Ethereum developers propose ERC-7512, a new standard for on-chain verification of protocol audit information for everyone!
The Block reported that Ethereum developers are working on a new ERC-7512 standard to enhance the security of Ethereum DApps by verifying smart contract audit information directly on the chain, replacing the previous practice of users obtaining audit reports from teams off-chain. Earlier this year, incidents of hacking have led to nearly $1 billion in losses.
Table of Contents
Security Teams Collaborate to Strengthen DeFi Ecosystem Security
According to reports, Ethereum developers from online security companies Safe, Ackee Blockchain, OtterSec, ChainSecurity, OpenZeppelin, and Hats Finance proposed a new standard, ERC-7512, on September 5th to enhance the security of smart contracts.
About ERC-7512
Anichohan, the Chief Marketing Officer of Safe, explained that ERC-7512 establishes a standard for the presentation of audit reports on the blockchain. Users and developers will be able to analyze contracts to extract and verify audit-related information, such as who conducted the audit and what they discovered.
Additionally, Richard Meissner, co-founder of Safe and one of the developers of ERC-7512, stated:
If ERC-7512 is implemented, trusted individuals can conduct more comprehensive audit checks, and users and DApps can easily verify their audit results. We hope developers will adopt this standard and establish online reputation systems, design insurance products, and solutions for DApps.
However, it remains uncertain whether Ethereum core developers will accept and implement ERC-7512 as a standard.
Safe: Can We Trust the Audit Reports Provided by Teams?
Lukas Schor, co-founder of Safe, also pointed out that most security audits and verification processes of smart contracts are voluntarily provided by teams in PDF files stored on GitHub. However, the authenticity of this process cannot be verified on the blockchain.
Moreover, we have seen too many cases in the DeFi space where protocols falsely claimed to have been audited, only to fall victim to RugPull or hacking attacks. Therefore, relying solely on audit reports provided by teams can no longer guarantee the security of their smart contracts.
Losses from Vulnerabilities and Hacking Incidents in 2023 Reach Nearly $1 Billion
According to a report released by blockchain security company CertiK in September, losses from vulnerability exploits, hacking attacks, and team malicious behavior have amounted to $997 million as of August this year.
#CertiKStatsAlert 🚨
Combining all the incidents in August we’ve confirmed ~$45.8M lost to exploits, hacks and scams.
Exit scams were ~$26M
Flash loans were ~$6.4M
Exploits were ~$13.5M
See more details below 👇 pic.twitter.com/L2gsJYBJ3b
— CertiK Alert (@CertiKAlert) August 31, 2023
Of this, 59.7% of total losses came from vulnerability exploit incidents, totaling $59.62 million. Flash loan attacks and RugPull behaviors resulted in losses of $26.18 million and $13.79 million, respectively.
Previously reported cases such as PEPE dump, Magnate Finance exit scam, and Zunami protocol price manipulation attacks also contributed to the list of losses.
Related
- Vitalik resists public criticism and calls for respect for the Ethereum Foundation's contributions.
- Vitalik explains why the foundation does not stake ETH: not wanting to be forced to take a stance during significant hard forks
- Grayscale adds 6 cryptocurrencies to its Top 20 list, optimistic about performance next quarter