American-based global cryptocurrency exchange giant Coinbase has revealed a newer approach to auditing Ethereum smart contracts which it dubs ‘Solidify’.
Peter Kacherginsky, who acts in the capacity of principal blockchain security engineer in an announcement on June 23, made this known, saying Solidify will speed up the turnaround time involved in the usually rigorous “time-intensive and error-prone” manual process of auditing smart contracts.
Asset issuers, smart contract auditors, and other exchanges will have access to the security analysis tool after Coinbase open-sources Solidify later in the year.
Coinbase, which is easily the hallmark of cryptocurrency exchange compliance through its principal blockchain security engineer, noted that the exchange ensures extensive security reviews in the event of any token listing but still needed an analyzer that can work quickly, safely, and at scale. Unfortunately, the current industry options do not meet up hence its development of Solidify.
“To solve this problem, we developed a tool called Solidify (a play on Solidity) to increase the rate of new asset security reviews without lowering our high-security standard that Coinbase customers have come to expect for protecting their tokens.”
Solidify is a unique tool with about 6,000 unique signatures built for easy and fast risk-matching on smart contracts written in solidity, primarily the language of the dapps built on the Ethereum network. The smart contract analyzer helps to look at potentially dangerous functionality and insufficiently tested operations.
“Solidify uses a large signature database and a pattern matching engine to reliably detect contract features and their risks, standardize and score smart contract risks, suggest mitigation strategies, and generate detailed reports," Kacherginsky said.
Although Solidify is built to help expose security flaws in any Ethereum smart contract, it is not yet operationally capable of analyzing complex assets such as automated market makers (AMMs) and DeFi apps, because those are large protocols with complicated custom code involved. This requires additional manual analysis. Speaking regarding this, Kacherginsky said:
“However, Solidify is still beneficial for these applications when analyzing DeFi clones or for eliminating standard libraries from the manual review scope so analysts can focus on the custom logic."
As Kacherginsky mentioned, the tool will be open-sourced later in the year, but for now, it is still a work in progress as the developers working on Solidify are “improving accuracy of signature generation and detection logic” and “Integrating formal verification techniques to reduce the need for manual analysis.”
With Solidify, the industry gets an added suite of security audit tools where smart contract hack and malfunction resulting in either a massive drain of funds or rebase error is no longer news.