SlideShare a Scribd company logo

MyMasterWar $MAT Certik Audit

M
MymasterWar

MYMASTERWAR Audit has been successfully completed by Certik

Entertainment & Humor
1 of 24
Download to read offline
Security Assessment My Master WAR Oct 4th, 2021
Table of Contents Summary Overview Project Summary Audit Summary Vulnerability Summary Audit Scope Findings AMA-01 : Ineffective `isContract()` Check MAA-01 : Potential Risks on Approval/TransferFrom Methods MAA-02 : Public Function that Could be Declared External MAA-03 : Initial token distribution MAC-01 : Vesting duration too short MAC-02 : Centralization Risk MAE-01 : Centralization Risk MAM-01 : Centralization Risk MAP-01 : Centralization Risk MAP-02 : Missing Validation for total amount MAT-01 : Vesting duration too short MAT-02 : Centralization Risk Appendix Disclaimer About My Master WAR Security Assessment
Summary This report has been prepared for My Master WAR to discover issues and vulnerabilities in the source code of the My Master WAR project as well as any contract dependencies that were not part of an officially recognized library. A comprehensive examination has been performed, utilizing Static Analysis and Manual Review techniques. The auditing process pays special attention to the following considerations: Testing the smart contracts against both common and uncommon attack vectors. Assessing the codebase to ensure compliance with current best practices and industry standards. Ensuring contract logic meets the specifications and intentions of the client. Cross referencing contract structure and implementation against similar smart contracts produced by industry leaders. Thorough line-by-line manual review of the entire codebase by industry experts. The security assessment resulted in findings that ranged from critical to informational. We recommend addressing these findings to ensure a high level of security standards and industry practices. We suggest recommendations that could better serve the project from the security perspective: Enhance general coding practices for better structures of source codes; Add enough unit tests to cover the possible use cases; Provide more comments per each function for readability, especially contracts that are verified in public; Provide more transparency on privileged activities once the protocol is live. My Master WAR Security Assessment
Overview Project Summary Project Name My Master WAR Description DeFi Platform Ethereum Language Solidity Codebase https://github.com/MyMasterWar/MAT- erc20/tree/1a37ac523295601bad40fab657c1a6647085d739 https://github.com/MyMasterWar/MAT-claim Commit 1a37ac523295601bad40fab657c1a6647085d739 46a88f7c862b9a45ef44a04dc737077ba99ab834 8231f7c8149b09b3d1820ff889cd2957e046b42e Audit Summary Delivery Date Oct 04, 2021 Audit Methodology Static Analysis, Manual Review Key Components Vulnerability Summary Vulnerability Level Total Pending Declined Acknowledged Partially Resolved Resolved Critical 0 0 0 0 0 0 Major 6 0 0 0 6 0 Medium 1 0 0 0 0 1 Minor 4 0 0 1 0 3 Informational 1 0 0 0 0 1 Discussion 0 0 0 0 0 0 My Master WAR Security Assessment
Audit Scope ID File SHA256 Checksum BEP contracts/ERC20/BEP20.sol 24706a337b39e0a035c54c489b583b9d69e6642eca75e2fdc02239fc77c9c48b IBE contracts/ERC20/IBEP20.sol afc0a51377b2d84a9e6df323b6e61b1c4688d9546c83f702e0e8c738d24774b1 IBP contracts/ERC20/IBEP20Metadata.sol 573808a11e25bfb889a00391e30d8e6a7860e87251ab069af149b1146ded4b28 SBE contracts/ERC20/SafeBEP20.sol 2d0197ae0ad87713a28aec66b866f368a7aad45b0a2de03c63a6d4c1b25fe655 OMA contracts/access/Ownable.sol 3f4b02cdb1bc35cd0fdc225d7feb55236d31e8e382685b6685273d64332cb941 AMA contracts/util/Address.sol 274634e4c81504956c51b25ae887062e79f10497ebc2a12441de4ce5fde49a8b CMA contracts/util/Context.sol dd81b252b7a67cc5abef9a6d2e6731a00a217620d14133797cdf06ca22aa63f8 SMM contracts/util/SafeMath.sol 517d4367224491a4cd8e145f020fb17615a5620779b813d8989b8b33ec77ea90 MAA contracts/MAT.sol c316fc1c20f2d4975d4e40d7df93bda1fb668ab6a5c5de94426a21b11f7cacb2 My Master WAR Security Assessment
Findings ID Title Category Severity Status AMA-01 Ineffective isContract() Check Volatile Code Medium Resolved MAA-01 Potential Risks on Approval/TransferFrom Methods Mathematical Operations Minor Resolved MAA-02 Public Function that Could be Declared External Gas Optimization Informational Resolved MAA-03 Initial token distribution Centralization / Privilege Major Partially Resolved MAC-01 Vesting duration too short Logical Issue Minor Resolved MAC-02 Centralization Risk Centralization / Privilege Major Partially Resolved MAE-01 Centralization Risk Centralization / Privilege Major Partially Resolved MAM-01 Centralization Risk Centralization / Privilege Major Partially Resolved My Master WAR Security Assessment 12 Total Issues Critical 0 (0.00%) Major 6 (50.00%) Medium 1 (8.33%) Minor 4 (33.33%) Informational 1 (8.33%) Discussion 0 (0.00%)
ID Title Category Severity Status MAP-01 Centralization Risk Centralization / Privilege Major Partially Resolved MAP-02 Missing Validation for total amount Logical Issue Minor Acknowledged MAT-01 Vesting duration too short Logical Issue Minor Resolved MAT-02 Centralization Risk Centralization / Privilege Major Partially Resolved My Master WAR Security Assessment
AMA-01 | Ineffective isContract() Check Category Severity Location Status Volatile Code Medium contracts/Address.sol (sale): 23~33 Resolved Description The implementation of the isContract check can not cover all scenarios. The check can be bypassed if the call is from the constructor of a smart contract or when the contract is destroyed. Because, in that case, the codesize will also be zero. The "isContract" function in the OpenZeppelin "Address" library uses the same implementation, but comments mention that "it's unsafe to rely on the check and it can be bypassed". Reference: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/Address.sol Recommendation It is recommended to add the additional msg.sender == tx.origin check to cover all the scenarios. Do note that the check still works for the current EVM (London) version, but future updates to the EVM or EIP (ex. EIP-3074) might cause the check to become ineffective. modifier modifier notContract notContract( () ) { { require require( (( (! !_isContract _isContract( (msg msg. .sender sender) )) ) && && ( (msg msg. .sender sender == == tx tx. .origin origin) ), , "contract not "contract not allowed" allowed") ); ; _ _; ; } } function function _isContract _isContract( (address address addr addr) ) internal internal view view returns returns ( (bool bool) ) { { uint256 uint256 size size; ; assembly assembly { { size size := := extcodesize extcodesize( (addr addr) ) } } return return size size > > 0 0; ; } } Alleviation [My Master War Team] : This function is redundant. We've already removed in the contract. My Master WAR Security Assessment
MAA-01 | Potential Risks on Approval/TransferFrom Methods Category Severity Location Status Mathematical Operations Minor contracts/MAT.sol (1): 133~145, 245~255 Resolved Description The approve function could be used in an attack that allows a spender to transfer more tokens than the owner of the tokens ever wanted to allow the spender to transfer. Here is a possible attack scenario: Alice allows Bob to transfer N of Alice's tokens (N>0)  by calling approve method on Token smart contract passing Bob's address and N as method arguments After some time, Alice decides to change from N to M (M>0) the number of Alice's tokens Bob is allowed to transfer, so she calls approve method again, this time passing Bob's address and M as method arguments Bob notices Alice's second transaction before it was mined and quickly sends another transaction that calls ·transferFrom· method to transfer N Alice's tokens somewhere If Bob's transaction will be executed before Alice's transaction, then Bob will successfully transfer N Alice's tokens and will gain the ability to transfer another M tokens Before Alice noticed that something went wrong, Bob calls ·transferFrom· method again, this time to transfer M Alice's tokens. So, Alice's attempt to change Bob's allowance from N to M (N>0 and M>0) made it possible for Bob to transfer N+M of Alice's tokens, while Alice never wanted to allow so many of her tokens to be transferred by Bob. ERC20 API: An Attack Vector on Approve/TransferFrom Methods https://docs.google.com/document/d/1YLPtQxZu1UAvO9cZ1O2RPXBbT0mooh4DYKjA_jp- RLM/edit#heading=h.m9fhqynw2xvt Recommendation We recommend using safeApprove instead of approve method. safeApprove(contract IERC20 token, address spender, uint256 value) Alleviation The response from MyMasterWar team: We add ./ERC20/BEP20.sol file with the safeApprove function and MAT.sol is derived from BEP20.sol My Master WAR Security Assessment
MAA-02 | Public Function that Could be Declared External Category Severity Location Status Gas Optimization Informational contracts/MAT.sol (1): 159~161, 185 Resolved Description public functions that are never called by the contract should be declared external to save gas. Recommendation We recommend using the external attribute for functions never called from the contract. My Master WAR Security Assessment
MAA-03 | Initial token distribution Category Severity Location Status Centralization / Privilege Major contracts/MAT.sol (1): 20~27 Partially Resolved Description All of the MAT tokens are sent to the contract deployer when deploying the contract. Recommendation We recommend the team to be transparent regarding the initial token distribution process. Alleviation The response from MyMasterWar team: We transfer token to the wallet addresses as the allocation described in the whitepaper (from line 12-40) My Master WAR Security Assessment
MAC-01 | Vesting duration too short Category Severity Location Status Logical Issue Minor contracts/MATTeamClaim.sol (sale): 18 Resolved Description Currently, the vesting duration is set to 10 minutes, which is way too short. Recommendation We recommend having a longer vesting duration. Alleviation [My Master War Team]: The vesting time is for test only. In real deployment, We change to vesting time as denote in whitepaper. My Master WAR Security Assessment
MAC-02 | Centralization Risk Category Severity Location Status Centralization / Privilege Major contracts/MATTeamClaim.sol (sale) Partially Resolved Description In linked contracts, the role Owner has the authority over the following function: setTgeTime governanceRecoverUnsupported Any compromise to the Owner account may allow the hacker to take advantage of this. Recommendation We advise the client to carefully manage the Owner account's private key to avoid any potential risks of being hacked. In general, we strongly recommend centralized privileges or roles in the protocol to be improved via a decentralized mechanism or smart-contract-based accounts with enhanced security practices, e.g., Multisignature wallets. Indicatively, here is some feasible suggestions that would also mitigate the potential risk at the different level in term of short-term and long-term: Time-lock with reasonable latency, e.g., 48 hours, for awareness on privileged operations; Assignment of privileged roles to multi-signature wallets to prevent a single point of failure due to the private key; Introduction of a DAO/governance/voting module to increase transparency and user involvement. Alleviation [My Master War Team] : We already known that the owner has the right to call the  setTgeTime and governanceRecoverUnsupported function. It's our design as the TGE is set only one time and the owner is the only one can transfer back the unexpected tokens sending to the contracts. The deployer (owner) has a clear legal binding, and the private key for deploying contract is from hardware wallet. We believe that It's the easy and secure way to interact with smart contracts. My Master WAR Security Assessment
MAE-01 | Centralization Risk Category Severity Location Status Centralization / Privilege Major contracts/MATEcosystemClaim.sol (sale) Partially Resolved Description In linked contracts, the role Owner has the authority over the following function: setTgeTime governanceRecoverUnsupported Any compromise to the Owner account may allow the hacker to take advantage of this. Recommendation We advise the client to carefully manage the Owner account's private key to avoid any potential risks of being hacked. In general, we strongly recommend centralized privileges or roles in the protocol to be improved via a decentralized mechanism or smart-contract-based accounts with enhanced security practices, e.g., Multisignature wallets. Indicatively, here is some feasible suggestions that would also mitigate the potential risk at the different level in term of short-term and long-term: Time-lock with reasonable latency, e.g., 48 hours, for awareness on privileged operations; Assignment of privileged roles to multi-signature wallets to prevent a single point of failure due to the private key; Introduction of a DAO/governance/voting module to increase transparency and user involvement. Alleviation [My Master War Team] : We already known that the owner has the right to call the  setTgeTime and governanceRecoverUnsupported function. It's our design as the TGE is set only one time and the owner is the only one can transfer back the unexpected tokens sending to the contracts. The deployer (owner) has a clear legal binding, and the private key for deploying contract is from hardware wallet. We believe that It's the easy and secure way to interact with smart contracts. My Master WAR Security Assessment
