ChainSecurity launches full version of Securify, advanced security scanner for Ethereum

ChainSecurity, a developer of secure blockchain protocols today announced the release of its latest automated security scanner for Ethereum smart contracts. The system is publicly available at https://securify.ch with the goal to raise the level of security in the Ethereum ecosystem.

This also marks the official release of Securify, the popular automated verifier for Ethereum smart contracts, used on a daily basis by security experts to audit smart contracts. It has so far scanned over 4,800 contracts and discovered over 59,000 security issues.

The research behind the scanner

The main technical challenge in building an effective security scanner for smart contracts is finding a way to explore all behaviors of the contract, which can even exceed the number of atoms in the universe. Recent research from the ICE Center, ETH Zurich, addresses this challenge via a new abstraction, tailored specifically to the domain of smart contracts, enabling us to scan all behaviors for vulnerabilities in few minutes. ChainSecurity, a startup founded by researchers from the ICE center, have turned this new result into an easy-to-use security scanner. Full technical details behind the new research are available in this report.

How does it compare to existing solutions?

Unlike existing security checkers, which inspect only a subset of all behaviors and can miss critical security vulnerabilities, Securify considers all behaviors. Indeed, a study on open-source Ethereum contracts reveals that existing solutions can miss up to two-thirds of vulnerabilities due to insufficient coverage (see experiments and data here). Finally, Securify offers the following advantages:

Security report produced by Securify
How to use it?

There are three ways: (i) paste the source code in code editor, (ii) point to a git repository that stores all contracts (see Fig. 1), or (iii) upload a ZIP file with the contracts. The “SCAN NOW” button will scan all contracts for security issues and show a security report.

When the smart contracts have been fully scanned, the system produces a comprehensive report that lists all identified security issues (see Fig. 2) and highlights the vulnerable statements in the code editor (see Fig. 3), to guide developers how to fix their contract. The security scanner also provides additional information about each vulnerability which can help developers fix the issues.

Impact

Securify aims to eliminate all generic security issues that appear in Ethereum smart contracts. The scanner has already discovered critical security issues in newly proposed token standards (such as a reentrancy issue in the ERC827 standard) and Solidity libraries (such as the Feeless library). Further, it successfully detects critical vulnerabilities that have resulted in more than $300M losses in the past two years. Examples include the infamous DAO vulnerability and the two critical security issues discovered in the popular Parity wallet (read this article for more details).

Release summary
Exit mobile version