The Ethereum ecosystem continues to witness a flurry of activity that has individuals and organizations deploying token contracts, adding liquidity to pools and deploying smart contracts to support a wide range of business models. While notable, this growth has also been riddled with security exploits, leaving decentralized finance (DeFi) protocols vulnerable to hacks and scams.
For instance, recent findings from crypto intelligence firm Chainalysis show that crypto-related hacks have increased by 58.3% from the beginning of the year through July 2022. The report further notes that $1.9 billion has been lost to hacks during this timeframe — a figure that doesn’t include the $190 million Nomad bridge hack that occurred on August 1, 2022.
Although open source code may be beneficial for the blockchain industry, it can unfortunately easily be studied by cybercriminals looking for exploits. Security audits for smart contracts aim to solve these challenges, yet this procedure lacks industry standards, thus creating complexity.
An industry standard to ensure smart contract security
Chris Cordi, chair of the EthTrust Security Levels Working Group at the Enterprise Ethereum Alliance (EEA), told Cointelegraph that as the Ethereum blockchain industry grows, so does the need for a mature framework to assess the security of smart contracts.
In order to address this, Cordi, along with several EEA member representatives with auditing and security expertise, helped establish the EthTrust Security Levels Working Group in November 2020. The organization has since been working on a draft document of a smart contract specification, or industry standard, aimed at improving the security behind smart contacts.
Most recently, the working group announced the publication of the EthTrust Security Levels Specification v1. Chaals Nevile, technical program director of the EEA, told Cointelegraph that this specification describes smart contract vulnerabilities that a proper security audit requires as a minimum measure of quality:
“It is relevant to all EVM-based smart-contract platforms where developers use Solidity as a coding language. In a recent analysis by Splunk, this is well over 3/4 of mainnet contracts. But, there are also private networks and projects that are based on the Ethereum technology stack but running one their own chain. This specification is as useful to them as it is for mainnet users in helping to secure their work.”
From a technical perspective,…