Coinbase unveils 'Solidify' to auto-audit smart contracts and DeFi clones
Coinbase has unveiled a new tool that can automatically audit smart contracts built on Ethereum that use the Solidity programming language.
The tool, designed specifically for the smart contract auditors, asset issuers, and other exchanges, the firm have plans to make it open source later this year.
Coinbase’s principal blockchain security engineer Peter Kacherginsky announced the firm's new security analysis tool dubbed “Solidify”, created to improve on the time-intensive and error-prone process of manual smart contract analysis.
Kacherginsky noted that the exchange’s token listing process requires extensive security reviews and risk mitigation recommendations for every smart contract to keep the user environment safe.
The firm needed an analyzer that can work quickly, safely, and at scale, but was unhappy with other options on the market.
“To solve this problem we developed a tool called Solidify to increase the rate of new asset security reviews without lowering our high-security standard that Coinbase customers have come to expect for protecting their tokens,” the firm stated.
The Solidify tool has around 6,000 unique signatures that can quickly match risks against Ethereum smart contracts. It looks at potentially dangerous functionality and insufficiently tested operations.
Kacherginsky explained: “Solidify uses a large signature database and a pattern matching engine to reliably detect contract features and their risks, standardize and score smart contract risks, suggest mitigation strategies, and generate detailed reports.”
The tool, however, is not yet able to quickly analyze complex assets such as automated market makers (AMMs) and DeFi apps, due to the large amount of complicated custom code involved requires additional manual analysis.
“However, Solidify is still beneficial for these applications when analyzing DeFi clones or for eliminating standard libraries from the manual review scope so analysts can focus on the custom logic,” Kacherginsky notes.
The tool is a work in progress and developers will focus on improving the accuracy of signature generation and detection logic along with Integrating formal verification techniques to reduce the need for manual analysis.
Read: Bank of Israel pilots CBDC efforts with testing on Ethereum