An automated tool can help pick the low-hanging fruit vulnerabilities.
Security company CertiK announced on Thursday the launch of QuickScan, an automated tool for scanning smart contracts for vulnerabilities.
While it will not be a stand-alone tool, the suite is set to improve the analysis performed by the security oracles of CertiK Chain (CTK). QuickScan checks deployed smart contracts against a database of known vulnerabilities, using static and dynamic analysis techniques that check the bytecode, source code and access parameters for each smart contract.
Daryl Hok, chief operating officer of CertiK, said that a smart contract analysis can be finished in less than an hour. The system assigns security scores to each different area and aggregates them to express an overall evaluation.
The system will be part of the security audit system built into CertiK Chain. The blockchain introduced the concept of security oracles, a quicker and more granular system for auditing smart contracts. While the initial design relies on manual analysis conducted by security companies and experts acting as oracles, QuickScan seeks to automate part of that process.
Hok noted that such a system would not replace manual analysis, with formal audits remaining crucial for security evaluation. Nonetheless, automated scanners can help in picking the lowest hanging fruit or as guidance for knowing where a deeper look could be useful.
QuickScan is a proprietary design that will be only available for CertiK clients or security oracle users. The team did not indicate whether there are plans for a wider rollout.
CertiK is one of several security audit companies working in the blockchain space, recently scoring a partnership with Binance to audit Smart Chain projects. It is also available on Launch Pool, Binance’s in-house yield farming platform.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.