A new organisation, the Ethereum Trust Alliance (ETA) has been formed with an aim to improve security and trust in the Ethereum blockchain ecosystem. The alliance is a coalition of global professional security firms, primarily drawn from the blockchain sector. The founding members of the alliance include MythX, Quantstamp, Runtime Verification, Sooho, SmartDec and ConsenSys Diligence.
— Ethereum Trust Alliance (@ethtrustorg) February 3, 2020
The alliance seeks to establish a rating system that enables blockchain users to determine the security status of a smart contract. Currently, there are no set standards for evaluation and as such there is no way for a layperson to determine whether a smart contract is secure or not. Therefore, many people operate in blind faith especially when interacting with dapps built on the Ethereum blockchain. This is amplified by the technical complexity of blockchain technology and unfamiliarity with the Solidity programming language.
The alliance initiative is aimed at transforming Ethereum into a truly global settlement platform for all kinds of transactions by providing guidelines for establishing trust. According to the ETA website, as of today, smart contracts are quite vulnerable due to lack of trust indicator.
One small flaw in smart contract code to lock up or lose tens of millions of dollars in an instant
This statement rings true especially in light of the infamous 2016 DAO incident where a hacker exploited a vulnerability in the underlying smart contract code to steal $50 million. The ETA aims to eliminate such incidents in the future by providing developers with the tools for conducting robust security tests and code audits before deploying them.
In this respect, the ETA will serve as Moody’s but for blockchain-based smart contract. The alliance itself acknowledges this and draws parallels with the investor services company stating that
Similarly, ETA ratings are designed to signal to the Ethereum community which smart contracts have been through certain levels of rigorous testing to help ensure that vulnerabilities have been addressed. The higher the ETA level the lower the associated risk.
ETA will also provide users with a standardised rating system to help them check the security of any smart contract before sending tokens. The alliance believes that having the ratings in place will help protect normal users from nefarious projects aimed at defrauding investors
If only we had these ratings during the ICO boom of 2017, we believe that many of us who were woefully uninformed about fundamental risk indicators would have had the information required to make better decisions.
The alliance expects to launch its first batch of ratings in Q1 2020.
Image courtesy of Pixabay