The Polkadot Claims Audit

Web3 Foundation engaged Chain Security for an audit of the Polkadot Claims smart contract. The audit found 0 Critical, 0 High, 2 Medium and 9 Low level issues, all of which have been resolved in the latest commits to the code.

By PolkadotAugust 7, 2019

Web3 Foundation engaged Chain Security for an audit of the Polkadot Claims smart contract. The audit found 0 Critical, 0 High, 2 Medium and 9 Low level issues, all of which have been resolved in the latest commits to the code.

The Polkadot Claims contract is an Ethereum smart contract that allows holders of the DOT allocation indicator token to claim their balances of DOTs to a Polkadot public key ahead of Polkadot genesis.

In order to launch Polkadot in a transparent and decentralized way, an Ethereum smart contract was required to hold data necessary to the genesis of Polkadot including the Polkadot public key to associate to a specific allocation, the index of the public key, and the vested status of the allocation.

Submission of this data to the Ethereum blockchain enables the community to generate and verify the genesis chain specification themselves in an independent manner. It is an integral piece to the launch of Polkadot in a transparent way.

For this reason, the security of the contract was of the utmost importance, especially regarding the certain immutability of the state of the contract after claiming actions have taken place.

To guarantee that the Claims contract is secure and functionally correct, ChainSecurity formally verified the contract's code with respect to its intended specification. In more detail, ChainSecurity formalized 12 critical functional requirements and verified them using their state-of-the-art tool for formal verification. Examples of the properties that were verified include the immutability of the state after the initialization, access-control requirements, and safety of the contract set-up period.

In addition to the formal verification, the full audit report details each of the issues that were found in the categories of Security Issues, Trust Issues, and Design Issues. It also describes the fixes that were applied to each and reasoning of the Web3 Foundation.

You can find the full audit report here.

From the blog

Developing Analog's Timechain: Why we chose Polkadot SDK

Discover why Analog chose Polkadot SDK to power its Timechain, leveraging modularity, security, and forkless upgrades to create a seamless interoperability hub for multichain and cross-chain dapp ecosystems.

Polkadot Roundup MMXXIV

Dive into Polkadot Roundup MMXXIV for an in-depth look at 2024 milestones, including high-performance rollups, decentralized governance, and exciting expansions. Discover how Polkadot is evolving into a next-level web3 platform—plus a sneak peek at Polkadot 2, Polkadot 3, and the JAM protocol supercomputer.

Unifying Polkadot’s developer docs: A new chapter for builder experience

The PaperMoon team, supported by a Decentralized Futures grant, launches the Polkadot Developer Documentation Hub, a unified platform that simplifies developer onboarding and provides access to essential resources. This marks a transformative step for builders in the Polkadot ecosystem.

Building the future of decentralized marketing: A case study

Polkadot’s decentralized marketing sets the standard for Web3 growth. With OpenGov, bounties, and community tools, contributors are empowered to innovate, ensuring consistent, impactful campaigns and showcasing the potential of decentralized ecosystems.

Uplifting new voices and validators: Polkadot's path to sustainable decentralization

Decentralized Nodes and Decentralized Voices programs by the Web3 Foundation offer pathways for validators and governance participants to gain influence based on merit, helping to build a fairer, more resilient Polkadot ecosystem that aligns with the core principles of web3.

Is large-scale, high-quality Web3 education possible?

The Polkadot Blockchain Academy (PBA) is taking Web3 education to the next level with PBA-X, an online course crafted to deliver high-quality blockchain knowledge at scale. Learn how we’re preserving educational standards, fostering a global community, and creating new opportunities for learners everywhere.

Blockchain explained: A practical guide from concepts to use cases

Blockchain has grown far beyond its roots in cryptocurrency, reshaping industries from finance to healthcare. This guide walks you through the basics, benefits, and groundbreaking potential of blockchain and its impact on the future of the open internet.

Empowering the next wave of founders: Welcome to EasyA x Polkadot University

Unlock a structured path to start building on Polkadot with EasyA x Polkadot University.

Dynamic & Modular: Scaling Ambition with Agile Coretime

Polkadot’s Agile Coretime simplifies launching and scaling blockchain projects with dynamic blockspace allocation and flexible cost options. Learn how Agile Coretime makes it easier to build, launch, and scale ambitious Web3 projects.

How play-to-earn (P2E) is transforming onchain mobile sports gaming

Play-to-earn games are transforming mobile sports gaming. Learn how blockchain, NFTs, and platforms like Polkadot create new opportunities for digital asset ownership and cross-chain gameplay.

Polkadot Token 2049 and Decoded Asia 2024: A multichain ecosystem in action

At Token 2049 and Decoded Asia 2024 in Singapore, Polkadot teams and contributors showcased a multichain future for real-world applications. Key moments included Dr. Gavin Wood’s vision for digital individuality, Chrissy Hill’s regulatory insights, and announcements from emerging projects shaping the Web3 ecosystem.

What is a crypto wallet? Your all-access pass to the future web

In Web3, your wallet is your most valuable digital tool. It’s more than just a place to store, send, and receive cryptocurrencies securely—it’s your passport to the decentralized world.