Intercoin Smart Contract Security


The original goal of crypto projects (Bitcoin, Litecoin, even Dogecoin) was to eliminate the need to trust any centralized party. As long as users were able to keep their private keys secure, they were the only ones who could sign their transactions. The blockchain then made sure that each transaction was properly recorded and no rules were violated.

Ethereum democratized the ability to launch these kinds of protocols, by making it easy for anyone to create a smart contract with its own custom set of rules. However, this led to a proliferation of custom code, most of which was actually insecure – either accidentally or on purpose. In Web 2.0, we had a similar problem when PHP allowed anyone to quickly slap together a back-end web script, but in Web 3.0 this is especially problematic because the whole point of the industry was supposed to be about creating code the users can trust instead of institutions and intermediaries.

The proper solution, however, was right in front of us the whole time:

Smart Contract Factories

Protocols like UniSwap rely on factories of smart contracts to produce instances which all have identical code, and differ only in their initial parameters. By filling out a simple form, any person or organization can launch a smart contract, without having to know anything about coding, or paying someone to analyze the security of the smart contract. That’s because the worldwide community can collectively audit and battle-test the smart contract factory, and over time as more and more capital comes to be managed by its instances, the entire protocol, including all its instances, becomes totally battle-tested.

The CertiK audit of our ITR token is nearly done, and this week we will be releasing the token along with version 1.0 of all our smart contract factories. We plan to raise money from our community to pay for audits of all our smart contract factories – each time an audit is performed, the entire worldwide Intercoin community will benefits from it.


The Release Manager is an essential part of our security solution. It allows anyone to check whether a specific smart contract instance was produced by one of our approved (and audited) smart contract factories. Rather than being fooled into interacting with a rogue smart contract, you can always know and leverage the trust that we plan to earn with our ecosystem.

Trust is earned over time, and tends to centralize. The same is true of code. After years of work, we’re fairly confident in our work. However, perfect absence of bugs is never guaranteed, and if we find any issues in version 1.0 of our smart contracts, we will release fixes in the next version 2.0 . As time goes on, and as more capital is committed to the ecosystem, people will feel more confident in each of the smart contracts to use it for larger capital and more important community roles and decisions.

This is how decentralized software is supposed to be securely distributed on a blockchain. Anyone can initiate a transaction and call factory.produce(parameters) to create an instance of a smart contract for their own community. It’s even easier than having to download software, perform reproducible builds, verify checksums, and so on. Just click and go!