Coinbase unveils ‘Solidify’ tool to auto-audit smart contracts and DeFi clones

Published at: June 24, 2021

Coinbase has unveiled a new tool that can automatically audit smart contracts built on Ethereum that use the Solidity programming language.

Designed to be used by smart contract auditors, asset issuers and other exchanges, the firm has plans to make the tool open source later this year

In a Wednesday post, Coinbase principal blockchain security engineer Peter Kacherginsky announced the firm’s new security analysis tool dubbed “Solidify,” which was created to improve on the “time-intensive and error-prone” process of manual smart contract analysis.

The engineer noted that the exchange’s token listing process requires extensive security reviews and “risk mitigation recommendations” for every smart contract to keep consumers safe.

The firm required an analyzer that can work quickly, safely and at scale, but was unhappy with other options on the market:

“To solve this problem we developed a tool called Solidify (a play on Solidity) to increase the rate of new asset security reviews without lowering our high-security standard that Coinbase customers have come to expect for protecting their tokens.”

The Solidify tool has around 6,000 unique signatures that can be used to quickly match risks against Ethereum smart contracts. It looks at potentially dangerous functionality and insufficiently tested operations.

Kacherginsky explained that “Solidify uses a large signature database and a pattern matching engine to reliably detect contract features and their risks, standardize and score smart contract risks, suggest mitigation strategies, and generate detailed reports.”

Solidify is not yet able to quickly analyze complex assets such as automated market makers and decentralized finance applications because the large amount of complicated custom code involved requires additional manual analysis.

“However, Solidify is still beneficial for these applications when analyzing DeFi clones or for eliminating standard libraries from the manual review scope so analysts can focus on the custom logic,” Kacherginsky notes.

Related: Fact check: Has Coinbase launched a decentralized fact-checking portal?

The tool is a work in progress and developers will focus on “improving accuracy of signature generation and detection logic” and “integrating formal verification techniques to reduce the need for manual analysis.”

The company also hopes to expand support to the Vyper programming language, which is utilized by the Ethereum Virtual Machine.

Tags
Related Posts
Ethereum advances with standards for smart contract security audits
The Ethereum ecosystem continues to witness a flurry of activity that has individuals and organizations deploying token contracts, adding liquidity to pools and deploying smart contracts to support a wide range of business models. While notable, this growth has also been riddled with security exploits, leaving decentralized finance (DeFi) protocols vulnerable to hacks and scams. For instance, recent findings from crypto intelligence firm Chainalysis show that crypto-related hacks have increased by 58.3% from the beginning of the year through July 2022. The report further notes that $1.9 billion has been lost to hacks during this timeframe — a figure that …
Adoption / Aug. 22, 2022
Coinbase announces it will suspend XRP trading as price drops another 10%
Major cryptocurrency exchange Coinbase will suspend trading for XRP in response to the United States Securities and Exchange Commission taking legal action against Ripple. According to a blog post published today by Coinbase chief legal officer Paul Grewal, the exchange will fully suspend XRP trading starting on Jan. 19 at 10:00 am PST. Coinbase clarified that “trading may be halted earlier as needed” to maintain the exchange’s market health metrics. In addition, the suspension will reportedly not affect Ripple-backed Flare Network's upcoming Spark (FLR) token airdrop. "The trading suspension will not affect customers' access to XRP wallets which will remain …
Sec / Dec. 28, 2020
Leading centralized exchanges extend market share in 2022
The top centralized cryptocurrency exchanges have reached all-time highs for market share this year as trading volume in crypto consolidates onto the platforms of only a few trusted companies. So named “top-tier” crypto exchanges have increased their market share from 89% in August 2021 to 96% in February 2022 according to data collected by UK analytics company CryptoCompare published on Monday, April 11. The firm analyzed over 150 active centralized exchanges, ranking them on security, number of assets available, regulatory compliance, KYC checks, and more, grading them from a top score of AA to a low of F with “top …
Business / April 12, 2022
Coinbase cut costs and bolstered rep, but profits remain challenged: Analysts
Cryptocurrency exchange Coinbase won’t escape from the profitability challenges it will face from the crypto market downturn, despite having a strong brand and credibility in the crypto market, according to investment analysts. Credit rating firm Moody’s released a note on Coinbase on Jan. 19 discussing its downgrade of Coinbase’s senior debt and corporate family rating (CFR) — a rating assigned to reflect the opinion of a company’s ability to honor its financial obligations. Coinbase’s CFR and senior debt were re-graded to B2 and B1 from Ba3 and Ba2 respectively, indicating the firm is “non-investment grade” and “speculative and subject to …
Business / Jan. 23, 2023
Coinbase CEO reiterates that 'staking' products aren't securities
Coinbase CEO Brian Armstrong has attempted to quell speculation that his exchange’s staking products should be classified as securities — upping the ante in the ongoing debate around crypto regulations with the United States Securities and Exchange Commission, or SEC. In a televised interview with Bloomberg on March 1, Armstrong said, “Our staking product is not a security,” referring to cryptocurrencies that can be staked directly on the exchange to generate yields. He continued: “Customers never turn their assets to Coinbase for instance. And we really just are providing a service that passes through those coins to help them participate …
Sec / March 1, 2023