ETH Zurich Researchers Create Smart Contracts Scanner For Bugs & Exploits
A group of researchers from ETH Zurich has created a smart contract scanner based on Ethereum that checks whether smart contracts contain errors, exploits or potential problems.
The researchers were Dr. Petar Tsankov, Dr. Hubert Ritzdorf, Prof. Martin Vechev and Dr. Arthur Gervais. The team has extensive experience in system security and is working to improve the blockchain space of smart contracts.
The team recently joined as a new company called ChainSecurity. They are now launching products to help programmers and ICO builders understand and launch their tokens.
What Does ChainSecurity Offer?
The main technical challenge in building an effective security scanner for smart contracts is finding a way to explore all contact behaviors – that can even exceed the number of atoms in the universe.
The existing automated security checks for smart contracts. They essentially avoid this problem by inspecting only a subset of all contract behaviors. However, because not all behaviors are covered, these inspectors may overlook critical security vulnerabilities.
The new Ethereum-based scanner considers all contract behaviors to solve the challenge, rather than avoid it. In fact, a study of Ethereum's open source contracts reveals that existing solutions can lose up to two-thirds of vulnerabilities due to insufficient coverage.
Who Are They?
As such, the project is self-financing and the team was clear that they would never launch an ICO. You can see the beta version of the scanner at the following link: securify.ch/
The team has seen great interest in their products and will officially launch the product the first week of July.
The Securify system has about 100 contract loads per day (which is 50 times higher than commercial alternatives such as Quantstamp). It is currently the best option when it comes to auditing smart contracts and is regularly used by professional security auditors.
The new Ethereum security scanner is expected to have even greater traction due to the increased coverage of vulnerabilities and new features.
The team, which started out very organically, is now interested in working in the area of automated safety analysis. After observing the major security problems in Ethereum smart contracts and noting their significant financial consequences, they started working on the automated security analysis of Ethereum smart contracts.
Expectations And Market
The objective of the team is to automate security audits of smart contracts. ChainSecurity.com is based on the work of the ChainCode and Securify team and aims to be the gold standard for intelligent contract threat detection.
“We managed to build the first automated verifier for Ethereum smart contracts in the research lab and release it publicly. At this point, it became hard to keep this a purely academic project. There was a significant commercial interest from blockchain projects who worry about the security of their contracts. To address their needs, we incorporated the startup in October 2017, called ChainSecurity, and started collaborating with crypto initiatives and projects,”
A quick test of the new feature showed how quickly and accurately the system could find the exploits, which was quite interesting. Since these contracts will manage millions of dollars in capital in the future, it is best to be sure before it is too late.