Proposed Ethereum standard aims to verify security audits on-chain

Quick Take

  • Ethereum Request for Comments (ERC)-7512 is a proposed standard aiming to enhance Ethereum smart contract security by standardizing on-chain verification of smart contract audits.
  • The standard has been proposed by developers from Safe, Ackee Blockchain, OtterSec, ChainSecurity, OpenZeppelin, and Hats Finance.

A newly proposed standard, Ethereum ETH +2.73% Request for Comments (ERC)-7512, aims to enhance the security of Ethereum decentralized applications by allowing anyone to utilize and verify smart contract audit information on-chain as opposed to doing it off-chain.

This proposal has been introduced by a group of Ethereum developers from projects including Safe, Ackee Blockchain, OtterSec, ChainSecurity, OpenZeppelin, and Hats Finance.

The objective of ERC-7512 is to ensure that audit details, such as who conducted the audits and their findings, can be parsed by contracts to verify their authenticity. As of now, audits are manually presented by teams with no representation of their authenticity on-chain.

The need for this standard arises from the losses associated with issues found in smart contracts. Specifically, in the first half of 2023, more than $650 million has been lost to DeFi-related scams and hacks.

Smart contracts, which are integral to dapps, can often be vulnerable to attacks. While audits are essential for ensuring their integrity, achieving absolute security remains challenging and more robust on-chain visibility of audits needs to introduced, experts say.

“While permissionless innovation allows anyone to build anything, for actual use cases to emerge, we need to create a layer that will enable us to verify the security of contracts that interact. This visibility is currently missing,” said Richard Meissner, co-founder of Safe and one of the authors of ERC-7512.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Developers pitch ERC-7512

The proposed ERC-7512 could potentially bridge this security verification gap, allowing developers to enable more thorough audit checks and create reputation systems around audits. This standard, if implemented, can also make it easier for users and dapps to verify rigorous audits by trusted auditors and establish an on-chain reputation system for dapps.

“The first step is to make crucial audit information available to contracts verifiably. This is the goal of ERC-7512, a standard drafted by some of the industry’s best auditors and security minds. ERC-7512 is not just a one-time initiative but a catalyst for further innovation in smart contract security,” Meissner added.

It is yet to be determined whether the core Ethereum developers will accept and implement ERC-7512 as a standard.

Additionally, there have been previous proposals to boost dapp security on Ethereum. For instance, in July, there was a proposal titled ERC-7265, a “circuit breaker,” that suggested protocols should insert a protective measure in their smart contracts to halt token transfers in case there is a hack. That proposal remains under development.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Tim Copeland at
[email protected]