Smart contracts are becoming the most critical piece of the Ethereum ecosystem as more and more Ether begin to flow through the sophisticated contract logic. The security and viability of the entire platform depends on the quality of the code that is behind all of the tokens, multi-sig wallets, exchanges, prediction markets and all the other contracts.
Crafting a viable and secure smart contract is no small task. Currently, there are few software developers who fully understand all of the nuances and pitfalls connected with building a viable smart contract. For these contracts, glitches affect not just contract developers but more importantly, the regular end-users who are not able to determine if a particular contract is safe and trustworthy. The impact of this is already visible, and there are already a significant amount of Ether lost due to technical contract issues. In short, these non-technical users can lose significant funds due to someone's incompetence, oversight or malfeasance. As a result, the Ethereum platform on the whole can be perceived as untrustworthy, immature or full of scams.
In response to these threats, the community has responded to this challenge. The Ethereum Foundation funds projects related to the security of smart contracts. Security experts work hand in hand with software developers to publish best practices, build static code analyzers, unit test suites, and community reviewed libraries.
Those tools, while needed and very much appreciated, will never replace the value of a human-led audit of a contract. As smart contracts are no more than a translation of someone's intention into computer code, only a human can completely verify whether a contract delivers on the intent of the creator and is properly and fully transcribed into code. These thorough audits, performed by top-notch security experts are the ultimate proof of smart contract quality.
Many startups are working on streamlining the process of smart contract audits so that it’s easier to find, brief and reward security experts. Additionally, just to be on the safe side, companies run a series of bounty programs before launching their services. In this system, auditors are rewarded for finding issues in the proposed contracts.
SolidStamp was created to connect these end-users and auditors. By providing a platform to verify and audit contracts, Ethereum becomes not just more useful but safer and more secure as well.
While the development of tools and services to improve the audit process is welcomed and very much needed, it does not directly benefit regular Ethereum users. These users still need to trust the service creators that every effort has been made to ensure their smart contracts are safe and properly audited.
This is why SolidStamp was born. We are an on-chain registry of smart contract audits and auditors. Auditors on SolidStamp create profiles and authenticate against GitHub and Twitter where everybody can check their real-life credentials and reputation. They SolidStamp contracts they verify as true on the blockchain so that the third party verification is made a permanent part of the Ethereum ecosystem. This information allows end-users to see not just the information about a contract but an independent verification that the contract is safe or not. If a contract or service has not been verified by an auditor, users can request for a particular security expert to investigate and certify its safety. Once authenticated, these experts can earn a reward for clearing the safety of the contract.
SolidStamp was created to connect these end-users and auditors. By providing a platform to verify and audit contracts, Ethereum becomes not just more useful but safer and more secure as well.Go to www.solidstamp.com