CertiK deploys automated smart contract auditing tool

Published at: Nov. 12, 2020

Security company CertiK announced on Thursday the launch of QuickScan, an automated tool for scanning smart contracts for vulnerabilities.

While it will not be a stand-alone tool, the suite is set to improve the analysis performed by the security oracles of CertiK Chain (CTK). QuickScan checks deployed smart contracts against a database of known vulnerabilities, using static and dynamic analysis techniques that check the bytecode, source code and access parameters for each smart contract.

Daryl Hok, chief operating officer of CertiK, said that a smart contract analysis can be finished in less than an hour. The system assigns security scores to each different area and aggregates them to express an overall evaluation.

The system will be part of the security audit system built into CertiK Chain. The blockchain introduced the concept of security oracles, a quicker and more granular system for auditing smart contracts. While the initial design relies on manual analysis conducted by security companies and experts acting as oracles, QuickScan seeks to automate part of that process.

Hok noted that such a system would not replace manual analysis, with formal audits remaining crucial for security evaluation. Nonetheless, automated scanners can help in picking the lowest-hanging fruit or as guidance for knowing where a deeper look could be useful.

QuickScan is a proprietary design that will be only available for CertiK clients or security oracle users. The team did not indicate whether there are plans for a wider rollout.

CertiK is one of several security audit companies working in the blockchain space, recently scoring a partnership with Binance to audit Smart Chain projects. It is also available on Launch Pool, Binance’s in-house yield farming platform.

Tags
Related Posts
Smart contract exploits are more ethical than hacking... or not?
There has been a lot of talk about the recent “hacks” in the decentralized finance realm, particularly in the cases of Harvest FInance and Pickle Finance. That talk is more than necessary, considering hackers stole more than $100 million from DeFi projects in 2020, accounting for 50% of all hacks this year, according to a CipherTrace report. Related: Roundup of crypto hacks, exploits and heists in 2020 Some point out that the occurrences were merely exploits that shined a light on the vulnerabilities of the respective smart contracts. The thieves didn’t really break into anything, they just happened to casually …
Technology / April 18, 2021
Wolfram Alpha teams up with Cardano to build 'avant-garde oracles'
Wolfram Alpha, a major computational knowledge engine providing technology for major services such as Apple’s Siri assistant, is integrating data from the Cardano blockchain. According to a Thursday announcement, Wolfram Blockchain Labs, or WBL — a subsidiary of Wolfram Research — has partnered with Charles Hoskinson-founded tech company IOHK. As part of the partnership, WBL will integrate Cardano’s blockchain data into Wolfram Alpha, allowing developers to integrate external data into Cardano’s smart contracts. The new partnership will specifically address work on the so-called “avant-garde oracles,” which the companies believe are a necessary component to build advanced smart contracts. According to …
Technology / Dec. 17, 2020
Binance Smart Chain Adds Chainlink Oracles for Better DeFi
Binance Smart Chain — a dual-chain architecture from major crypto exchange Binance — is now integrating Chainlink (LINK) data oracles. Binance Smart Chain adds smart contracts to the exchange's original chain, Binance Chain, and is currently in testnet. Chainlink co-founder Sergey Nazarov told Cointelegraph that in his opinion, this integration will save time and effort for developers who are building decentralized apps on the blockchain: “With the Chainlink integration, Binance Smart Chain developers no longer need to dedicate months of engineering time to set up their own oracle infrastructure. Now, they can simply use Chainlink as an abstraction layer to …
Technology / July 23, 2020
IT Firm Helps Healthcare Providers Fight Crypto Ransomware Amid Coronavirus
As the novel coronavirus crisis continues, a cybersecurity firm has started offering free help to healthcare providers that fall victim to cryptocurrency-demanding ransomware. According to an announcement on March 18, cybersecurity firm Emsisoft partnered with incident response company Coveware to allow free access to ransomware-related services at no cost to healthcare providers. The initiative aims to get the impacted organizations operational in the shortest time possible to reduce the impact on patient care to a minimum. “A perfect storm” According to the firm, ransomware attacks have a seasonal aspect with the number of incidents spiking during the spring and summer …
Technology / March 19, 2020
DAOs need checks and balances to have better governance
Over the past few years, decentralized autonomous organizations (DAOs) have introduced a clear paradigm shift in blockchain governance. With their community decision-making and adherence to hardcoded rules, they have challenged the role of hierarchy and central authority that are present in modern organizations, especially as it pertains to business. Ideologically, DAOs have a lot in common with democracies: individuals holding an amount of a DAO’s specific token can allocate those tokens as votes on governance proposals. Once voting has concluded, the final outcome is executed autonomously by smart contracts. In functional democracies, however, citizens elect representatives to legislate laws and …
Decentralization / Oct. 18, 2022