

0x462d99E11749628CafF5B16EcB0bA8815B62594d

0x30D035BdB889AA505e699e4DB8935Cbf55B7BA1C

The seed phrases are stored in 10 different secure locations in hard copies and network isolated copies. These have been divided among 3 different people, each being the sole controller of their respective wallets and holding the seed phrases independently from one another.

Having done all this, we’ve mitigated all the issues which CertiK highlighted to the best of our abilities, whilst maintaining our ability to perform competitively in order to ensure the success of the project. CertiK will soon release its final report, and we are keen to share it with you. Stay tuned!

--

--