Yesterday, the Smart Contract Security Alliance (SCSA) announced its founding council and highlighted the contributions of member organizations to blockchain security.
Smart contracts are pieces of programming code invariably used on a blockchain. However, every program has bugs, and in blockchain’s case can result in the loss of a significant amount of money. SCSA was formed to help to prevent such leaks and develop standards to review and audit smart contracts.
A recent survey on the security of Ethereum blockchain revealed 44 different vulnerabilities, 26 of which are in the ‘application layer’ where smart contracts and dApps operate. In 2016, a contract flaw in the DAO project resulted in an attack where about $60 million worth of Ether was stolen. This resulted in a controversial fork or split in the Ethereum network to recover the funds.
Another high profile example is the Parity freeze, when a user accidentally triggered a bug in the smart contract of crypto wallet provider Parity, freezing over $280 million in Ether. This incident happened only a few months after Parity’s multisig walled was attacked by hackers who stole about $30 million of Ether from user accounts.
In the face of such incidents, numerous smart contract audit companies have emerged to secure blockchain networks. Blockchain firm ConsenSys has a dedicated unit called ConsenSys Diligence which is working to improve smart contract security. Tom Lindeman is the co-founder of this unit as well as MythX .
MythX is ConsenSys’ security toolsuite for auditing smart contracts. In September it surpassed 1 million smart contract security scans on its platform. A month earlier it introduced a Pro version of the tool.
Japan’s LayerX recently helped refine and verify CasperLabs’ CBC Casper, a family of proof of stake consensus protocols.