MAM-01 | Centralization Risk Category Severity Location Status Centralization / Privilege Major contracts/MATMarketingClaim.sol (sale) Partially Resolved Description In linked contracts, the role Owner has the authority over the following function: setTgeTime governanceRecoverUnsupported Any compromise to the Owner account may allow the hacker to take advantage of this. Recommendation We advise the client to carefully manage the Owner account's private key to avoid any potential risks of being hacked. In general, we strongly recommend centralized privileges or roles in the protocol to be improved via a decentralized mechanism or smart-contract-based accounts with enhanced security practices, e.g., Multisignature wallets. Indicatively, here is some feasible suggestions that would also mitigate the potential risk at the different level in term of short-term and long-term: Time-lock with reasonable latency, e.g., 48 hours, for awareness on privileged operations; Assignment of privileged roles to multi-signature wallets to prevent a single point of failure due to the private key; Introduction of a DAO/governance/voting module to increase transparency and user involvement. Alleviation [My Master War Team] : We already known that the owner has the right to call the  setTgeTime and governanceRecoverUnsupported function. It's our design as the TGE is set only one time and the owner is the only one can transfer back the unexpected tokens sending to the contracts. The deployer (owner) has a clear legal binding, and the private key for deploying contract is from hardware wallet. We believe that It's the easy and secure way to interact with smart contracts. My Master WAR Security Assessment
MAP-01 | Centralization Risk Category Severity Location Status Centralization / Privilege Major contracts/MATPrivateSaleClaim.sol (sale) Partially Resolved Description In linked contracts, the role Owner has the authority over the following function: setTgeTime setWhilelist governanceRecoverUnsupported Any compromise to the Owner account may allow the hacker to take advantage of this. Recommendation We advise the client to carefully manage the Owner account's private key to avoid any potential risks of being hacked. In general, we strongly recommend centralized privileges or roles in the protocol to be improved via a decentralized mechanism or smart-contract-based accounts with enhanced security practices, e.g., Multisignature wallets. Indicatively, here is some feasible suggestions that would also mitigate the potential risk at the different level in term of short-term and long-term: Time-lock with reasonable latency, e.g., 48 hours, for awareness on privileged operations; Assignment of privileged roles to multi-signature wallets to prevent a single point of failure due to the private key; Introduction of a DAO/governance/voting module to increase transparency and user involvement. Alleviation [My Master War Team] : We already known that the owner has the right to call the  setTgeTime and governanceRecoverUnsupported function. It's our design as the TGE is set only one time and the owner is the only one can transfer back the unexpected tokens sending to the contracts. The deployer (owner) has a clear legal binding, and the private key for deploying contract is from hardware wallet. We believe that It's the easy and secure way to interact with smart contracts. My Master WAR Security Assessment
MAP-02 | Missing Validation for total amount Category Severity Location Status Logical Issue Minor contracts/MATPrivateSaleClaim.sol (sale): 66~79 Acknowledged Description When function setWhilelist is called, it is possible that the total amount within the locks mapping is larger than the total balance in the contract. In this case, some address could not claim their rewards. Recommendation We advise adding the check for the passed-in values to prevent unexpected error. My Master WAR Security Assessment
MAT-01 | Vesting duration too short Category Severity Location Status Logical Issue Minor contracts/MATTreasuryClaim.sol (sale): 17 Resolved Description Currently, the vesting duration is set to 10 minutes, which is way too short. Recommendation We recommend having a longer vesting duration. Alleviation [My Master War Team]: The vesting time is for test only. In real deployment, We change to vesting time as denote in whitepaper. My Master WAR Security Assessment
MAT-02 | Centralization Risk Category Severity Location Status Centralization / Privilege Major contracts/MATTreasuryClaim.sol (sale) Partially Resolved Description In linked contracts, the role Owner has the authority over the following function: setTgeTime governanceRecoverUnsupported Any compromise to the Owner account may allow the hacker to take advantage of this. Recommendation We advise the client to carefully manage the Owner account's private key to avoid any potential risks of being hacked. In general, we strongly recommend centralized privileges or roles in the protocol to be improved via a decentralized mechanism or smart-contract-based accounts with enhanced security practices, e.g., Multisignature wallets. Indicatively, here is some feasible suggestions that would also mitigate the potential risk at the different level in term of short-term and long-term: Time-lock with reasonable latency, e.g., 48 hours, for awareness on privileged operations; Assignment of privileged roles to multi-signature wallets to prevent a single point of failure due to the private key; Introduction of a DAO/governance/voting module to increase transparency and user involvement. Alleviation [My Master War Team] : We already known that the owner has the right to call the  setTgeTime and governanceRecoverUnsupported function. It's our design as the TGE is set only one time and the owner is the only one can transfer back the unexpected tokens sending to the contracts. The deployer (owner) has a clear legal binding, and the private key for deploying contract is from hardware wallet. We believe that It's the easy and secure way to interact with smart contracts. My Master WAR Security Assessment
Appendix Finding Categories Centralization / Privilege Centralization / Privilege findings refer to either feature logic or implementation of components that act against the nature of decentralization, such as explicit ownership or specialized access roles in combination with a mechanism to relocate funds. Gas Optimization Gas Optimization findings do not affect the functionality of the code but generate different, more optimal EVM opcodes resulting in a reduction on the total gas cost of a transaction. Mathematical Operations Mathematical Operation findings relate to mishandling of math formulas, such as overflows, incorrect operations etc. Logical Issue Logical Issue findings detail a fault in the logic of the linked code, such as an incorrect notion on how block.timestamp works. Volatile Code Volatile Code findings refer to segments of code that behave unexpectedly on certain edge cases that may result in a vulnerability. Checksum Calculation Method The "Checksum" field in the "Audit Scope" section is calculated as the SHA-256 (Secure Hash Algorithm 2 with digest size of 256 bits) digest of the content of each file hosted in the listed source repository under the specified commit. The result is hexadecimal encoded and is the same as the output of the Linux "sha256sum" command against the target file. My Master WAR Security Assessment
Disclaimer This report is subject to the terms and conditions (including without limitation, description of services, confidentiality, disclaimer and limitation of liability) set forth in the Services Agreement, or the scope of services, and terms and conditions provided to you (“Customer” or the “Company”) in connection with the Agreement. This report provided in connection with the Services set forth in the Agreement shall be used by the Company only to the extent permitted under the terms and conditions set forth in the Agreement. This report may not be transmitted, disclosed, referred to or relied upon by any person for any purposes, nor may copies be delivered to any other person other than the Company, without CertiK’s prior written consent in each instance. This report is not, nor should be considered, an “endorsement” or “disapproval” of any particular project or team. This report is not, nor should be considered, an indication of the economics or value of any “product” or “asset” created by any team or project that contracts CertiK to perform a security assessment. This report does not provide any warranty or guarantee regarding the absolute bug-free nature of the technology analyzed, nor do they provide any indication of the technologies proprietors, business, business model or legal compliance. This report should not be used in any way to make decisions around investment or involvement with any particular project. This report in no way provides investment advice, nor should be leveraged as investment advice of any sort. This report represents an extensive assessing process intending to help our customers increase the quality of their code while reducing the high level of risk presented by cryptographic tokens and blockchain technology. Blockchain technology and cryptographic assets present a high level of ongoing risk. CertiK’s position is that each company and individual are responsible for their own due diligence and continuous security. CertiK’s goal is to help reduce the attack vectors and the high level of variance associated with utilizing new and consistently changing technologies, and in no way claims any guarantee of security or functionality of the technology we agree to analyze. The assessment services provided by CertiK is subject to dependencies and under continuing development. You agree that your access and/or use, including but not limited to any services, reports, and materials, will be at your sole risk on an as-is, where-is, and as-available basis. Cryptographic tokens are emergent technologies and carry with them high levels of technical risk and uncertainty. The assessment reports could include false positives, false negatives, and other unpredictable results. The services may access, and depend upon, multiple layers of third-parties. ALL SERVICES, THE LABELS, THE ASSESSMENT REPORT, WORK PRODUCT, OR OTHER MATERIALS, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF ARE PROVIDED “AS IS” AND “AS My Master WAR Security Assessment
AVAILABLE” AND WITH ALL FAULTS AND DEFECTS WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, CERTIK HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE SERVICES, ASSESSMENT REPORT, OR OTHER MATERIALS. WITHOUT LIMITING THE FOREGOING, CERTIK SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. WITHOUT LIMITING THE FOREGOING, CERTIK MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES, THE LABELS, THE ASSESSMENT REPORT, WORK PRODUCT, OR OTHER MATERIALS, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR-FREE. WITHOUT LIMITATION TO THE FOREGOING, CERTIK PROVIDES NO WARRANTY OR UNDERTAKING, AND MAKES NO REPRESENTATION OF ANY KIND THAT THE SERVICE WILL MEET CUSTOMER’S REQUIREMENTS, ACHIEVE ANY INTENDED RESULTS, BE COMPATIBLE OR WORK WITH ANY OTHER SOFTWARE, APPLICATIONS, SYSTEMS OR SERVICES, OPERATE WITHOUT INTERRUPTION, MEET ANY PERFORMANCE OR RELIABILITY STANDARDS OR BE ERROR FREE OR THAT ANY ERRORS OR DEFECTS CAN OR WILL BE CORRECTED. WITHOUT LIMITING THE FOREGOING, NEITHER CERTIK NOR ANY OF CERTIK’S AGENTS MAKES ANY REPRESENTATION OR WARRANTY OF ANY KIND, EXPRESS OR IMPLIED AS TO THE ACCURACY, RELIABILITY, OR CURRENCY OF ANY INFORMATION OR CONTENT PROVIDED THROUGH THE SERVICE. CERTIK WILL ASSUME NO LIABILITY OR RESPONSIBILITY FOR (I) ANY ERRORS, MISTAKES, OR INACCURACIES OF CONTENT AND MATERIALS OR FOR ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF ANY CONTENT, OR (II) ANY PERSONAL INJURY OR PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM CUSTOMER’S ACCESS TO OR USE OF THE SERVICES, ASSESSMENT REPORT, OR OTHER MATERIALS. ALL THIRD-PARTY MATERIALS ARE PROVIDED “AS IS” AND ANY REPRESENTATION OR WARRANTY OF OR CONCERNING ANY THIRD-PARTY MATERIALS IS STRICTLY BETWEEN CUSTOMER AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE THIRD-PARTY MATERIALS. THE SERVICES, ASSESSMENT REPORT, AND ANY OTHER MATERIALS HEREUNDER ARE SOLELY PROVIDED TO CUSTOMER AND MAY NOT BE RELIED ON BY ANY OTHER PERSON OR FOR ANY PURPOSE NOT SPECIFICALLY IDENTIFIED IN THIS AGREEMENT, NOR MAY COPIES BE DELIVERED TO, ANY OTHER PERSON WITHOUT CERTIK’S PRIOR WRITTEN CONSENT IN EACH INSTANCE. NO THIRD PARTY OR ANYONE ACTING ON BEHALF OF ANY THEREOF, SHALL BE A THIRD PARTY OR OTHER BENEFICIARY OF SUCH SERVICES, ASSESSMENT REPORT, AND ANY ACCOMPANYING My Master WAR Security Assessment
MATERIALS AND NO SUCH THIRD PARTY SHALL HAVE ANY RIGHTS OF CONTRIBUTION AGAINST CERTIK WITH RESPECT TO SUCH SERVICES, ASSESSMENT REPORT, AND ANY ACCOMPANYING MATERIALS. THE REPRESENTATIONS AND WARRANTIES OF CERTIK CONTAINED IN THIS AGREEMENT ARE SOLELY FOR THE BENEFIT OF CUSTOMER. ACCORDINGLY, NO THIRD PARTY OR ANYONE ACTING ON BEHALF OF ANY THEREOF, SHALL BE A THIRD PARTY OR OTHER BENEFICIARY OF SUCH REPRESENTATIONS AND WARRANTIES AND NO SUCH THIRD PARTY SHALL HAVE ANY RIGHTS OF CONTRIBUTION AGAINST CERTIK WITH RESPECT TO SUCH REPRESENTATIONS OR WARRANTIES OR ANY MATTER SUBJECT TO OR RESULTING IN INDEMNIFICATION UNDER THIS AGREEMENT OR OTHERWISE. FOR AVOIDANCE OF DOUBT, THE SERVICES, INCLUDING ANY ASSOCIATED ASSESSMENT REPORTS OR MATERIALS, SHALL NOT BE CONSIDERED OR RELIED UPON AS ANY FORM OF FINANCIAL, TAX, LEGAL, REGULATORY, OR OTHER ADVICE. My Master WAR Security Assessment
About Founded in 2017 by leading academics in the field of Computer Science from both Yale and Columbia University, CertiK is a leading blockchain security company that serves to verify the security and correctness of smart contracts and blockchain-based protocols. Through the utilization of our world-class technical expertise, alongside our proprietary, innovative tech, we’re able to support the success of our clients with best-in-class security, all whilst realizing our overarching vision; provable trust for all throughout all facets of blockchain. My Master WAR Security Assessment

