Coinbase unveils ‘Solidify’ tool to auto-audit smart contracts and DeFi clones

Coinbase has unveiled a new tool that can automatically audit smart contracts built on Ethereum that use the Solidity programming language.

Designed to be used by smart contract auditors, asset issuers, and other exchanges, the firm has plans to make the tool open source later this year

In a June 23 post, Coinbase’s principal blockchain security engineer Peter Kacherginsky announced the firm’s new security analysis tool dubbed “Solidify”, which was created to improve on the “time-intensive and error-prone” process of manual smart contract analysis.

The engineer noted that the exchange’s token listing process requires extensive security reviews and “risk mitigation recommendations” for every smart contract to keep consumers safe.

The firm required an analyzer that can work quickly, safely, and at scale, but was unhappy with other options on the market:

“To solve this problem we developed a tool called Solidify (a play on Solidity) to increase the rate of new asset security reviews without lowering our high-security standard that Coinbase customers have come to expect for protecting their tokens.”

The Solidify tool has around 6,000 unique signatures which can be used to quickly match risks against Ethereum smart contracts. It looks at potentially dangerous functionality and insufficiently tested operations.

Kacherginsky explained that: “Solidify uses a large signature database and a pattern matching engine to reliably detect contract features and their risks, standardize and score smart contract risks, suggest mitigation strategies, and generate detailed reports.”

Solidify is not yet able to quickly analyze complex assets such as automated market makers (AMMs) and DeFi apps, because the large amount of complicated custom code involved requires additional manual analysis.

“However, Solidify is still beneficial for these applications when analyzing DeFi clones or for eliminating standard libraries from the manual review scope so analysts can focus on the custom logic,” Kacherginsky notes.

Related: Fact check: Has Coinbase launched a decentralized fact-checking portal?

The tool is a work in progress and developers will focus on “improving accuracy of signature generation and detection logic” and “Integrating formal verification techniques to reduce the need for manual analysis.”

They also hope to expand support to the Vyper programming language, which is utilized by the Ethereum Virtual Machine (EVM).


Articles You May Like

Fundamentals suggest silver prices have room for further upside
Gold Price Today: Yellow metal opens at Rs 71,650 per 10 grams, Silver at Rs 89,152/kg
May retail sales rise 0.1%, weaker than expected
Gold price drops on firm US yields, strong USD after solid US data
USDCAD bounces higher today but only to the 50% midpoint of the 2-month trading range

Leave a Reply

Your email address will not be published. Required fields are marked *