A group of researchers at ETH Zurich have created an Ethereum smart contract scanner that will check your smart contracts for bugs, exploits, or potential problems. The researchers, Dr. Petar Tsankov, Dr. Hubert Ritzdorf, Prof. Martin Vechev, and Dr. Arthur Gervais, all have extensive experience in system security and they are working on improving the blockchain space one smart contract at a time. The team recently incorporated as a new company, ChainSecurity, and they are released products to help programmers and ICO builders understand and launch their tokens.
“The main technical challenge in building an effective security scanner for smart contracts is finding a way to explore all behaviors of the contact, which can even exceed the number of atoms in the universe. Existing automated security checkers for smart contracts essentially avoid this problem by only inspecting a subset of all behaviors of the contract,” said Tsankov. “However, since not all behaviors are covered, these checkers can miss critical security vulnerabilities. Our new Ethereum scanner considers all behaviors of the contract to solve the challenge, rather than avoid it. Indeed, a study on open-source Ethereum contracts reveals that existing solutions can miss up to two-thirds of vulnerabilities due to insufficient coverage.”
Who are the founders and what is their background?
The project is self funded and the team was clear that they would never launch an ICO. You can check out the beta version of the scanner here.
The team has seen a great deal of interest in their products and they will officially launch this new one this week.
“Our Securify system has about 100 contract uploads per day (which is 50x higher than commercial alternatives, such as Quantstamp). It is currently the top choice when it comes to auditing smart contracts and is regularly used by professional security auditors. I expect the new Ethereum security scanner to have even higher traction due to the larger coverage of vulnerabilities and new features,” said Tsankov.
“The startup / project started very organically. I am very keen on work in the area of automated security analysis. Having observed the big security issues in Ethereum smart contracts, and the significant financial consequences of these, I started working on automated security analysis of Ethereum smart contracts together with few other PhD students in the lab. We managed to build the first automated verifier for Ethereum smart contracts in the research lab and release it publicly. At this point, it became hard to keep this a purely academic project. There was a significant commercial interest from blockchain projects who worry about the security of their contracts. To address their needs, we incorporated the startup in October 2017, called ChainSecurity, and started collaborating with crypto initiatives and projects,” he said.
The team’s goal is to automate smart contract security audits. Their company, ChainSecurity.com, is built on the team’s work at ChainCode and Securify and aims to be the gold standard for smart contract threat detection. A quick test of the new feature showed how quickly and precisely the system could find exploits, which was quite interesting. Given these contracts will be managing millions of dollars in capital down the line, it’s better to be safe than very, very sad.