Recommended

Peck shield audit-report-umee-v1.0
Peck shield audit-report-umee-v1.0Peck shield audit-report-umee-v1.0
Peck shield audit-report-umee-v1.0
KennyNajarro2
 
[2022.02] umee blockchain final report - public
[2022.02] umee blockchain final report - public[2022.02] umee blockchain final report - public
[2022.02] umee blockchain final report - public
KennyNajarro2
 
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET Journal
 
Rep strips-finance-2021-11-24
Rep strips-finance-2021-11-24Rep strips-finance-2021-11-24
Rep strips-finance-2021-11-24
ChengZhu22
 
Peck shield audit-report-strips-1.0-for_medium
Peck shield audit-report-strips-1.0-for_mediumPeck shield audit-report-strips-1.0-for_medium
Peck shield audit-report-strips-1.0-for_medium
ChengZhu22
 
Quantstamp Report - LINKSWAP
Quantstamp Report - LINKSWAPQuantstamp Report - LINKSWAP
Quantstamp Report - LINKSWAP
Roy Blackstone
 
Blockchain Land Audit Report.pdf
Blockchain Land Audit Report.pdfBlockchain Land Audit Report.pdf
Blockchain Land Audit Report.pdf
BlockchainLand
 
Sacred CertiK security assessment for Sacred
Sacred CertiK security assessment for SacredSacred CertiK security assessment for Sacred
Sacred CertiK security assessment for Sacred
31bridgeport
 

Recommended

Peck shield audit-report-umee-v1.0
Peck shield audit-report-umee-v1.0Peck shield audit-report-umee-v1.0
Peck shield audit-report-umee-v1.0
KennyNajarro2
 
[2022.02] umee blockchain final report - public
[2022.02] umee blockchain final report - public[2022.02] umee blockchain final report - public
[2022.02] umee blockchain final report - public
KennyNajarro2
 
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET- Survey on Mitigation Techniques of Economical Denial of Sustainabi...
IRJET Journal
 
