Special Announcement: Faraland maximum security — certified by CertiK!!!
Faraland is pleased to announce that the project has passed a comprehensive inspection to uncover problems and vulnerabilities in the source code conducted by leading auditing firm CertiK, with impressive results. Faraland and smart contracts are claimed to have reached absolute security.
Faraland, a game blockchain within the genre of turn-based strategy and RPG game with NFT hero is the core product, chose to perform its smart contract audit with CertiK, the leading formal verification platform for smart contract and blockchain audits, to ensure that its token is secure against some of the most critical vulnerabilities. With a platform that will be used across the world, Faraland placed an extra emphasis on security, so the choice to work with CertiK is extremely necessary.
About CertiK — World-Class Auditor
CertiK is a blockchain and smart contract verification platform founded by top formal verification experts from Yale and Columbia University and former senior software engineers from Google and Facebook. Different from the traditional testing approaches, CertiK attempts to mathematically prove blockchain ecosystem and smart contracts are hacker-resistant and bug-free. CertiK’s key features include a layer-based decomposition approach, pluggable proof engine, machine-checkable proof objects, certified dApp libraries, and smart labeling. Trusted by the security industry, CertiK has reached strategic partnerships with the world’s top Exchanges such as Binance, OKEx, and Huobi, as well as Public Chains such as NEO, ICON, and QuarkChain. CertiK is incubated and invested by Binance Labs, along with other world’s leading investors such as DHVC, FBG Capital, Bitmain, and Lightspeed.
In order to raise the level of security to the highest, Faraland has chosen a leading auditor like CertiK to ensure that code security is top-notch. Now the company has published an official audited report for Faraland.
The audit was performed by experienced economists, security researchers, and security engineers from CertiK, in collaboration with the Faraland research and development team. CertiK performed a comprehensive assessment of Faraland’s smart contracts to check for vulnerability.
The auditing process pays special attention to the following considerations:
- Testing the smart contracts against both common and uncommon attack vectors.
- Assessing the codebase to ensure compliance with current best practices and industry standards. Ensuring contract logic meets the speciﬁcations and intentions of the client.
- Cross-referencing contract structure and implementation against similar smart contracts produced by industry leaders.
- Thorough line-by-line manual review of the entire codebase by industry experts.
The Highlights of the Audited Report
CertiK has found no critical issues on Faraland. Only one major and some medium issues have been found and the team has already handled all those issues by following the CertiK team’s advice. That means that the security aspect of the Faraland System is of high level.
For technical details, refer to the full audit report from Certik here at our GitHub repository:
For technical details about the issues and how to handle them, we have done just as described below;
ECK-01 | Incorrect Fee
Description: rollEquipmentGacha() will mint random equipment. However its charges upgradeFeeInToken, rather than mintFeeInToken.
Recommendation: double-check the fee mechanism to make sure the fee-charging is reasonable.
ECK-02 | Potential Over Mint
Description: It is dangerous to change balances without checking item.maxSupply and item.minted. Suppose an item has the property maxSupply=10 and minted=9. The operator then call mint (account, id, 1). This will update item.minted=10. Users can still call upgradeItem() to burn the last tier of this item to mint this item. This will cause minted > maxSupply.
Recommendation: check item.maxSupply and item.minted before updating balances and _item.minted.
MKC-02 | Lack of Reentrancy Check
Calling MoonKnight.buy(), MoonKnight.sacrificeKnight(), MoonKnight.cancel0ffer() and MoonKnight.take0ffer() might trigger function address.call(), which is implemented by the third party. If there are vulnerable external calls in the third party, reentrancy attacks could be conducted because these four functions have state updates and event emits after external calls.
The scope of the audit would treat the third-party implementation as a black box and assume its functional correctness. However, third parties may be compromised in the real world that leads to assets lost or stolen.
Recommendation: applying OpenZeppelin ReentrancyGuard library — nonReentrant modifier for the aforementioned functions to prevent reentrancy attack.
Why Audit Matters?
CertiK audit helps enhance the security of Faraland smart contracts to an international standard level. The aim of MoonKnight Labs is to make Faraland become the biggest war game on Blockchain and specifically on Binance Smart Chain. Also, we want to assure that our users can use Faraland with confidence and we always aim to keep Faraland at the best security level.
What is Faraland
Faraland is an innovation project combining NFT technology and gaming experience. Not only are exquisitely digital collectibles created using blockchain technology, but all NFT in Faraland can also be integrated into Faraland games later, which will help them increase the value. NFT is the soul of this project. Each Hero NFT of Faraland is unique and is indistinguishable from other NFT. Each collectible is matchless, genuine, and varies in rarity. Faraland Universe has many different races like human, orc, angel, demon, Dragonborn, elf, and fairy, which are waiting for the user to discover.
Faraland is different compared to other NFT projects where NFT is just used for collection and no more. With many exciting gaming activities, Faraland’s users can use their NFT heroes in many unique ways, from equipping them with powerful weapons or shining armors to having them engage in various thrilling battles. It’s a solid and exciting game with a fundamental and engaging storyline. We also focus on the “play to earn” mechanism, which makes Faraland far beyond the regular game. You can reinvest in the game, make your hero stronger, or cash out for money. It depends on your choice. Our vision is to make Faraland become a “dream job” by bringing a stable income to the players around the world.