ETH smart contract scanner to find vulnerabilities
Some of you already knows what a smart contract is and what it does. But, after all as it is a piece of software that runs over the Ethereum blockchain it is susceptible to bugs and vulnerabilities like any other software if not more (from risk point of view). This created a need in the market which was fulfilled by researchers from ETH Zurich which created an Ethereum smart contracts scanner that looks up for vulnerabilities, bugs or other exploits that could be used around it. The team members - Prof. Martin Vechev, Dr. Arthur Gervais, Dr. Petar Tsankov and Dr. Hubert Ritzdorf - all come from a security system background and defined the scope of making smart contracts as trustable as they can be. They've put all this hard work into creating a new company - ChainSecurity - which offers to blockchain developers and other ICO creators a set of tools to assist them launching their tokens.
“The main technical challenge in building an effective security scanner for smart contracts is finding a way to explore all behaviors of the contact, which can even exceed the number of atoms in the universe. Existing automated security checkers for smart contracts essentially avoid this problem by only inspecting a subset of all behaviors of the contract,” said Tsankov.
“However, since not all behaviors are covered, these checkers can miss critical security vulnerabilities. Our new Ethereum scanner considers all behaviors of the contract to solve the challenge, rather than avoid it. Indeed, a study on open-source Ethereum contracts reveals that existing solutions can miss up to two-thirds of vulnerabilities due to insufficient coverage.”
The team doesn't intend to launch an ICO for their product and the projects that gravitates around blockchain are self funded. They offer a beta version of the scanner for those that wish to give it a try on their smart contracts: http://ethereum.chainsecurity.com:5000/
“Our Securify system has about 100 contract uploads per day (which is 50x higher than commercial alternatives, such as Quantstamp). It is currently the top choice when it comes to auditing smart contracts and is regularly used by professional security auditors. I expect the new Ethereum security scanner to have even higher traction due to the larger coverage of vulnerabilities and new features,” Tsankov declared.
“The startup / project started very organically. I am very keen on work in the area of automated security analysis. Having observed the big security issues in Ethereum smart contracts, and the significant financial consequences of these, I started working on automated security analysis of Ethereum smart contracts together with few other PhD students in the lab. We managed to build the first automated verifier for Ethereum smart contracts in the research lab and release it publicly. At this point, it became hard to keep this a purely academic project. There was a significant commercial interest from blockchain projects who worry about the security of their contracts. To address their needs, we incorporated the startup in October 2017, called ChainSecurity, and started collaborating with crypto initiatives and projects,” he added.
The ultimate goal of the team is to reach fully automation of the security audits of smart contracts. The ChainSecurity.com company that was born has at its foundation the results of the team put up on other projects like ChainCode and Security. With the purpose to standardize the smart contracts security audit, I believe that they bring a lot at the table as security from my point of view is the brick that will help this industry be recognized and trusted at scale. This is the right way to do it and this team understood in time in order to ensure a healthy growth of the blockchain technology.