Rep strips-finance-2021-11-24
Rep strips-finance-2021-11-24Rep strips-finance-2021-11-24
Rep strips-finance-2021-11-24
ChengZhu22
 
Peck shield audit-report-strips-1.0-for_medium
Peck shield audit-report-strips-1.0-for_mediumPeck shield audit-report-strips-1.0-for_medium
Peck shield audit-report-strips-1.0-for_medium
ChengZhu22
 
Quantstamp Report - LINKSWAP
Quantstamp Report - LINKSWAPQuantstamp Report - LINKSWAP
Quantstamp Report - LINKSWAP
Roy Blackstone
 
Blockchain Land Audit Report.pdf
Blockchain Land Audit Report.pdfBlockchain Land Audit Report.pdf
Blockchain Land Audit Report.pdf
BlockchainLand
 
Sacred CertiK security assessment for Sacred
Sacred CertiK security assessment for SacredSacred CertiK security assessment for Sacred
Sacred CertiK security assessment for Sacred
31bridgeport
 
Sacred CertiK Security Assessment
Sacred CertiK Security AssessmentSacred CertiK Security Assessment
Sacred CertiK Security Assessment
31bridgeport
 
End-to-End Security in Mobile-Cloud Computing
End-to-End Security in Mobile-Cloud ComputingEnd-to-End Security in Mobile-Cloud Computing
End-to-End Security in Mobile-Cloud Computing
Dr Sukhpal Singh Gill
 
CertiK-Audit-for-ShibaSwap-v8.pdf
CertiK-Audit-for-ShibaSwap-v8.pdfCertiK-Audit-for-ShibaSwap-v8.pdf
CertiK-Audit-for-ShibaSwap-v8.pdf
UdayaprakashRai1
 
RMAC – A LIGHTWEIGHT AUTHENTICATION PROTOCOL FOR HIGHLY CONSTRAINED IOT DEVICES
RMAC – A LIGHTWEIGHT AUTHENTICATION PROTOCOL FOR HIGHLY CONSTRAINED IOT DEVICESRMAC – A LIGHTWEIGHT AUTHENTICATION PROTOCOL FOR HIGHLY CONSTRAINED IOT DEVICES
RMAC – A LIGHTWEIGHT AUTHENTICATION PROTOCOL FOR HIGHLY CONSTRAINED IOT DEVICES
ijcisjournal
 
Ambisafe smart contracts audit
Ambisafe smart contracts auditAmbisafe smart contracts audit
Ambisafe smart contracts audit
Yar Naumenko
 
growthbotics audit.pdf
growthbotics audit.pdfgrowthbotics audit.pdf
growthbotics audit.pdf
Wilson Kao
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a Hacker
ForAllSecure
 
Attacking and Exploiting Ethereum Smart Contracts: Auditing 101
Attacking and Exploiting Ethereum Smart Contracts: Auditing 101Attacking and Exploiting Ethereum Smart Contracts: Auditing 101
Attacking and Exploiting Ethereum Smart Contracts: Auditing 101
Simone Onofri
 
Code coverage in theory and in practice form the do178 b perspective
Code coverage in theory and in practice form the do178 b perspectiveCode coverage in theory and in practice form the do178 b perspective
Code coverage in theory and in practice form the do178 b perspective
Engineering Software Lab
 
Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective
Engineering Software Lab
 
QuillAudit Smart contracts audit ppt - https://audits.quillhash.com
QuillAudit Smart contracts audit ppt - https://audits.quillhash.comQuillAudit Smart contracts audit ppt - https://audits.quillhash.com
QuillAudit Smart contracts audit ppt - https://audits.quillhash.com
Preetam Rao
 
Variability-Aware Safety Analysisusing Delta Component Fault.docx
Variability-Aware Safety Analysisusing Delta Component Fault.docxVariability-Aware Safety Analysisusing Delta Component Fault.docx
Variability-Aware Safety Analysisusing Delta Component Fault.docx
dickonsondorris
 
Bounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC editionBounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC edition
Sandro Gauci
 
[2022.02] Umee blockchain - Final Report - Public(1).pdf
[2022.02] Umee blockchain - Final Report - Public(1).pdf[2022.02] Umee blockchain - Final Report - Public(1).pdf
[2022.02] Umee blockchain - Final Report - Public(1).pdf
KennyNajarro2
 
X41-TUF-Audit-2022-Final-Report-PUBLIC.pdf
X41-TUF-Audit-2022-Final-Report-PUBLIC.pdfX41-TUF-Audit-2022-Final-Report-PUBLIC.pdf
X41-TUF-Audit-2022-Final-Report-PUBLIC.pdf
nattamailru
 
SAP consulting results
SAP consulting resultsSAP consulting results
SAP consulting results
Konstantin Berger
 
Deployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V CoreDeployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V Core
IRJET Journal
 
Wp ci securing_layer2
Wp ci securing_layer2Wp ci securing_layer2
Wp ci securing_layer2
Amargo Durazno
 
Interledger DvP Settlement on Amazon Managed Blockchain
Interledger DvP Settlement on Amazon Managed BlockchainInterledger DvP Settlement on Amazon Managed Blockchain
Interledger DvP Settlement on Amazon Managed Blockchain
Amazon Web Services
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Hitachi, Ltd. OSS Solution Center.
 
Lite version of elevator game simplified.pptx
Lite version of elevator game simplified.pptxLite version of elevator game simplified.pptx
Lite version of elevator game simplified.pptx
einarsvan32
 
A KING’S HEART THE STORY OF TSAR BORIS III (Drama) (Feature Film Project in D...
A KING’S HEART THE STORY OF TSAR BORIS III (Drama) (Feature Film Project in D...A KING’S HEART THE STORY OF TSAR BORIS III (Drama) (Feature Film Project in D...
A KING’S HEART THE STORY OF TSAR BORIS III (Drama) (Feature Film Project in D...
Art Feeling Films
 

More Related Content

Similar to MyMasterWar $MAT Certik Audit

RMAC – A LIGHTWEIGHT AUTHENTICATION PROTOCOL FOR HIGHLY CONSTRAINED IOT DEVICES
RMAC – A LIGHTWEIGHT AUTHENTICATION PROTOCOL FOR HIGHLY CONSTRAINED IOT DEVICESRMAC – A LIGHTWEIGHT AUTHENTICATION PROTOCOL FOR HIGHLY CONSTRAINED IOT DEVICES
RMAC – A LIGHTWEIGHT AUTHENTICATION PROTOCOL FOR HIGHLY CONSTRAINED IOT DEVICES
ijcisjournal
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a Hacker
ForAllSecure
 
Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective
Engineering Software Lab
 
Variability-Aware Safety Analysisusing Delta Component Fault.docx
Variability-Aware Safety Analysisusing Delta Component Fault.docxVariability-Aware Safety Analysisusing Delta Component Fault.docx
Variability-Aware Safety Analysisusing Delta Component Fault.docx
dickonsondorris
 

Similar to MyMasterWar $MAT Certik Audit (20)

Sacred CertiK Security Assessment
Sacred CertiK Security AssessmentSacred CertiK Security Assessment
Sacred CertiK Security Assessment
 
End-to-End Security in Mobile-Cloud Computing
End-to-End Security in Mobile-Cloud ComputingEnd-to-End Security in Mobile-Cloud Computing
End-to-End Security in Mobile-Cloud Computing
 
CertiK-Audit-for-ShibaSwap-v8.pdf
CertiK-Audit-for-ShibaSwap-v8.pdfCertiK-Audit-for-ShibaSwap-v8.pdf
CertiK-Audit-for-ShibaSwap-v8.pdf
 
RMAC – A LIGHTWEIGHT AUTHENTICATION PROTOCOL FOR HIGHLY CONSTRAINED IOT DEVICES
RMAC – A LIGHTWEIGHT AUTHENTICATION PROTOCOL FOR HIGHLY CONSTRAINED IOT DEVICESRMAC – A LIGHTWEIGHT AUTHENTICATION PROTOCOL FOR HIGHLY CONSTRAINED IOT DEVICES
RMAC – A LIGHTWEIGHT AUTHENTICATION PROTOCOL FOR HIGHLY CONSTRAINED IOT DEVICES
 
Ambisafe smart contracts audit
Ambisafe smart contracts auditAmbisafe smart contracts audit
Ambisafe smart contracts audit
 
growthbotics audit.pdf
growthbotics audit.pdfgrowthbotics audit.pdf
growthbotics audit.pdf
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a Hacker
 
Attacking and Exploiting Ethereum Smart Contracts: Auditing 101
Attacking and Exploiting Ethereum Smart Contracts: Auditing 101Attacking and Exploiting Ethereum Smart Contracts: Auditing 101
Attacking and Exploiting Ethereum Smart Contracts: Auditing 101
 
Code coverage in theory and in practice form the do178 b perspective
Code coverage in theory and in practice form the do178 b perspectiveCode coverage in theory and in practice form the do178 b perspective
Code coverage in theory and in practice form the do178 b perspective
 
Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective
 
QuillAudit Smart contracts audit ppt - https://audits.quillhash.com
QuillAudit Smart contracts audit ppt - https://audits.quillhash.comQuillAudit Smart contracts audit ppt - https://audits.quillhash.com
QuillAudit Smart contracts audit ppt - https://audits.quillhash.com
 
