Ethereum Developers Propose On-Chain Smart Contract Audit Reports
In a recent proposal put forth by Ethereum developers, a new smart contract standard aims to make smart contract audits for DeFi protocols easily accessible to users. The proposal, known as ERC-7512, has sparked lively discussions among developers since it was first published on the Ethereum Magicians forum.
The proposal was initiated by Richard Meissner, the co-founder of Safe, and received contributions from developers representing prominent Web3 security firms such as OtterSec, ChainSecurity, OpenZeppelin, Ackee Blockchain, and Hats Finance.
The main objective of ERC-7512 is to establish a standard for on-chain representation of audit reports. These reports can then be parsed by smart contracts, allowing users to extract relevant information about the audits themselves. This includes details such as who performed the audits and which standards were verified. The proposal highlights the importance of verifying on-chain that a contract has undergone an audit, as this provides stronger security guarantees and enables better composability.
While the proposal has garnered broad support from the community, developers are currently engaged in discussing the finer points of how to implement the standard. Some developers, including Dexara, the founder of Callisto Network, have expressed the opinion that the proposed implementation is overly complicated. As an alternative, they suggest utilizing a registry that organizes audits through non-transferable Soulbound Tokens. However, Meissner argues that solely relying on a registry would adopt a more centralized approach.
Meissner clarified that the proposed ERC could still be used alongside a registry, but its primary focus is to standardize what auditors should sign and not to define the registry itself. This is meant to ensure consistent verification across the entire ecosystem.
It is important to note that while security audits are valuable, they do not guarantee that a protocol’s code is completely invulnerable. A recent example is the launch of BANANA, a token for a Telegram trading bot. Despite the team claiming that the code had undergone two audits, a bug was discovered in the smart contract just hours after deployment. This incident highlights the complexity of ensuring foolproof code.
In response to the proposal, Twitter user punk9059 put BANANA’s code through an AI chatbot called ChatGPT, which immediately identified the problem. This demonstrates the potential of leveraging AI technology to assist in identifying vulnerabilities and enhancing the security of smart contracts.
The Ethereum community is eagerly awaiting further discussions and iterations of the ERC-7512 proposal, as it holds the potential to enhance the transparency and security of DeFi protocols. By making smart contract audit reports easily accessible on-chain, users will have greater confidence in the protocols they interact with, ultimately promoting a more secure and robust DeFi ecosystem.
