GUM Smart Contract Audit by Certik

We engaged Certik, which is one of the most trusted code audit firms in the industry.

Recently, Gourmet Galaxy launched an Ethereum-based (ERC-20) GUM token. This will allow Gourmet to enter the wider ecosystem of Ethereum. In order to make sure that this new ERC-20 token meets all the required standards, Gourmet Galaxy has submitted an independent audit to be carried out by Certik on our code. Certik is a “formal verification framework to mathematically prove that smart contracts and blockchain ecosystems are bug-free and hacker-resistant.”

When it comes to “being your own game,” having the ability to evaluate the security of the tools at your disposal becomes a necessity. We think that Smart contract audits play a critical role in evaluating the technical risks associated with a dApp, especially as the Gourmet project is a combination of Defi, NFTs and Gaming.

For you to better understand the inspection process at Certik, you can imagine that, in the simplest sense, a smart contract audit is a third-party review of the source code of a smart contract. There are two possible types of code audits. In the first one, an engineer reads and looks for issues in the code. This is helpful and important, but humans can and will miss things.

The other type of audit is formal verification, which means that another computer program runs the code through a special system to look for certain types of mistakes. This has the advantage over a human audit in that it will never miss the type of error it is looking for. The drawback is that it can only ever find the type of bugs it has been programmed to look for.

For the GUM audit, Certik did a formal verification of the code (the second type of audit listed above). Since smart contracts are written in a fairly simple language (usually Solidity), formal methods work very well here.

First, we kept things simple by keeping the new code to a minimum. Every extra feature has the potential for a bug. By limiting this to just what was needed for an ERC-20 Token, we’ve minimized the number of things that could have gone wrong. When it comes to security, less complexity almost always wins out. This is something that engineers in fields such as aerospace have known for years; the less moving parts something has, the less likely it is to fail (or do something unexpected).

We are confident that our contract is complete, but validation is required. And we respect this, we respect the users in our ecosystem.

We believe that at CertiK, they will specialize in using Formal Verification to prove or disprove the correctness of source code; apply mathematical proofs to compute source code outcomes and prove the absence of bugs, meaning that, if there are no bugs found, it is not possible for the specified vulnerabilities to exist.

We will inform you when the audit is complete.