U.S. cryptocurrency exchange Coinbase has unveiled new tools to detect and classify smart contract security risks.
In a blog post on June 23, the crypto exchange giant announced that it has developed a tool called Solidify (not to be confused with programming language Solidity).
The tool will be used to help automate, standardize, and scale the process of smart contract security analysis and classification, it stated.
Solidify will be used in tandem with Coinbase’s Asset Hub, a process to streamline its diligence process for new listings launched in early May.
“To keep our customers and Coinbase safe, our token listing process requires security reviews and risk mitigation recommendations for every smart contract.”
Automated smart contract scanning
Coinbase, which is reportedly setting up shop in New York City, acknowledged that manual smart contract analysis is a time-intensive and error-prone process. It explained that Solidify uses a large signature database and a pattern matching engine to reliably detect contract features and their risks.
From this it can standardize and score smart contract risks, suggest mitigation strategies, and generate detailed reports. These will then be used to aid the decision on whether or not Coinbase should list the asset.
“Solidify evaluates security risks of hundreds of smart contracts either fully automatically or through identification of unique functions that require additional manual review.”
The blog post elaborates that most smart contract risks come from design operation choices that introduce potentially dangerous functionality such as freezing, or upgrading. Some include non-standard functions that are insufficiently tested such as custom withdrawal logic, it added.
Solidify works with the OpenZeppelin library’s ‘asset pause’ function which is present in the majority of smart contracts. The tool aggregates instances of the code and automatically checks its status and validity.
Coinbase stated that Solidify currently has about 6,000 unique signatures which are used to efficiently match risks against any given smart contract.
“A manual review which took up to 2 work days in 2018 can be performed in just a few minutes in 2021.”
More focus on smart contracts
Coinbase is joining a growing number of crypto companies that are focusing on the security side of smart contracts, albeit for its own internal purposes.
On June 2, the DeFiYield protocol launched a web archive of smart contract audits in what it claimed was a world first. A the time of writing, the archive listed 1,095 decentralized finance (DeFi) projects.
A couple of days later, a protocol called Sherlock secured a $1.5 million funding round for a project that aims to protect users from the increasing trend of smart contract exploits and hacks.