– A new standard proposed, called ERC-7512, aims to enhance the security of Ethereum decentralized applications (dapps) by allowing on-chain utilization and verification of smart contract audit information.
– ERC-7512 was introduced by a group of Ethereum developers from projects including Safe, Ackee Blockchain, OtterSec, ChainSecurity, OpenZeppelin, and Hats Finance.
– The objective of ERC-7512 is to enable contracts to parse audit details on-chain, such as the identity of auditors and their findings, to verify their authenticity.
– The need for this standard arises from the significant losses incurred due to issues found in smart contracts and DeFi-related scams and hacks, amounting to over $650 million in the first half of 2023.
– Smart contracts can be vulnerable to attacks, and while audits are essential, more robust on-chain visibility of audits is required for enhanced security.
– Developers believe that ERC-7512 can bridge the security verification gap, allowing for more thorough audit checks, reputation systems around audits, and easier verification of audits by trusted auditors, establishing an on-chain reputation system for dapps.
– It is yet to be determined if core Ethereum developers will accept and implement ERC-7512 as a standard.
– Previous proposals, such as ERC-7265, have also been made to boost dapp security on Ethereum, suggesting the inclusion of protective measures in smart contracts to halt token transfers in case of hacks.
A group of Ethereum developers has proposed a new standard, Ethereum Request for Comments (ERC)-7512, to enhance the security of decentralized applications (dapps) on the Ethereum network. The aim is to allow anyone to utilize and verify smart contract audit information on-chain, rather than relying on off-chain methods.
The developers behind this proposal come from various projects, including Safe, Ackee Blockchain, OtterSec, ChainSecurity, OpenZeppelin, and Hats Finance. Their objective is to ensure that audit details, such as the auditors’ identities and their findings, can be parsed by contracts to verify their authenticity. Currently, audits are manually presented by teams with no representation of their authenticity on-chain.
The need for this standard arises from the significant losses associated with issues found in smart contracts. In the first half of 2023 alone, over $650 million has been lost to DeFi-related scams and hacks. Smart contracts, which are crucial components of dapps, can be vulnerable to attacks. While audits are essential for ensuring their integrity, achieving absolute security remains challenging. Experts argue that introducing more robust on-chain visibility of audits is necessary.
Richard Meissner, co-founder of Safe and one of the authors of ERC-7512, explains that while permissionless innovation allows anyone to build anything on the Ethereum network, the security of contracts that interact with each other needs to be verified. Currently, this visibility is lacking.
If implemented, the proposed ERC-7512 standard could bridge the security verification gap by enabling developers to conduct more thorough audit checks and create reputation systems around audits. It could also make it easier for users and dapps to verify audits conducted by trusted auditors and establish an on-chain reputation system for dapps.
Meissner emphasizes that ERC-7512 is not just a one-time initiative but a catalyst for further innovation in smart contract security. However, it is ultimately up to the core Ethereum developers to accept and implement this standard.
There have been previous proposals to enhance dapp security on Ethereum, such as the proposal titled ERC-7265, which suggested including a “circuit breaker” in smart contracts to halt token transfers in the event of a hack. This proposal is still under development.
In conclusion, the proposed ERC-7512 standard aims to enhance the security of Ethereum dapps by allowing anyone to utilize and verify smart contract audit information on-chain. This can help prevent losses associated with smart contract issues and provide better visibility into audit authenticity. However, its implementation is yet to be determined.
This is sponsored by: Learn Bitcoin Option