Variability-Aware Safety Analysisusing Delta Component Fault.docx
Variability-Aware Safety Analysisusing Delta Component Fault.docxVariability-Aware Safety Analysisusing Delta Component Fault.docx
Variability-Aware Safety Analysisusing Delta Component Fault.docx
 
Bounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC editionBounty bout 0x01 - WebRTC edition
Bounty bout 0x01 - WebRTC edition
 
[2022.02] Umee blockchain - Final Report - Public(1).pdf
[2022.02] Umee blockchain - Final Report - Public(1).pdf[2022.02] Umee blockchain - Final Report - Public(1).pdf
[2022.02] Umee blockchain - Final Report - Public(1).pdf
 
X41-TUF-Audit-2022-Final-Report-PUBLIC.pdf
X41-TUF-Audit-2022-Final-Report-PUBLIC.pdfX41-TUF-Audit-2022-Final-Report-PUBLIC.pdf
X41-TUF-Audit-2022-Final-Report-PUBLIC.pdf
 
SAP consulting results
SAP consulting resultsSAP consulting results
SAP consulting results
 
Deployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V CoreDeployment of Debug and Trace for features in RISC-V Core
Deployment of Debug and Trace for features in RISC-V Core
 
Wp ci securing_layer2
Wp ci securing_layer2Wp ci securing_layer2
Wp ci securing_layer2
 
Interledger DvP Settlement on Amazon Managed Blockchain
Interledger DvP Settlement on Amazon Managed BlockchainInterledger DvP Settlement on Amazon Managed Blockchain
Interledger DvP Settlement on Amazon Managed Blockchain
 
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
 

Recently uploaded

一比一原版(Westminster毕业证)威斯敏斯特大学毕业证成绩单
一比一原版(Westminster毕业证)威斯敏斯特大学毕业证成绩单一比一原版(Westminster毕业证)威斯敏斯特大学毕业证成绩单
一比一原版(Westminster毕业证)威斯敏斯特大学毕业证成绩单
utykdaq
 
Driving & Racing Games Online for Free_ Explore the Excitement with ATM HTML ...
Driving & Racing Games Online for Free_ Explore the Excitement with ATM HTML ...Driving & Racing Games Online for Free_ Explore the Excitement with ATM HTML ...
Driving & Racing Games Online for Free_ Explore the Excitement with ATM HTML ...
ATM HTML Games
 
一比一原版(MSU毕业证)密苏里州立大学毕业证成绩单
一比一原版(MSU毕业证)密苏里州立大学毕业证成绩单一比一原版(MSU毕业证)密苏里州立大学毕业证成绩单
一比一原版(MSU毕业证)密苏里州立大学毕业证成绩单
utykdaq
 
一比一原版(OSU毕业证)俄勒冈州立大学毕业证成绩单
一比一原版(OSU毕业证)俄勒冈州立大学毕业证成绩单一比一原版(OSU毕业证)俄勒冈州立大学毕业证成绩单
一比一原版(OSU毕业证)俄勒冈州立大学毕业证成绩单
utykdaq
 
一比一原版(UAL毕业证)伦敦艺术大学毕业证成绩单
一比一原版(UAL毕业证)伦敦艺术大学毕业证成绩单一比一原版(UAL毕业证)伦敦艺术大学毕业证成绩单
一比一原版(UAL毕业证)伦敦艺术大学毕业证成绩单
utykdaq
 
一比一原版(UCL毕业证)伦敦大学学院毕业证成绩单
一比一原版(UCL毕业证)伦敦大学学院毕业证成绩单一比一原版(UCL毕业证)伦敦大学学院毕业证成绩单
一比一原版(UCL毕业证)伦敦大学学院毕业证成绩单
utykdaq
 
一比一原版(OSU毕业证)俄亥俄州立大学哥伦布分校毕业证成绩单
一比一原版(OSU毕业证)俄亥俄州立大学哥伦布分校毕业证成绩单一比一原版(OSU毕业证)俄亥俄州立大学哥伦布分校毕业证成绩单
一比一原版(OSU毕业证)俄亥俄州立大学哥伦布分校毕业证成绩单
utykdaq
 
一比一原版(QMUL毕业证)伦敦玛丽女王大学毕业证成绩单
一比一原版(QMUL毕业证)伦敦玛丽女王大学毕业证成绩单一比一原版(QMUL毕业证)伦敦玛丽女王大学毕业证成绩单
一比一原版(QMUL毕业证)伦敦玛丽女王大学毕业证成绩单
utykdaq
 

Recently uploaded (20)

Lite version of elevator game simplified.pptx
Lite version of elevator game simplified.pptxLite version of elevator game simplified.pptx
Lite version of elevator game simplified.pptx
 
A KING’S HEART THE STORY OF TSAR BORIS III (Drama) (Feature Film Project in D...
A KING’S HEART THE STORY OF TSAR BORIS III (Drama) (Feature Film Project in D...A KING’S HEART THE STORY OF TSAR BORIS III (Drama) (Feature Film Project in D...
A KING’S HEART THE STORY OF TSAR BORIS III (Drama) (Feature Film Project in D...
 
PPT aviator (A small guide on spinmatch).pptx
PPT aviator (A small guide on spinmatch).pptxPPT aviator (A small guide on spinmatch).pptx
PPT aviator (A small guide on spinmatch).pptx
 
一比一原版(Westminster毕业证)威斯敏斯特大学毕业证成绩单
一比一原版(Westminster毕业证)威斯敏斯特大学毕业证成绩单一比一原版(Westminster毕业证)威斯敏斯特大学毕业证成绩单
一比一原版(Westminster毕业证)威斯敏斯特大学毕业证成绩单
 
Driving & Racing Games Online for Free_ Explore the Excitement with ATM HTML ...
Driving & Racing Games Online for Free_ Explore the Excitement with ATM HTML ...Driving & Racing Games Online for Free_ Explore the Excitement with ATM HTML ...
Driving & Racing Games Online for Free_ Explore the Excitement with ATM HTML ...
 
一比一原版(MSU毕业证)密苏里州立大学毕业证成绩单
一比一原版(MSU毕业证)密苏里州立大学毕业证成绩单一比一原版(MSU毕业证)密苏里州立大学毕业证成绩单
一比一原版(MSU毕业证)密苏里州立大学毕业证成绩单
 
Top Best IPTV Providers in the UK for 2024.pdf
Top Best IPTV Providers in the UK for 2024.pdfTop Best IPTV Providers in the UK for 2024.pdf
Top Best IPTV Providers in the UK for 2024.pdf
 
一比一原版(OSU毕业证)俄勒冈州立大学毕业证成绩单
一比一原版(OSU毕业证)俄勒冈州立大学毕业证成绩单一比一原版(OSU毕业证)俄勒冈州立大学毕业证成绩单
一比一原版(OSU毕业证)俄勒冈州立大学毕业证成绩单
 
"My Silence, My Grave: The Making Of" Booklet
"My Silence, My Grave: The Making Of" Booklet"My Silence, My Grave: The Making Of" Booklet
"My Silence, My Grave: The Making Of" Booklet
 
Bromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pure
Bromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pureBromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pure
Bromazolam CAS 71368-80-4 high quality opiates, Safe transportation, 99% pure
 
一比一原版(UAL毕业证)伦敦艺术大学毕业证成绩单
一比一原版(UAL毕业证)伦敦艺术大学毕业证成绩单一比一原版(UAL毕业证)伦敦艺术大学毕业证成绩单
一比一原版(UAL毕业证)伦敦艺术大学毕业证成绩单
 
The Ultimate Guide to Mom IPTV- Everything You Need to Know in 2024.pdf
The Ultimate Guide to Mom IPTV- Everything You Need to Know in 2024.pdfThe Ultimate Guide to Mom IPTV- Everything You Need to Know in 2024.pdf
The Ultimate Guide to Mom IPTV- Everything You Need to Know in 2024.pdf
 
一比一原版(UCL毕业证)伦敦大学学院毕业证成绩单
一比一原版(UCL毕业证)伦敦大学学院毕业证成绩单一比一原版(UCL毕业证)伦敦大学学院毕业证成绩单
一比一原版(UCL毕业证)伦敦大学学院毕业证成绩单
 
plantillas-powerpoint-hello-kitty.pptx.n
plantillas-powerpoint-hello-kitty.pptx.nplantillas-powerpoint-hello-kitty.pptx.n
plantillas-powerpoint-hello-kitty.pptx.n
 
Online Lotus ID | India's Top Cricket Betting ID Platform
Online Lotus ID | India's Top Cricket Betting ID PlatformOnline Lotus ID | India's Top Cricket Betting ID Platform
Online Lotus ID | India's Top Cricket Betting ID Platform
 
Gene Simmons' $400 Million Success Story: A Closer Look
Gene Simmons' $400 Million Success Story: A Closer LookGene Simmons' $400 Million Success Story: A Closer Look
Gene Simmons' $400 Million Success Story: A Closer Look
 
一比一原版(OSU毕业证)俄亥俄州立大学哥伦布分校毕业证成绩单
一比一原版(OSU毕业证)俄亥俄州立大学哥伦布分校毕业证成绩单一比一原版(OSU毕业证)俄亥俄州立大学哥伦布分校毕业证成绩单
一比一原版(OSU毕业证)俄亥俄州立大学哥伦布分校毕业证成绩单
 
