ERC-7512 Aims to Enhance Smart Contract Security Through Onchain Audit Representations

ERC-7512 introduces a standard for onchain audit report representations, enhancing smart contract security visibility in the blockchain ecosystem.

[Berlin, Germany, Sep 19, 2023] –  Ethereum security experts and developers have introduced ERC (Ethereum Request for Comment)-7512, a new standard for onchain audit report representation, in a groundbreaking move to bolster blockchain security. This proposal aims to enhance transparency and trust within the blockchain ecosystem by providing a standardized method to represent audit reports directly on the blockchain. 

Smart contracts underpin decentralized applications (dApps) and blockchain infrastructure, but vulnerabilities can risk system integrity. Audits are essential for ensuring bug-free, best-practice adherence. However, ensuring their security is an ongoing challenge. With the growing ecosystem, composability is one of the most prominent features of the open Ethereum community. To ensure safety in this expanding pool of components, there needs to be a standard to generate consensus on secure contracts, similar to how validators reach a consensus on valid blocks. ERC-7512 proposes a crucial step toward enhancing smart contract security by standardizing on-chain audit representation. This standardization allows us to verify that audits have been conducted for specific contracts, reinforcing the security guarantees for the entire smart contract ecosystem. 

In the first half of 2023, an estimated $667 million was lost to DeFi hacks and scams. While it doesn't eliminate all risks, ERC-7512 provides a crucial building block for robust security systems in smart contracts. 

ERC-7512: Fortifying the Security of Smart Contracts

Addressing this core challenge is the primary objective of ERC-7512. By offering a standardized onchain approach to verify audits, users and developers can now be alleviated from the burdensome and time-consuming task of manual verification. This standard enhances transparency in smart contracts, enabling users and dApps to verify rigorous audits by reputed auditors and building an on-chain reputation system for auditors. ERC-7512 is a foundational stepping stone; further iterations and extensions will be required to enhance its capabilities in bolstering security and reducing risk in smart contract interactions.

Richard Meissner, the co-founder of Safe and one of the Authors of ERC-7512, added: "Blockchains have a notion of security at a consensus layer, yet smart contract risk has cost the industry billions. While permissionless innovation allows anyone to build anything, for actual use cases to emerge, we need to create a layer that will enable us to verify the security of contracts that interact. This visibility is currently missing. To scale the advantage of modules in AA, intent hooks, or even bridges, we need onchain utility to guarantee security. The first step is to make crucial audit information available to contracts verifiably. This is the goal of ERC-7512, a standard drafted by some of the industry's best auditors and security minds.

ERC-7512 is not just a one-time initiative but a catalyst for further innovation in smart contract security. Future extensions may include support for additional standards and networks, enhanced handling of polymorphic contracts, and mechanisms for managing signing keys for auditors. The goal is to continually advance the security of the blockchain ecosystem and make it resilient against vulnerabilities and attacks.

For media inquiries or further information, please contact safe@wachsman.com.

About ERC-7512:

ERC-7512 is a groundbreaking Ethereum Request for Comment (ERC) proposal that aims to create a standard for an onchain representation of audit reports that can be parsed by contracts to extract relevant information about the audits, such as who performed the audits and what standards have been verified.

It has been co-authored by:

• Richard Meissner - Safe (@rmeissner)

• Robert Chen - OtterSec (@chen-robert)

• Matthias Egli - ChainSecurity (@MatthiasEgli)

• Jan Kalivoda - Ackee Blockchain (@jaczkal)

• Michael Lewellen - OpenZeppelin (@cylon56)

• Shay Zluf - Hats Finance (@shayzluf)

To learn more and make contributions, please visit 

https://eips.ethereum.org/EIPS/eip-7512 

About Safe

Safe (previously Gnosis Safe) is a decentralized custody protocol, securing ~$50 Billion in assets today. It is establishing a universal standard for the secure custody of digital assets, data, and identity. With Safe{Wallet}, its flagship web and mobile wallet, and Safe{Core} Smart Account infrastructure, Safe is on a mission to unlock digital ownership for everyone in web3 including DAOs, enterprises, retail, and institutional users. For more information, visit: Website | Twitter | Mirror

About Ackee Blockchain

Ackee Blockchain is a team of security researchers auditing top-tier protocols Safe, CoW Protocol, 1inch, Axelar, LayerZero, Trader Joe, or Neon EVM—track record: 0 hacks and $0 post-audit fund losses. The company's mission to contribute to a stronger blockchain ecosystem is fulfilled in initiatives such as ERC-7512, developing the Woke toolkit with the first detector for ERC-4337, or the open-source fuzzer for Solana Trdelnik. Members of Ackee Blockchain teach at the Czech Technical University in Prague.

About OtterSec

OtterSec is a blockchain security company focused on identifying and patching critical exploits before our clients go to market. We work closely with leading teams to provide a holistic and collaborative approach to security.

Our deep understanding of blockchain internals and the latest exploit methods help us find vulnerabilities others miss. That’s why over 120 protocols trust OtterSec to protect a combined $5.2B TVL.

About OpenZeppelin

Founded in 2015, OpenZeppelin is the world leader in securing blockchain applications and smart contracts. Its bedrock open source Contract Libraries are a public good and industry standard for smart contract development. OpenZeppelin’s professional expertise, unified with the Defender developer security platform, integrates through clients’ development lifecycles, so teams can plan, code, audit, deploy and operate projects faster and more safely.

About Hats finance

Hats presents an innovative solution for managing non-custodial Bug Bounties and Audit Competitions. By adopting a non-custodial approach, projects gain full control over the process, resulting in reduced fees through our pay-for-results model. An intriguing aspect is the ability to conduct audit competitions even after multiple prior audits, saving on payouts and fees if no new findings emerge.

Following projects have already placed their trust in Hats: StakeWise, Liquity, HOPR, Tempus, TempleDAO, Paraswap, Angle, and many more. 

Hats is supported by an impressive roster of backers including Greenfield, Lemniscap, Accomplice, Collider Ventures, Spartan, IOSG, and several others. Discover more on Hats Finance: https://hats.finance/