Ethereum Decentralized Applications Could Have an A+ Security Rating According to Amberdata
There are more than 1.2 million applications based on Ethereum (ETH) that have implemented a very efficient security tool to avoid errors related to self-executing lines. It is widely known that several decentralized applications (dApps) have been affected by bugs in smart contracts.
Amberdata’s Tool Helps dApps Avoid Problems
The tool has been launched by the crypto startup Amberdata in October. This tool is available for those interested in improving the security of applications that are based on the Ethereum blockchain. There have been several attackers that exploited bugs that led to large losses.
With this service, it is possible to scan common vulnerabilities that can affect smart contracts. Moreover, the service will be giving a letter grade rating to the application in terms of security. These apps can receive an A, B, or C grade depending on their security level.
The feature has been in the market for a few months and it has been used by several dApps, increasing the transparency between developers and users in the Ethereum ecosystem. The whole cryptocurrency space will have its transparency enhanced.
Amberdata CEO, Shawn Douglass, explained in a press release that they want to provide greater access and also enhanced visibility into smart contracts.
On the matter, he commented:
“We hope that by providing these tools to the community, we can reduce outside dependencies and enable the community to develop faster and more safely.”
According to Amberdata CTO, Joanes Espanol, there are 13 different types of vulnerabilities scanned by the program. He compared the tool with engine lights on a car dashboard. He said that it is necessary to check what’s going on with a specific application.
The larger the number of errors detected by the tool, the lowest the rating gade that the application will receive. However, the 13 vulnerabilities have different degrees of severity. The final grade will change according to the result the app had in each of the vulnerabilities.
As Espanol says, the security audit sends warnings regarding each of the vulnerabilities rather than pointing out which is the code error. One of these dApps that is using the service is TrueUSD, which was created by the TrustToken company. TrueUSD (TUSD) is a stablecoin that offers users the possibility of hedging against volatility in crypto markets.
This dApp has a C letter grade. However, TrustToken security engineer, William Morriss, said in a conversation with CoinDesk that the concerns were not “critical.” According to Morriss, TrueUSD contracts are owned and operated by the companies themselves instead than by a third party.
According to Amberdata’s grading system, the programming language Solidity has a few features that developers should just avoid. These characteristics that must be avoided are “suicide()” and “tx.origin.”
CryptoKitties, for example, has an A+ security rating. CryptoKitties is one of the most popular decentralized applications based on the Ethereum network. The dApp became popular at the end of 2017 when it allowed users to buy, sell and collect different cats.
Fabiano Soriani, explains that written documentation and video tutorials on dApp development cannot be considered to build secure applications on top of Ethereum.
“When someone runs an audit, they point out things for you. It’s a very good complementary resource [to passive resources] because developers coming from a more traditional background aren’t familiar with blockchain.”
According to Morris, it is very important to have a larger level of caution when running code that is public. Indeed, decentralized applications are generally open-source, which allows interested users to have a look at the code at any moment. If users are able to find a bug in the smart contract, they will use it for their profit or for harming a specific dApp.
Moreover, these smart contracts coded in Solidity and executed on top of a blockchain cannot be changed. Once the programs are deployed on top of a blockchain, they cannot be modified. This shows that it is very important for developers to always run tests of their dApps and perform security audits from third parties.