Q4 WEEK 1 JUDGE THE RELEVANCE AND WORTH OF IDEAS.pptx
Q4 WEEK 1 JUDGE THE RELEVANCE AND WORTH OF IDEAS.pptxQ4 WEEK 1 JUDGE THE RELEVANCE AND WORTH OF IDEAS.pptx
Q4 WEEK 1 JUDGE THE RELEVANCE AND WORTH OF IDEAS.pptx
 
Dehradun Girls 9719300533 Heat-lava { Dehradun } Whiz ℂall Serviℂe By Our
Dehradun Girls 9719300533 Heat-lava { Dehradun } Whiz ℂall Serviℂe By OurDehradun Girls 9719300533 Heat-lava { Dehradun } Whiz ℂall Serviℂe By Our
Dehradun Girls 9719300533 Heat-lava { Dehradun } Whiz ℂall Serviℂe By Our
 
一比一原版(QMUL毕业证)伦敦玛丽女王大学毕业证成绩单
一比一原版(QMUL毕业证)伦敦玛丽女王大学毕业证成绩单一比一原版(QMUL毕业证)伦敦玛丽女王大学毕业证成绩单
一比一原版(QMUL毕业证)伦敦玛丽女王大学毕业证成绩单
 

MyMasterWar $MAT Certik Audit

  • 1. Security Assessment My Master WAR Oct 4th, 2021
  • 2. Table of Contents Summary Overview Project Summary Audit Summary Vulnerability Summary Audit Scope Findings AMA-01 : Ineffective `isContract()` Check MAA-01 : Potential Risks on Approval/TransferFrom Methods MAA-02 : Public Function that Could be Declared External MAA-03 : Initial token distribution MAC-01 : Vesting duration too short MAC-02 : Centralization Risk MAE-01 : Centralization Risk MAM-01 : Centralization Risk MAP-01 : Centralization Risk MAP-02 : Missing Validation for total amount MAT-01 : Vesting duration too short MAT-02 : Centralization Risk Appendix Disclaimer About My Master WAR Security Assessment
  • 3. Summary This report has been prepared for My Master WAR to discover issues and vulnerabilities in the source code of the My Master WAR project as well as any contract dependencies that were not part of an officially recognized library. A comprehensive examination has been performed, utilizing Static Analysis and Manual Review techniques. The auditing process pays special attention to the following considerations: Testing the smart contracts against both common and uncommon attack vectors. Assessing the codebase to ensure compliance with current best practices and industry standards. Ensuring contract logic meets the specifications and intentions of the client. Cross referencing contract structure and implementation against similar smart contracts produced by industry leaders. Thorough line-by-line manual review of the entire codebase by industry experts. The security assessment resulted in findings that ranged from critical to informational. We recommend addressing these findings to ensure a high level of security standards and industry practices. We suggest recommendations that could better serve the project from the security perspective: Enhance general coding practices for better structures of source codes; Add enough unit tests to cover the possible use cases; Provide more comments per each function for readability, especially contracts that are verified in public; Provide more transparency on privileged activities once the protocol is live. My Master WAR Security Assessment
  • 4. Overview Project Summary Project Name My Master WAR Description DeFi Platform Ethereum Language Solidity Codebase https://github.com/MyMasterWar/MAT- erc20/tree/1a37ac523295601bad40fab657c1a6647085d739 https://github.com/MyMasterWar/MAT-claim Commit 1a37ac523295601bad40fab657c1a6647085d739 46a88f7c862b9a45ef44a04dc737077ba99ab834 8231f7c8149b09b3d1820ff889cd2957e046b42e Audit Summary Delivery Date Oct 04, 2021 Audit Methodology Static Analysis, Manual Review Key Components Vulnerability Summary Vulnerability Level Total Pending Declined Acknowledged Partially Resolved Resolved Critical 0 0 0 0 0 0 Major 6 0 0 0 6 0 Medium 1 0 0 0 0 1 Minor 4 0 0 1 0 3 Informational 1 0 0 0 0 1 Discussion 0 0 0 0 0 0 My Master WAR Security Assessment
  • 5. Audit Scope ID File SHA256 Checksum BEP contracts/ERC20/BEP20.sol 24706a337b39e0a035c54c489b583b9d69e6642eca75e2fdc02239fc77c9c48b IBE contracts/ERC20/IBEP20.sol afc0a51377b2d84a9e6df323b6e61b1c4688d9546c83f702e0e8c738d24774b1 IBP contracts/ERC20/IBEP20Metadata.sol 573808a11e25bfb889a00391e30d8e6a7860e87251ab069af149b1146ded4b28 SBE contracts/ERC20/SafeBEP20.sol 2d0197ae0ad87713a28aec66b866f368a7aad45b0a2de03c63a6d4c1b25fe655 OMA contracts/access/Ownable.sol 3f4b02cdb1bc35cd0fdc225d7feb55236d31e8e382685b6685273d64332cb941 AMA contracts/util/Address.sol 274634e4c81504956c51b25ae887062e79f10497ebc2a12441de4ce5fde49a8b CMA contracts/util/Context.sol dd81b252b7a67cc5abef9a6d2e6731a00a217620d14133797cdf06ca22aa63f8 SMM contracts/util/SafeMath.sol 517d4367224491a4cd8e145f020fb17615a5620779b813d8989b8b33ec77ea90 MAA contracts/MAT.sol c316fc1c20f2d4975d4e40d7df93bda1fb668ab6a5c5de94426a21b11f7cacb2 My Master WAR Security Assessment
  • 6. Findings ID Title Category Severity Status AMA-01 Ineffective isContract() Check Volatile Code Medium Resolved MAA-01 Potential Risks on Approval/TransferFrom Methods Mathematical Operations Minor Resolved MAA-02 Public Function that Could be Declared External Gas Optimization Informational Resolved MAA-03 Initial token distribution Centralization / Privilege Major Partially Resolved MAC-01 Vesting duration too short Logical Issue Minor Resolved MAC-02 Centralization Risk Centralization / Privilege Major Partially Resolved MAE-01 Centralization Risk Centralization / Privilege Major Partially Resolved MAM-01 Centralization Risk Centralization / Privilege Major Partially Resolved My Master WAR Security Assessment 12 Total Issues Critical 0 (0.00%) Major 6 (50.00%) Medium 1 (8.33%) Minor 4 (33.33%) Informational 1 (8.33%) Discussion 0 (0.00%)
  • 7. ID Title Category Severity Status MAP-01 Centralization Risk Centralization / Privilege Major Partially Resolved MAP-02 Missing Validation for total amount Logical Issue Minor Acknowledged MAT-01 Vesting duration too short Logical Issue Minor Resolved MAT-02 Centralization Risk Centralization / Privilege Major Partially Resolved My Master WAR Security Assessment
  • 8. AMA-01 | Ineffective isContract() Check Category Severity Location Status Volatile Code Medium contracts/Address.sol (sale): 23~33 Resolved Description The implementation of the isContract check can not cover all scenarios. The check can be bypassed if the call is from the constructor of a smart contract or when the contract is destroyed. Because, in that case, the codesize will also be zero. The "isContract" function in the OpenZeppelin "Address" library uses the same implementation, but comments mention that "it's unsafe to rely on the check and it can be bypassed". Reference: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/Address.sol Recommendation It is recommended to add the additional msg.sender == tx.origin check to cover all the scenarios. Do note that the check still works for the current EVM (London) version, but future updates to the EVM or EIP (ex. EIP-3074) might cause the check to become ineffective. modifier modifier notContract notContract( () ) { { require require( (( (! !_isContract _isContract( (msg msg. .sender sender) )) ) && && ( (msg msg. .sender sender == == tx tx. .origin origin) ), , "contract not "contract not allowed" allowed") ); ; _ _; ; } } function function _isContract _isContract( (address address addr addr) ) internal internal view view returns returns ( (bool bool) ) { { uint256 uint256 size size; ; assembly assembly { { size size := := extcodesize extcodesize( (addr addr) ) } } return return size size > > 0 0; ; } } Alleviation [My Master War Team] : This function is redundant. We've already removed in the contract. My Master WAR Security Assessment
  • 9. MAA-01 | Potential Risks on Approval/TransferFrom Methods Category Severity Location Status Mathematical Operations Minor contracts/MAT.sol (1): 133~145, 245~255 Resolved Description The approve function could be used in an attack that allows a spender to transfer more tokens than the owner of the tokens ever wanted to allow the spender to transfer. Here is a possible attack scenario: Alice allows Bob to transfer N of Alice's tokens (N>0)  by calling approve method on Token smart contract passing Bob's address and N as method arguments After some time, Alice decides to change from N to M (M>0) the number of Alice's tokens Bob is allowed to transfer, so she calls approve method again, this time passing Bob's address and M as method arguments Bob notices Alice's second transaction before it was mined and quickly sends another transaction that calls ·transferFrom· method to transfer N Alice's tokens somewhere If Bob's transaction will be executed before Alice's transaction, then Bob will successfully transfer N Alice's tokens and will gain the ability to transfer another M tokens Before Alice noticed that something went wrong, Bob calls ·transferFrom· method again, this time to transfer M Alice's tokens. So, Alice's attempt to change Bob's allowance from N to M (N>0 and M>0) made it possible for Bob to transfer N+M of Alice's tokens, while Alice never wanted to allow so many of her tokens to be transferred by Bob. ERC20 API: An Attack Vector on Approve/TransferFrom Methods https://docs.google.com/document/d/1YLPtQxZu1UAvO9cZ1O2RPXBbT0mooh4DYKjA_jp- RLM/edit#heading=h.m9fhqynw2xvt Recommendation We recommend using safeApprove instead of approve method. safeApprove(contract IERC20 token, address spender, uint256 value) Alleviation The response from MyMasterWar team: We add ./ERC20/BEP20.sol file with the safeApprove function and MAT.sol is derived from BEP20.sol My Master WAR Security Assessment
  • 10. MAA-02 | Public Function that Could be Declared External Category Severity Location Status Gas Optimization Informational contracts/MAT.sol (1): 159~161, 185 Resolved Description public functions that are never called by the contract should be declared external to save gas. Recommendation We recommend using the external attribute for functions never called from the contract. My Master WAR Security Assessment
