The team from ChainSecurity AG, an ETH spin-off from the Department of Computer Science, joined PricewaterhouseCoopers (PwC) Switzerland to further accelerate market growth and product development.
The journey of ChainSecurity started with the first major hack in a popular Ethereum contract. The problem was caused by a security bug, which allowed an attacker to appropriate over 150 million USD. Shortly after the incident, researchers from the Secure, Reliable, and Intelligent Systems (SRI) Lab at the Department of Computer Science investigated the attack and explored different ways to ensure that smart contracts are free of vulnerabilities.
The group came up with a novel technique able to inspect all potentially vulnerable behaviours within minutes and published the result at the ACM Conference on Computer and Communications Security, for which they received high recognition. Researchers from the SRI Lab implemented an open-source prototype based on the technique and made it publicly available to users. The positive feedback from smart contract developers and the need for securing smart contracts led to the incorporation of ChainSecurity AG in October 2017.
From prototype to product
After incorporation, the ChainSecurity team and the Ethereum foundation supported further development of the research prototype, adding support for more vulnerabilities and improving the usability of the tool. The full version of the tool, called Securify, was released in June 2018 and became the first easy-to-use, thorough security scanner for security vulnerabilities in Ethereum smart contracts.
The Securify security scanner visibly reduced the number of smart contract hacks by automatically detecting generic security vulnerabilities. Guided by real-world functional requirements for smart contracts, the team designed VerX, the first system able to automatically verify the functional correctness of smart contracts. VerX marks a major milestone in smart contract verification as it reduces the effort required to formally certify a contract by orders of magnitude.
Last-minute security flaw prevention
In addition to its work on state-of-the-art security tools, ChainSecurity received international recognition by preventing a security flaw in a planned software update to Ethereum, the biggest blockchain platform. The discovery of the vulnerability required an urgent delay of the update, decided hours before it was about to take place throughout the world.