Getting Started

What is a smart contract certificate?

A smart contract certificate is a digital certificate that proves who is the owner of the contract. It is not to be confused with source code verification on block explorer. It’s similar to an SSL certificate for a website where it contains information about the owner such as organization name, country, email address and more.

The certificate is available on the contract itself and it provides information of its origin.

Why do I need to certify my smart contract?

We issue digital certificates for your smart contract so that block explorers and wallets can verify that you are the owner of your contract. This way, we can tell the good actors from the bad ones.

For instance, we can prevent smart contract phishing, such as the case that happened to BAYC NFT project. Our smart contract certificate could also prevent token spoofing.

How does it work?

Each digital certificate is installed on a smart contract. This certificate contains the information of the owner who owns the contract such as organization name, email address, website and wallet address, similar to an SSL certificate. Our certificate exceeds the standard digital certificate technology used on the Internet by utilizing 4096-bit RSA encryption and SHA512 algorithm while still being compliant with industry standards.

By having this certificate attached to your contract, block explorers, wallets and any dapps could verify the authenticity of the smart contract, thus giving it a checkmark.

This checkmark is different than the typical source code verification checkmark that you often see on block explorers because we verify the ownership of the contract, not the source code. Source code verification cannot identify the owner of a contract, but we can.

We have various methods (patent pending) to ensure only authenticated contracts can have the ownerships securely verified, thus offering greater assurance to Web3 users. In fact, our verification process is better than Twitter.

Where could I view the checkmark indicating that my smart contract ownership is verified?

Currently, anyone using our browser extension will be able to view the checkmark and get verified information about your contract. Meanwhile, we’re working with other blockchain providers and protocols to implement our contract verification feature on their platforms and soon it will be available everywhere.

What types of contracts does the certificate support?

Our digital certificate supports all kinds of smart contracts including ERC20, ERC721, ERC1155 and many more. Each certificate is tied to its presence on chain, not to its function.

What use cases would need a digital certificate for its contract?

In short, every smart contract should have a digital certificate just like every website needs an SSL certificate. This includes contracts for DeFi, GameFi, ReFi, NFT, SBT (soulbound token) and beyond. Why? Imagine when you deploy a contract on a blockchain, your contract code will be available for everyone to see and copy. This means bad actors could forge your contract and even name it exactly like yours. This threat is called smart contract phishing. But with our digital certificate, users can easily differentiate your genuine contract from the rest because your contract contains a digital certificate containing information that proves you are the authenticated owner. It also authenticates your website address, and in doing so, prevents website phishing. If you are serious about protecting your users and building trust with them, it’s best to certify your contract with our certificate.

Do you also verify my website?

Yes, we do. During the certificate activation process, we shall verify that you own your website via a very simple verification process.

What if I don't have a website?

You can still install a certificate on your contract without a website. The certificate will not contain any website information.

How to Start

What is the process to certify my contract?

Firstly, you need to perform a certificate activation process by providing us your details – individual/organization name, email address, wallet address, etc – to ascertain that you are the owner of the smart contract that you plan to deploy. Once verified, we shall issue you a digital certificate for your contract and you must include the certificate in the contract. You may follow our tutorial. Once included, your contract can then be deployed on chain and verified by block explorers, wallets and other Web3 applications.

What information do I need to provide?

The following information will be stored in each certificate and made available publicly in the contract.

  • Contract name
  • Wallet address that will deploy the contract
  • Owner’s name – individual’s name or organization name
  • Email address – for support purposes, similar to Google Play or Apple App Store
  • Website address (optional) – Website ownership verification will be conducted
  • City, state and country
What blockchain do you support?

Currently, we support most blockchains, especially EVM chains. Because we believe in a multi-chain future. Soon, our certification technology will be available for various protocols.

Do I need to change my contract source code?

This depends on the type of certificate you acquired. For the most basic certification, you only need to add very minor code snippets. We have prepared in-depth text and video tutorials to assist you in this. For more advanced variants, you may need to import additional code that we will provide.

You may also use our code templates on our GitHub repository. Rest assured, our code is based on OpenZeppelin smart contract templates.

Could I update my certificate on my smart contract?

Yes, please follow our tutorial to learn how to update your certificate.

Pricing

How much is your certificate?

The price for a smart contract certificate starts from $49 per year. We have different types of certifications with different levels of assurance.

What is the period of validity for each certificate?

Each digital certificate will last for two years before expires. The reason why it doesn’t last forever is for your contract’s security reasons.

Threat Protection

What is smart contract phishing?

Smart contract phishing is a type of scam where scammers create fake smart contracts that look legitimate. Due to open source nature of Web3, scammers can forge copies of original smart contracts, such as BAYC NFT contract, and promote these counterfeits as real smart contracts. It is usually difficult for users to differentiate between real and forged contracts because both contracts can have their source code verified. When investors or Web3 users send tokens to this contract, they will not receive anything in return.

One of the prominent smart contract scamming cases is the BAYC (Bored Ape Yacht Club) NFT hack.

What is token spoofing?

Token spoofing is like when someone pretends to be Vitalik Buterin and sends illegitimate tokens to illegitimate contract. It’s like getting an email from [email protected] but it’s not actually from him. Using this method, scammers are trying to prove their legitimacy by associating with reputable individuals.

Spoof transfer is performed by using the “transferFrom” function in the contract and changing the sender’s wallet address to say, Buterin’s address.

Often, the contract address is the ONLY way to distinguish between the real and spoof transfer.

How this fights NFT art forgery?

If you own a certified smart contract, you can mint NFTs on chain via this verifiable contract so that your buyers could ascertain the origin of each NFT – that is directly from you. It’s like a hologram sticker on merchandise but only better!