The Enterprise Ethereum Alliance has published a smart contract security audit specification to ensure consistency and safety when it comes to deploying token contracts, adding liquidity to pools, and deploying smart contracts. The Ethereum ecosystem is booming with activity, as more individuals and organizations are using this platform to support a wide range of business models.
Though this growth is remarkable, it has also been accompanied by security exploits that have left decentralized finance (DeFi) protocols vulnerable to hacks and scams. For example, 58.3% more crypto-related hacks occurred from the beginning of the year through July 2022 according to findings from Chainalysis, a cryptocurrency intelligence firm.
The report continues by stating that approximately $1.9 billion was lost to hackers during this time frame — a number that doesn’t include the Nomad bridge hack of $190 million which occurred on August 1, 2022. Although open-source code may have benefits for the blockchain industry, it can unfortunately be simply studied and exploited by cybercriminals. Security audits for smart contracts aim to solve these challenges, yet this process lacks industry standards, thus creating complexity.
Chris Cordi, chair of the EthTrust Security Levels Working Group at the Enterprise Ethereum Alliance (EEA), told reporters that as blockchain technology and enterprises grow, there is an evident need for a framework to assess smart contract security.
In order to address this, Cordi assisted establish the EthTrust Security Levels Working Group in November 2020, along with EEA member representatives with auditing and security experience. The group has been working on a draft document of a smart contract specification, or industry standard, designed to enhance smart contract security since then.
From a technical standpoint, experts described that the new standard sets out three levels of tests that organizations should undertake when performing smart contract security audits. All things considered, the security level’s definition is assisting in the Ethereum ecosystem’s advancement by providing standards for smart contract examinations. However, they’ve warned that anticipating how an exploit may occur will be the most difficult step moving forward.