CertiK Audit Review of Pre-Staking Smart Contract
At Project TXA, we believe in strong and sensible code. To ensure that we stay true to this value, we’ve voluntarily submitted our pre-staking contract code to undergo an external third-party code audit. For this, we’ve partnered with CertiK [www.certik.com], a leader in web3 security. Since 2018, CertiK utilizes Formal Verification and AI technology to audit blockchains, smart contracts and web3 apps.
The final audit was published on April 18th on the CertiK website, you can view it here: https://www.certik.com/projects/project-txa. Shortly after, we deployed our pre-staking website, which is now live at https://stake.txa.app .
Community members are now able to pre-stake their $TXA to participate in the upcoming $TXAD airdrop. More information about it here: https://medium.com/projecttxa/project-txa-pre-staking-and-upcoming-airdrop-announcement-1ce0bc1f8a8.
Below, we will address the 2 major issues that are left unresolved. We want to acknowledge that we understand what the concerns are and explain what our plans are for resolution and user protection.
CertiK identified 2 major security issues regarding ‘Centralization/Privilege’. One of them has to do with an address having a centralized/privileged role in the pre-staking contract. We have set this address to a Gnosis multi-signature to prevent the chance that an attacker can gain control over that role.
The second major security issue identified by CertiK is a centralized/privileged role in another contract which we will deploy once the TXA DSL is live. The role in question will ONLY be granted to the pre-staking contract in order to allow pre-staking participants to migrate their $TXA to the DSL and beginning earning rewards.
In the very unlikely case that the multi-signature wallet is compromised, or a flaw is discovered in the to-be-deployed migration contract, depositors will still be able to withdraw their $TXA directly from the pre-staking contract after June 18th, 2023.
Neither of these issues can possibly affect your ability to receive $TXAD in the airdrop!
For more information, head over to our documentation at https://docs.txa.app and join our community channels to ask questions directly.