Coinbase reveals its new tool which will automatically audit smart contracts built on Ethereum that use the Solidity Programing Language.
Designed to be employed by smart contract auditors, asset issuers, and other cryptocurrency exchanges, the firm has plans to form the tool open source later this year.
Within a recent official web-blog post, Coinbase’s principal blockchain security engineer Peter Kacherginsky revealed that the firm’s new security analysis tool referred to as “Solidify”, was created to enhance the “time-intensive and error-prone” process of manual smart contract analysis.
The engineer outlined that the exchange’s token listing process requires extensive security reviews and “risk mitigation recommendations” for each smart contract to ensure its user’s security.
The firm required an analyzer that will work quickly, safely, and at scale, but was unhappy with other options on the market:
“To solve this issue we developed a tool called Solidify [a play on Solidity] to extend the speed of new asset security reviews without lowering our high-security standard that Coinbase users have come to expect for shielding their tokens.”
The Solidify tool has around 6k unique signatures that can be quickly used to match risks against Ethereum smart contracts. It’s a potentially dangerous functionality and insufficiently tested operations.
Kacherginsky added that: “Solidify uses an outsized signature database and a pattern matching engine to reliably detect contract features and their risks, standardize and score smart contract risks, suggest mitigation strategies, & generate detailed reports.”
Solidify isn’t yet ready to quickly analyze complex assets like AMMs [Automated Market Makers] and DeFi apps, because the massive amount of complicated custom code involved requires additional manual analysis.
“However, Solidify remains beneficial for these apps when analyzing DeFi clones or for eliminating standard libraries from the manual review scope so analysts can specialize in the custom logic,” Kacherginsky outlined.