Coinbase unveils ‘Solidify’ tool to auto-audit smart contracts and DeFi clones

Coinbase has unveiled a new tool that can automatically audit smart contracts built on Ethereum that use the Solidity programming language.

Designed to be used by smart contract auditors, asset issuers, and other exchanges, the firm has plans to make the tool open source later this year

In a June 23 post, Coinbase’s principal blockchain security engineer Peter Kacherginsky announced the firm’s new security analysis tool dubbed “Solidify”, which was created to improve on the “time-intensive and error-prone” process of manual smart contract analysis.

The engineer noted that the exchange’s token listing process requires extensive security reviews and “risk mitigation recommendations” for every smart contract to keep consumers safe.

The firm required an analyzer that can work quickly, safely, and at scale, but was unhappy with other options on the market:

“To solve this problem we developed a tool called Solidify (a play on Solidity) to increase the rate of new asset security reviews without lowering our high-security standard that Coinbase customers have come to expect for protecting their tokens.”

The Solidify tool has around 6,000 unique signatures which can be used to quickly match risks against Ethereum smart contracts. It looks at potentially dangerous functionality and insufficiently tested operations.

Kacherginsky explained that: “Solidify uses a large signature database and a pattern matching engine to reliably detect contract features and their risks, standardize and score smart contract risks, suggest mitigation strategies, and generate detailed reports.”

Solidify is not yet able to quickly analyze complex assets such as automated market makers (AMMs) and DeFi apps, because the large amount of complicated custom code involved requires additional manual analysis.

“However, Solidify is still beneficial for these applications when analyzing DeFi clones or for eliminating standard libraries from the manual review scope so analysts can focus on the custom logic,” Kacherginsky notes.

The tool is a work in progress and developers will focus on “improving accuracy of signature generation and detection logic” and “Integrating formal verification techniques to reduce the need for manual analysis.”

They also hope to expand support to the Vyper programming language, which is utilized by the Ethereum Virtual Machine (EVM).

Subscribe to our groups in Facebook and Telegram and stay up to date.

Main, News

Related Posts

Top five BTC miners not selling despite Bitcoin halving

Top five BTC miners not selling despite Bitcoin halving

17.04.2024
Web3 wellness ring lets users own their health data — and wear it too

Web3 wellness ring lets users own their health data — and wear it too

17.04.2024
TikTok parent company explores on-chain possibilities for Web3 gaming and AI

TikTok parent company explores on-chain possibilities for Web3 gaming and AI

17.04.2024
Bitcoin drops as dollar eyes ‘best 5-day run’ in 14 months on expected rate cut hold

Bitcoin drops as dollar eyes ‘best 5-day run’ in 14 months on expected rate cut hold

17.04.2024
Bitcoin miner stocks drop on ‘unsubstantiated’ post-halving profit fears: Analyst

Bitcoin miner stocks drop on ‘unsubstantiated’ post-halving profit fears: Analyst

17.04.2024

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2024 en.cryptoconsulting