  • 11. MAA-03 | Initial token distribution Category Severity Location Status Centralization / Privilege Major contracts/MAT.sol (1): 20~27 Partially Resolved Description All of the MAT tokens are sent to the contract deployer when deploying the contract. Recommendation We recommend the team to be transparent regarding the initial token distribution process. Alleviation The response from MyMasterWar team: We transfer token to the wallet addresses as the allocation described in the whitepaper (from line 12-40) My Master WAR Security Assessment
  • 12. MAC-01 | Vesting duration too short Category Severity Location Status Logical Issue Minor contracts/MATTeamClaim.sol (sale): 18 Resolved Description Currently, the vesting duration is set to 10 minutes, which is way too short. Recommendation We recommend having a longer vesting duration. Alleviation [My Master War Team]: The vesting time is for test only. In real deployment, We change to vesting time as denote in whitepaper. My Master WAR Security Assessment
  • 13. MAC-02 | Centralization Risk Category Severity Location Status Centralization / Privilege Major contracts/MATTeamClaim.sol (sale) Partially Resolved Description In linked contracts, the role Owner has the authority over the following function: setTgeTime governanceRecoverUnsupported Any compromise to the Owner account may allow the hacker to take advantage of this. Recommendation We advise the client to carefully manage the Owner account's private key to avoid any potential risks of being hacked. In general, we strongly recommend centralized privileges or roles in the protocol to be improved via a decentralized mechanism or smart-contract-based accounts with enhanced security practices, e.g., Multisignature wallets. Indicatively, here is some feasible suggestions that would also mitigate the potential risk at the different level in term of short-term and long-term: Time-lock with reasonable latency, e.g., 48 hours, for awareness on privileged operations; Assignment of privileged roles to multi-signature wallets to prevent a single point of failure due to the private key; Introduction of a DAO/governance/voting module to increase transparency and user involvement. Alleviation [My Master War Team] : We already known that the owner has the right to call the  setTgeTime and governanceRecoverUnsupported function. It's our design as the TGE is set only one time and the owner is the only one can transfer back the unexpected tokens sending to the contracts. The deployer (owner) has a clear legal binding, and the private key for deploying contract is from hardware wallet. We believe that It's the easy and secure way to interact with smart contracts. My Master WAR Security Assessment
  • 14. MAE-01 | Centralization Risk Category Severity Location Status Centralization / Privilege Major contracts/MATEcosystemClaim.sol (sale) Partially Resolved Description In linked contracts, the role Owner has the authority over the following function: setTgeTime governanceRecoverUnsupported Any compromise to the Owner account may allow the hacker to take advantage of this. Recommendation We advise the client to carefully manage the Owner account's private key to avoid any potential risks of being hacked. In general, we strongly recommend centralized privileges or roles in the protocol to be improved via a decentralized mechanism or smart-contract-based accounts with enhanced security practices, e.g., Multisignature wallets. Indicatively, here is some feasible suggestions that would also mitigate the potential risk at the different level in term of short-term and long-term: Time-lock with reasonable latency, e.g., 48 hours, for awareness on privileged operations; Assignment of privileged roles to multi-signature wallets to prevent a single point of failure due to the private key; Introduction of a DAO/governance/voting module to increase transparency and user involvement. Alleviation [My Master War Team] : We already known that the owner has the right to call the  setTgeTime and governanceRecoverUnsupported function. It's our design as the TGE is set only one time and the owner is the only one can transfer back the unexpected tokens sending to the contracts. The deployer (owner) has a clear legal binding, and the private key for deploying contract is from hardware wallet. We believe that It's the easy and secure way to interact with smart contracts. My Master WAR Security Assessment
  • 15. MAM-01 | Centralization Risk Category Severity Location Status Centralization / Privilege Major contracts/MATMarketingClaim.sol (sale) Partially Resolved Description In linked contracts, the role Owner has the authority over the following function: setTgeTime governanceRecoverUnsupported Any compromise to the Owner account may allow the hacker to take advantage of this. Recommendation We advise the client to carefully manage the Owner account's private key to avoid any potential risks of being hacked. In general, we strongly recommend centralized privileges or roles in the protocol to be improved via a decentralized mechanism or smart-contract-based accounts with enhanced security practices, e.g., Multisignature wallets. Indicatively, here is some feasible suggestions that would also mitigate the potential risk at the different level in term of short-term and long-term: Time-lock with reasonable latency, e.g., 48 hours, for awareness on privileged operations; Assignment of privileged roles to multi-signature wallets to prevent a single point of failure due to the private key; Introduction of a DAO/governance/voting module to increase transparency and user involvement. Alleviation [My Master War Team] : We already known that the owner has the right to call the  setTgeTime and governanceRecoverUnsupported function. It's our design as the TGE is set only one time and the owner is the only one can transfer back the unexpected tokens sending to the contracts. The deployer (owner) has a clear legal binding, and the private key for deploying contract is from hardware wallet. We believe that It's the easy and secure way to interact with smart contracts. My Master WAR Security Assessment
  • 16. MAP-01 | Centralization Risk Category Severity Location Status Centralization / Privilege Major contracts/MATPrivateSaleClaim.sol (sale) Partially Resolved Description In linked contracts, the role Owner has the authority over the following function: setTgeTime setWhilelist governanceRecoverUnsupported Any compromise to the Owner account may allow the hacker to take advantage of this. Recommendation We advise the client to carefully manage the Owner account's private key to avoid any potential risks of being hacked. In general, we strongly recommend centralized privileges or roles in the protocol to be improved via a decentralized mechanism or smart-contract-based accounts with enhanced security practices, e.g., Multisignature wallets. Indicatively, here is some feasible suggestions that would also mitigate the potential risk at the different level in term of short-term and long-term: Time-lock with reasonable latency, e.g., 48 hours, for awareness on privileged operations; Assignment of privileged roles to multi-signature wallets to prevent a single point of failure due to the private key; Introduction of a DAO/governance/voting module to increase transparency and user involvement. Alleviation [My Master War Team] : We already known that the owner has the right to call the  setTgeTime and governanceRecoverUnsupported function. It's our design as the TGE is set only one time and the owner is the only one can transfer back the unexpected tokens sending to the contracts. The deployer (owner) has a clear legal binding, and the private key for deploying contract is from hardware wallet. We believe that It's the easy and secure way to interact with smart contracts. My Master WAR Security Assessment
  • 17. MAP-02 | Missing Validation for total amount Category Severity Location Status Logical Issue Minor contracts/MATPrivateSaleClaim.sol (sale): 66~79 Acknowledged Description When function setWhilelist is called, it is possible that the total amount within the locks mapping is larger than the total balance in the contract. In this case, some address could not claim their rewards. Recommendation We advise adding the check for the passed-in values to prevent unexpected error. My Master WAR Security Assessment
  • 18. MAT-01 | Vesting duration too short Category Severity Location Status Logical Issue Minor contracts/MATTreasuryClaim.sol (sale): 17 Resolved Description Currently, the vesting duration is set to 10 minutes, which is way too short. Recommendation We recommend having a longer vesting duration. Alleviation [My Master War Team]: The vesting time is for test only. In real deployment, We change to vesting time as denote in whitepaper. My Master WAR Security Assessment
