Coinbase has unveiled a new tool that can automatically audit smart contracts built on Ethereum that use the Solidity programming language.
Designed to be used by smart contract auditors, asset issuers and other exchanges, the firm plans to make the tool open source later this year.
In a June 23 post, Coinbase’s lead blockchain security engineer Peter Kacherginsky announced The firm’s new security analysis tool, dubbed “Solidize,” was created to improve upon the “time-intensive and error-prone” process of manual smart contract analysis.
Engineer said the exchange’s token listing process requires extensive security reviews and “risk mitigation recommendations” for each smart contract to keep consumers safe.
The firm needed an analyst who could operate quickly, safely and at scale, but was unhappy with other options on the market:
“To address this issue we developed a tool called Solidify (a play on Solidity) to increase the rate of new asset security reviews without reducing our high security standards, which Coinbase customers use to protect their tokens. is expected.”
The Solidify tool has about 6,000 unique signatures that can be used to quickly mask the risks of Ethereum smart contracts. It sees potentially dangerous functionality and insufficiently tested functions.
Kacherginsky explained that: “Using a large signature database and a pattern matching engine to reliably detect Solidify contract features and their risks, standardize and score smart contract risks, suggest mitigation strategies, and generate detailed reports.” does.”
Jamna is not yet able to analyze complex assets such as automated market maker (AMM) and DeFi apps, because the large amount of complex custom code involved requires additional manual analysis.
“However, Solidify is still beneficial for these applications when analyzing DeFi clones or eliminating standard libraries from the scope of manual review, so analysts can focus on custom logic,” noted Kacherginsky.
The tool is a work in progress and developers will focus on “improving the accuracy of signature generation and identification logic” and “integrating formal verification techniques to reduce the need for manual analysis”.
They also hope to expand support for the Viper programming language, which is used by the Ethereum Virtual Machine (EVM).