The Polkadot Claims Audit

Web3 Foundation engaged Chain Security for an audit of the Polkadot Claims smart contract. The audit found 0 Critical, 0 High, 2 Medium and 9 Low level issues, all of which have been resolved in the latest commits to the code.

By PolkadotAugust 7, 2019

Web3 Foundation engaged Chain Security for an audit of the Polkadot Claims smart contract. The audit found 0 Critical, 0 High, 2 Medium and 9 Low level issues, all of which have been resolved in the latest commits to the code.

The Polkadot Claims contract is an Ethereum smart contract that allows holders of the DOT allocation indicator token to claim their balances of DOTs to a Polkadot public key ahead of Polkadot genesis.

In order to launch Polkadot in a transparent and decentralized way, an Ethereum smart contract was required to hold data necessary to the genesis of Polkadot including the Polkadot public key to associate to a specific allocation, the index of the public key, and the vested status of the allocation.

Submission of this data to the Ethereum blockchain enables the community to generate and verify the genesis chain specification themselves in an independent manner. It is an integral piece to the launch of Polkadot in a transparent way.

For this reason, the security of the contract was of the utmost importance, especially regarding the certain immutability of the state of the contract after claiming actions have taken place.

To guarantee that the Claims contract is secure and functionally correct, ChainSecurity formally verified the contract's code with respect to its intended specification. In more detail, ChainSecurity formalized 12 critical functional requirements and verified them using their state-of-the-art tool for formal verification. Examples of the properties that were verified include the immutability of the state after the initialization, access-control requirements, and safety of the contract set-up period.

In addition to the formal verification, the full audit report details each of the issues that were found in the categories of Security Issues, Trust Issues, and Design Issues. It also describes the fixes that were applied to each and reasoning of the Web3 Foundation.

You can find the full audit report here.

From the blog

Build, Play, Connect: Join Polkadot at ETHDenver 2025

Get ready for ETHDenver 2025 with Polkadot! Join Polkadot for keynotes, hacker houses & parties, immersive booth experiences, and hands-on workshops. Whether you’re building, playing, or connecting, there’s something for everyone at one of blockchain’s biggest events.

The most impactful blockchain use cases in 2025 and why Polkadot is leading the way

Explore the top blockchain trends of 2025, from decentralized AI and tokenized assets to enterprise adoption and Web3 gaming. Learn how projects powered by Polkadot are shaping the future of finance, infrastructure, and digital identity.

Decentralization’s ripple effect: How Web3 is rewriting digital sovereignty

Centralized platforms dictate access, control data, and pose security risks, leaving individuals without control over their digital presence. Decentralization offers a resilient alternative, paving the way to a digitally sovereign future.

Developing Analog's Timechain: Why we chose Polkadot SDK

Discover why Analog chose Polkadot SDK to power its Timechain, leveraging modularity, security, and forkless upgrades to create a seamless interoperability hub for multichain and cross-chain dapp ecosystems.

Polkadot Roundup MMXXIV

Dive into Polkadot Roundup MMXXIV for an in-depth look at 2024 milestones, including high-performance rollups, decentralized governance, and exciting expansions. Discover how Polkadot is evolving into a next-level web3 platform—plus a sneak peek at Polkadot 2, Polkadot 3, and the JAM protocol supercomputer.

Unifying Polkadot’s developer docs: A new chapter for builder experience

The PaperMoon team, supported by a Decentralized Futures grant, launches the Polkadot Developer Documentation Hub, a unified platform that simplifies developer onboarding and provides access to essential resources. This marks a transformative step for builders in the Polkadot ecosystem.

Building the future of decentralized marketing: A case study

Polkadot’s decentralized marketing sets the standard for Web3 growth. With OpenGov, bounties, and community tools, contributors are empowered to innovate, ensuring consistent, impactful campaigns and showcasing the potential of decentralized ecosystems.

Uplifting new voices and validators: Polkadot's path to sustainable decentralization

Decentralized Nodes and Decentralized Voices programs by the Web3 Foundation offer pathways for validators and governance participants to gain influence based on merit, helping to build a fairer, more resilient Polkadot ecosystem that aligns with the core principles of web3.

Is large-scale, high-quality Web3 education possible?

The Polkadot Blockchain Academy (PBA) is taking Web3 education to the next level with PBA-X, an online course crafted to deliver high-quality blockchain knowledge at scale. Learn how we’re preserving educational standards, fostering a global community, and creating new opportunities for learners everywhere.

Blockchain explained: A practical guide from concepts to use cases

Blockchain has grown far beyond its roots in cryptocurrency, reshaping industries from finance to healthcare. This guide walks you through the basics, benefits, and groundbreaking potential of blockchain and its impact on the future of the open internet.

Empowering the next wave of founders: Welcome to EasyA x Polkadot University

Unlock a structured path to start building on Polkadot with EasyA x Polkadot University.

Dynamic & Modular: Scaling Ambition with Agile Coretime

Polkadot’s Agile Coretime simplifies launching and scaling blockchain projects with dynamic blockspace allocation and flexible cost options. Learn how Agile Coretime makes it easier to build, launch, and scale ambitious Web3 projects.