  • 19. MAT-02 | Centralization Risk Category Severity Location Status Centralization / Privilege Major contracts/MATTreasuryClaim.sol (sale) Partially Resolved Description In linked contracts, the role Owner has the authority over the following function: setTgeTime governanceRecoverUnsupported Any compromise to the Owner account may allow the hacker to take advantage of this. Recommendation We advise the client to carefully manage the Owner account's private key to avoid any potential risks of being hacked. In general, we strongly recommend centralized privileges or roles in the protocol to be improved via a decentralized mechanism or smart-contract-based accounts with enhanced security practices, e.g., Multisignature wallets. Indicatively, here is some feasible suggestions that would also mitigate the potential risk at the different level in term of short-term and long-term: Time-lock with reasonable latency, e.g., 48 hours, for awareness on privileged operations; Assignment of privileged roles to multi-signature wallets to prevent a single point of failure due to the private key; Introduction of a DAO/governance/voting module to increase transparency and user involvement. Alleviation [My Master War Team] : We already known that the owner has the right to call the  setTgeTime and governanceRecoverUnsupported function. It's our design as the TGE is set only one time and the owner is the only one can transfer back the unexpected tokens sending to the contracts. The deployer (owner) has a clear legal binding, and the private key for deploying contract is from hardware wallet. We believe that It's the easy and secure way to interact with smart contracts. My Master WAR Security Assessment
  • 20. Appendix Finding Categories Centralization / Privilege Centralization / Privilege findings refer to either feature logic or implementation of components that act against the nature of decentralization, such as explicit ownership or specialized access roles in combination with a mechanism to relocate funds. Gas Optimization Gas Optimization findings do not affect the functionality of the code but generate different, more optimal EVM opcodes resulting in a reduction on the total gas cost of a transaction. Mathematical Operations Mathematical Operation findings relate to mishandling of math formulas, such as overflows, incorrect operations etc. Logical Issue Logical Issue findings detail a fault in the logic of the linked code, such as an incorrect notion on how block.timestamp works. Volatile Code Volatile Code findings refer to segments of code that behave unexpectedly on certain edge cases that may result in a vulnerability. Checksum Calculation Method The "Checksum" field in the "Audit Scope" section is calculated as the SHA-256 (Secure Hash Algorithm 2 with digest size of 256 bits) digest of the content of each file hosted in the listed source repository under the specified commit. The result is hexadecimal encoded and is the same as the output of the Linux "sha256sum" command against the target file. My Master WAR Security Assessment
  • 21. Disclaimer This report is subject to the terms and conditions (including without limitation, description of services, confidentiality, disclaimer and limitation of liability) set forth in the Services Agreement, or the scope of services, and terms and conditions provided to you (“Customer” or the “Company”) in connection with the Agreement. This report provided in connection with the Services set forth in the Agreement shall be used by the Company only to the extent permitted under the terms and conditions set forth in the Agreement. This report may not be transmitted, disclosed, referred to or relied upon by any person for any purposes, nor may copies be delivered to any other person other than the Company, without CertiK’s prior written consent in each instance. This report is not, nor should be considered, an “endorsement” or “disapproval” of any particular project or team. This report is not, nor should be considered, an indication of the economics or value of any “product” or “asset” created by any team or project that contracts CertiK to perform a security assessment. This report does not provide any warranty or guarantee regarding the absolute bug-free nature of the technology analyzed, nor do they provide any indication of the technologies proprietors, business, business model or legal compliance. This report should not be used in any way to make decisions around investment or involvement with any particular project. This report in no way provides investment advice, nor should be leveraged as investment advice of any sort. This report represents an extensive assessing process intending to help our customers increase the quality of their code while reducing the high level of risk presented by cryptographic tokens and blockchain technology. Blockchain technology and cryptographic assets present a high level of ongoing risk. CertiK’s position is that each company and individual are responsible for their own due diligence and continuous security. CertiK’s goal is to help reduce the attack vectors and the high level of variance associated with utilizing new and consistently changing technologies, and in no way claims any guarantee of security or functionality of the technology we agree to analyze. The assessment services provided by CertiK is subject to dependencies and under continuing development. You agree that your access and/or use, including but not limited to any services, reports, and materials, will be at your sole risk on an as-is, where-is, and as-available basis. Cryptographic tokens are emergent technologies and carry with them high levels of technical risk and uncertainty. The assessment reports could include false positives, false negatives, and other unpredictable results. The services may access, and depend upon, multiple layers of third-parties. ALL SERVICES, THE LABELS, THE ASSESSMENT REPORT, WORK PRODUCT, OR OTHER MATERIALS, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF ARE PROVIDED “AS IS” AND “AS My Master WAR Security Assessment
  • 22. AVAILABLE” AND WITH ALL FAULTS AND DEFECTS WITHOUT WARRANTY OF ANY KIND. TO THE MAXIMUM EXTENT PERMITTED UNDER APPLICABLE LAW, CERTIK HEREBY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE SERVICES, ASSESSMENT REPORT, OR OTHER MATERIALS. WITHOUT LIMITING THE FOREGOING, CERTIK SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AND ALL WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE. WITHOUT LIMITING THE FOREGOING, CERTIK MAKES NO WARRANTY OF ANY KIND THAT THE SERVICES, THE LABELS, THE ASSESSMENT REPORT, WORK PRODUCT, OR OTHER MATERIALS, OR ANY PRODUCTS OR RESULTS OF THE USE THEREOF, WILL MEET CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES, OR BE SECURE, ACCURATE, COMPLETE, FREE OF HARMFUL CODE, OR ERROR-FREE. WITHOUT LIMITATION TO THE FOREGOING, CERTIK PROVIDES NO WARRANTY OR UNDERTAKING, AND MAKES NO REPRESENTATION OF ANY KIND THAT THE SERVICE WILL MEET CUSTOMER’S REQUIREMENTS, ACHIEVE ANY INTENDED RESULTS, BE COMPATIBLE OR WORK WITH ANY OTHER SOFTWARE, APPLICATIONS, SYSTEMS OR SERVICES, OPERATE WITHOUT INTERRUPTION, MEET ANY PERFORMANCE OR RELIABILITY STANDARDS OR BE ERROR FREE OR THAT ANY ERRORS OR DEFECTS CAN OR WILL BE CORRECTED. WITHOUT LIMITING THE FOREGOING, NEITHER CERTIK NOR ANY OF CERTIK’S AGENTS MAKES ANY REPRESENTATION OR WARRANTY OF ANY KIND, EXPRESS OR IMPLIED AS TO THE ACCURACY, RELIABILITY, OR CURRENCY OF ANY INFORMATION OR CONTENT PROVIDED THROUGH THE SERVICE. CERTIK WILL ASSUME NO LIABILITY OR RESPONSIBILITY FOR (I) ANY ERRORS, MISTAKES, OR INACCURACIES OF CONTENT AND MATERIALS OR FOR ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF ANY CONTENT, OR (II) ANY PERSONAL INJURY OR PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM CUSTOMER’S ACCESS TO OR USE OF THE SERVICES, ASSESSMENT REPORT, OR OTHER MATERIALS. ALL THIRD-PARTY MATERIALS ARE PROVIDED “AS IS” AND ANY REPRESENTATION OR WARRANTY OF OR CONCERNING ANY THIRD-PARTY MATERIALS IS STRICTLY BETWEEN CUSTOMER AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE THIRD-PARTY MATERIALS. THE SERVICES, ASSESSMENT REPORT, AND ANY OTHER MATERIALS HEREUNDER ARE SOLELY PROVIDED TO CUSTOMER AND MAY NOT BE RELIED ON BY ANY OTHER PERSON OR FOR ANY PURPOSE NOT SPECIFICALLY IDENTIFIED IN THIS AGREEMENT, NOR MAY COPIES BE DELIVERED TO, ANY OTHER PERSON WITHOUT CERTIK’S PRIOR WRITTEN CONSENT IN EACH INSTANCE. NO THIRD PARTY OR ANYONE ACTING ON BEHALF OF ANY THEREOF, SHALL BE A THIRD PARTY OR OTHER BENEFICIARY OF SUCH SERVICES, ASSESSMENT REPORT, AND ANY ACCOMPANYING My Master WAR Security Assessment
  • 23. MATERIALS AND NO SUCH THIRD PARTY SHALL HAVE ANY RIGHTS OF CONTRIBUTION AGAINST CERTIK WITH RESPECT TO SUCH SERVICES, ASSESSMENT REPORT, AND ANY ACCOMPANYING MATERIALS. THE REPRESENTATIONS AND WARRANTIES OF CERTIK CONTAINED IN THIS AGREEMENT ARE SOLELY FOR THE BENEFIT OF CUSTOMER. ACCORDINGLY, NO THIRD PARTY OR ANYONE ACTING ON BEHALF OF ANY THEREOF, SHALL BE A THIRD PARTY OR OTHER BENEFICIARY OF SUCH REPRESENTATIONS AND WARRANTIES AND NO SUCH THIRD PARTY SHALL HAVE ANY RIGHTS OF CONTRIBUTION AGAINST CERTIK WITH RESPECT TO SUCH REPRESENTATIONS OR WARRANTIES OR ANY MATTER SUBJECT TO OR RESULTING IN INDEMNIFICATION UNDER THIS AGREEMENT OR OTHERWISE. FOR AVOIDANCE OF DOUBT, THE SERVICES, INCLUDING ANY ASSOCIATED ASSESSMENT REPORTS OR MATERIALS, SHALL NOT BE CONSIDERED OR RELIED UPON AS ANY FORM OF FINANCIAL, TAX, LEGAL, REGULATORY, OR OTHER ADVICE. My Master WAR Security Assessment
  • 24. About Founded in 2017 by leading academics in the field of Computer Science from both Yale and Columbia University, CertiK is a leading blockchain security company that serves to verify the security and correctness of smart contracts and blockchain-based protocols. Through the utilization of our world-class technical expertise, alongside our proprietary, innovative tech, we’re able to support the success of our clients with best-in-class security, all whilst realizing our overarching vision; provable trust for all throughout all facets of blockchain. My Master WAR Security Assessment