Some smart contracts, it turns out, are as insecure and open to malicious intruders as an unlocked mansion. So how to ensure that you’re dealing with a battened down blockchain? One possible solution, from New York-based CertiK Foundation, is a blockchain platform that checks smart contracts for evidence of security audits before it greenlights transactions.
“The ability to verify security on-chain would help prevent malicious interactions,“ CertiK’s COO Daryl Hok told Decrypt. Hok said that security audits are particularly important for DeFi and staking contracts, which process hundreds of millions of dollars worth of transactions each day.
CertiK announced Friday that the open beta of the testnet of its blockchain will launch early this week. It’s the first time CertiK’s blockchain will be available to the public, though it’s been tested by private companies and the US military research wing, DARPA.
The blockchain taps into CertiK’s “Formal Verification” platform, which the company said has already secured over $6.23 billion in assets. It has also received millions of dollars in undisclosed funding from the Ethereum Foundation and IBM.
How does it work? Said Hok: “Prior to sending cryptocurrency to get locked in a staking contract, a user may check for evidence on-chain of a security audit. Based on the security rigor-—perhaps the smart contract was not ‘Formally Verified,’ but did receive a third party audit from a reputable firm—a user may choose to send amounts in smaller batches.”
The new blockchain will be built on Cosmos, and the company’s virtual machine is compatible with Ethereum’s, so existing Ethereum smart contracts can run on the CertiK Chain.
The blockchain will also run on CertiKOS, an operating system developed by Zhong Shao, the Yale professor who founded CertiK.
Hok said he doesn’t know when the blockchain will come out of beta; that depends on when any bugs are uncovered and fixed. Presumably, a security audit is also involved.