Proposed Ethereum standard aims to verify security audits on-chain
A newly proposed standard, Ethereum Request for Comments (ERC)-7512, aims to enhance the security of Ethereum decentralized applications by allowing anyone to utilize and verify smart contract audit information on-chain as opposed to doing it off-chain.
This proposal has been introduced by a group of Ethereum developers from projects including Safe, Ackee Blockchain, OtterSec, ChainSecurity, OpenZeppelin, and Hats Finance.
The objective of ERC-7512 is to ensure that audit details, such as who conducted the audits and their findings, can be parsed by contracts to verify their authenticity. As of now, audits are manually presented by teams with no representation of their authenticity on-chain.
The need for this standard arises from the losses associated with issues found in smart contracts. Specifically, in the first half of 2023, more than $650 million has been lost to DeFi-related scams and hacks.
Smart contracts, which are integral to dapps, can often be vulnerable to attacks. While audits are essential for ensuring their integrity, achieving absolute security remains challenging and more robust on-chain visibility of audits needs to introduced, experts say.
“While permissionless innovation allows anyone to build anything, for actual use cases to emerge, we need to create a layer that will enable us to verify the security of contracts that interact. This visibility is currently missing,” said Richard Meissner, co-founder of Safe and one of the authors of ERC-7512.
Developers pitch ERC-7512
The proposed ERC-7512 could potentially bridge this security verification gap, allowing developers to enable more thorough audit checks and create reputation systems around audits. This standard, if implemented, can also make it easier for users and dapps to verify rigorous audits by trusted auditors and establish an on-chain reputation system for dapps.
“The first step is to make crucial audit information available to contracts verifiably. This is the goal of ERC-7512, a standard drafted by some of the industry’s best auditors and security minds. ERC-7512 is not just a one-time initiative but a catalyst for further innovation in smart contract security,” Meissner added.
It is yet to be determined whether the core Ethereum developers will accept and implement ERC-7512 as a standard.
Additionally, there have been previous proposals to boost dapp security on Ethereum. For instance, in July, there was a proposal titled ERC-7265, a “circuit breaker,” that suggested protocols should insert a protective measure in their smart contracts to halt token transfers in case there is a hack. That proposal remains under development.