In the first half of 2023, an estimated $667 million was lost due to DeFi hacks and scams. Auditing smart contracts is the best practice for Web3 security, but as the Ethereum community grows, it has become increasingly important to set a new standard for audit reporting.
Berlin, Germany – Ethereum security experts and developers have introduced ERC (Ethereum Request for Comment)-7512, a new standard for onchain audit report representation, in a groundbreaking move to bolster blockchain security. This proposal aims to enhance transparency and trust within the blockchain ecosystem by providing a standardized method to represent audit reports directly on the blockchain.
Smart contracts underpin decentralized applications (dApps) and blockchain infrastructure, but vulnerabilities can risk system integrity. Audits are essential for ensuring bug-free, best-practice adherence. However, ensuring their security is an ongoing challenge. With the growing ecosystem, compossibility is one of the most prominent features of the open Ethereum community. To ensure safety in this expanding pool of components, there needs to be a standard to generate consensus on secure contracts, similar to how validators reach a consensus on valid blocks. ERC-7512 proposes a crucial step toward enhancing smart contract security by standardizing on-chain audit representation. This standardization allows us to verify that audits have been conducted for specific contracts, reinforcing the security guarantees for the entire smart contract ecosystem.
In the first half of 2023, an estimated $667 million was lost to DeFi hacks and scams. While it doesn't eliminate all risks, ERC-7512 provides a crucial building block for robust security systems in smart contracts.
ERC-7512: Fortifying the Security of Smart Contracts
Addressing this core challenge is the primary objective of ERC-7512. By offering a standardized onchain approach to verify audits, users and developers can now be alleviated from the burdensome and time-consuming task of manual verification. This standard enhances transparency in smart contracts, enabling users and dApps to verify rigorous audits by reputed auditors and building an on-chain reputation system for auditors. ERC-7512 is a foundational stepping stone; further iterations and extensions will be required to enhance its capabilities in bolstering security and reducing risk in smart contract interactions.
Richard Meissner, the co-founder of Safe and one of the Authors of ERC-7512, added:
"Blockchains have a notion of security at a consensus layer, yet smart contract risk has cost the industry billions. While permissionless innovation allows anyone to build anything, for actual use cases to emerge, we need to create a layer that will enable us to verify the security of contracts that interact. This visibility is currently missing. To scale the advantage of modules in AA, intent hooks, or even bridges, we need onchain utility to guarantee security. The first step is to make crucial audit information available to contracts verifiably. This is the goal of ERC-7512, a standard drafted by some of the industry's best auditors and security minds.
ERC-7512 is not just a one-time initiative but a catalyst for further innovation in smart contract security. Future extensions may include support for additional standards and networks, enhanced handling of polymorphic contracts, and mechanisms for managing signing keys for auditors. The goal is to continually advance the security of the blockchain ecosystem and make it resilient against vulnerabilities and attacks.
