Cardano [ADA] has emerged as one of the most in-demand crypto-assets in recent times. This sentiment can be attributed to the developments around the decentralized finance [DeFi] space and the arrival of smart contracts.
In line with this, the blockchain technology platform IOHK had laid down its plans for certification for decentralized applications [DApps] operating on Cardano. The company also announced teaming up with Runtime Verification, Tweag, Well Typed, Certik, and others to launch a new certification program that will connect the new dAppStore, which was unveiled in prototype form at the summit last month. The program is slated to roll out in conjunction with the new light wallet.
“Certification ensures that security checks are performed prior to any deployment, and that smart contracts can be continually audited as they are updated. It provides benefits to both smart contract developers and end users, helping protect user funds and project reputations alike from coding errors or exploits.”
Levels of certification for Cardano’s dApp ecosystem
The three levels of certification, include automated tooling, in-depth audit, and formal verification. The level one certification involves giving continual assurance about a range of properties for smart contracts. In a nutshell, automated tooling encompasses the discovery of various kinds of issues or bugs and is characterized as low cost, low effort. This certification is also accessible to everyone while offering a significant level of assurance.
The level two certification focusses on a manual audit and verification of smart contracts within the decentralized application itself. As the name suggests, in-depth audit certification’s testing is done at a much more in-depth level and entails more manual effort that can address a DApp wholly, without language being a hindrance.
Formal verification, which is level three, is more specialized in nature and focusses on granting full assurance of key aspects of apps with the help of formal verification of smart contracts. This level also deals with ensuring that a smart contract supports the precise business or technical requirements specified at the beginning.
Mandatory or not?
According to IOHK, the process of certification will ensure the “correctness, compliance, and consistency of requirements” not just by the developers of the application but also the auditors.
The firm also believes that a process such as this would address the lack of common security vulnerabilities while simultaneously “offering a level of robustness, reliability, and maintenance” of the Cardano-based decentralized applications. The certification is, however, not mandatory.