Skip to main content
Skip to main content
Polkadot logo

The Polkadot Claims Audit

Web3 Foundation engaged Chain Security for an audit of the Polkadot Claims smart contract. The audit found 0 Critical, 0 High, 2 Medium and 9 Low level issues, all of which have been resolved in the latest commits to the code.

By PolkadotAugust 7, 2019

Web3 Foundation engaged Chain Security for an audit of the Polkadot Claims smart contract. The audit found 0 Critical, 0 High, 2 Medium and 9 Low level issues, all of which have been resolved in the latest commits to the code.

The Polkadot Claims contract is an Ethereum smart contract that allows holders of the DOT allocation indicator token to claim their balances of DOTs to a Polkadot public key ahead of Polkadot genesis.

In order to launch Polkadot in a transparent and decentralized way, an Ethereum smart contract was required to hold data necessary to the genesis of Polkadot including the Polkadot public key to associate to a specific allocation, the index of the public key, and the vested status of the allocation.

Submission of this data to the Ethereum blockchain enables the community to generate and verify the genesis chain specification themselves in an independent manner. It is an integral piece to the launch of Polkadot in a transparent way.

For this reason, the security of the contract was of the utmost importance, especially regarding the certain immutability of the state of the contract after claiming actions have taken place.

To guarantee that the Claims contract is secure and functionally correct, ChainSecurity formally verified the contract's code with respect to its intended specification. In more detail, ChainSecurity formalized 12 critical functional requirements and verified them using their state-of-the-art tool for formal verification. Examples of the properties that were verified include the immutability of the state after the initialization, access-control requirements, and safety of the contract set-up period.

In addition to the formal verification, the full audit report details each of the issues that were found in the categories of Security Issues, Trust Issues, and Design Issues. It also describes the fixes that were applied to each and reasoning of the Web3 Foundation.

You can find the full audit report here.

From the blog

Polkadot Ecosystem Ignites 2025: A Year of Unprecedented Decentralization, DeFi Breakthroughs, and Global Builder Momentum

A quarter-by-quarter recap of Polkadot’s 2025 milestones, from record-breaking decentralization and DeFi growth to Polkadot 2.0 and global builder momentum.

Proof of Personhood: How Polkadot proves you're real without KYC

Proof of personhood lets you prove you're a unique human without giving up privacy. Polkadot's Project Individuality uses tattoos and video games to fight bots and enable fair airdrops for millions.

Pudgy Party: The Web3 game that hides the blockchain

Pudgy Party hit 900,000 downloads in six weeks by hiding the blockchain entirely. Built on Mythos Chain, players get custodial wallets and zero gas fees without realizing it. The game proves Web3 gaming works when blockchain infrastructure becomes invisible.

Polkadot at TechCrunch Disrupt 2025: The only blockchain in the room

Polkadot showed up at TechCrunch Disrupt 2025 as the only blockchain sponsor. With nearly 10,000 booth visitors and strong coordination across ecosystem teams, the event proved valuable for positioning Polkadot in Web2 conversations.

Why most blockchains can't handle AI (and what changes that)

Most blockchains can't handle AI's computational demands. High costs, limited speed, and storage constraints require purpose-built modular infrastructure instead.

Onboarding 21,000 users with Nova Shots: What we learned & how we move forward

How do you bring thousands of esports fans onchain without asking them to buy anything first? At three BLAST Counter-Strike events, Nova Wallet onboarded 21,000 new users through free interactive gameplay, processing 2.8 million transfers on Polkadot.

Meet the first cohort: The 5 teams selected for the DeFi Builders Program

Velocity Labs announces 5 teams selected for the DeFi Builders Program Cohort 1, building innovative financial applications on Polkadot Hub.

5 tech outages that prove decentralization can't wait

From AWS to CrowdStrike, major outages are increasing. Discover why centralized infrastructure keeps failing and how decentralization offers a solution.

Real World Assets on Polkadot: Your comprehensive guide to RWA

Real-World Assets bring physical value onto blockchain. Learn what RWAs are, how tokenization works, and why Polkadot is best for RWA projects.

Q3 2025 Polkadot DAO recap: Supply cap, treasury decisions & what's next

Here's what happened in Polkadot governance during Q3 2025: a permanent supply cap, millions in treasury funding decisions, and notable proposal rejections that exposed growing pains in how the DAO evaluates non-technical work.

Building AI on Polkadot: Why centralized compute is the wrong foundation

Build AI on Polkadot with verifiable data, cryptographic privacy, and native interoperability. 90% cost savings, no vendor lock-in, production-ready.

What Does Web3 Music Success Actually Look Like?

The Decentralized Mic brought together builders and investors actively shaping the future of Web3 music to discuss what's working, what's broken, and where the industry is headed next.

xs