Summary
The most critical subjects covered in our audit are functional correctness and the resilience of elliptic curve calculations used in ID computation.Security regarding functional correctness is high. Furthermore, the possibility of negating IDs on the used elliptic curve (and the subsequent possibility if creating “all-purpose” tokens) does not pose a security risk within the conditional token framework but adds additional complexity that should be taken into consideration when using conditional tokens (see Infinite minting of position tokens with no value).In summary, we find that the codebase provides a high level of security.It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.
About Polymarket Conditional Tokens
Polymarket uses gnosis conditional tokens to represent positions in prediction markets with binary
outcomes.
—
“Polymarket is an information markets platform that lets you trade on the world’s most highly-debated topics (e.g. coronavirus, politics, current events, etc). On Polymarket, you build a portfolio based on your forecasts and earn a return if you are right. When you decide to buy shares in a market, you are weighing in with your own knowledge, research, and view of the future. Market prices reflect what traders think are the odds of future events, turning trading activity into actionable insights that help people make better decisions. As a result, Polymarket is a leading source of unbiased and real-time data about future events.”
Hats off to the ChainSecurity team for their stellar work on our security audit. The process was smooth from start to finish thanks to their clear communication style, and our codebase benefited immensely from their thorough analysis. We look forward to working with them in the future!
Mike Shrieve - Protocol Lead