Yesterday, the Smart Contract Security Alliance (SCSA) announced its founding council and highlighted the contributions of member organizations to blockchain security.
Members of the founding council include Fujitsu, Nomura’s NRI Secure, ConsenSys‘ MythX, LayerX, Blockgeeks, Quantstamp and the National University of Singapore’s School of Computing.
Smart contracts are pieces of programming code invariably used on a blockchain. However, every program has bugs, and in blockchain’s case can result in the loss of a significant amount of money. SCSA was formed to help to prevent such leaks and develop standards to review and audit smart contracts.
A recent survey on the security of Ethereum blockchain revealed 44 different vulnerabilities, 26 of which are in the ‘application layer’ where smart contracts and dApps operate. In 2016, a contract flaw in the DAO project resulted in an attack where about $60 million worth of Ether was stolen. This resulted in a controversial fork or split in the Ethereum network to recover the funds.
Another high profile example is the Parity freeze, when a user accidentally triggered a bug in the smart contract of crypto wallet provider Parity, freezing over $280 million in Ether. This incident happened only a few months after Parity’s multisig walled was attacked by hackers who stole about $30 million of Ether from user accounts.
In the face of such incidents, numerous smart contract audit companies have emerged to secure blockchain networks. Blockchain firm ConsenSys has a dedicated unit called ConsenSys Diligence which is working to improve smart contract security. Tom Lindeman is the co-founder of this unit as well as MythX .
MythX is ConsenSys’ security toolsuite for auditing smart contracts. In September it surpassed 1 million smart contract security scans on its platform. A month earlier it introduced a Pro version of the tool.
Japan’s LayerX recently helped refine and verify CasperLabs’ CBC Casper, a family of proof of stake consensus protocols.
In July, Quantstamp released a book titled ‘Fundamentals of Smart Contract Security’. The company has carried out audits on the Binance Stablecoin platform and the Klaytn platform for Kakao.
