Along with Scilla, developers will be able to utilise additional security resources to fortify their smart contracts
Singapore — Zilliqa, the high-throughput blockchain platform, has partnered with ChainSecurity, a leading blockchain security provider, to develop a host of security tools and resources for the Zilliqa ecosystem. With the project’s existing emphasis on smart contract safety, evidenced by its secure-by-design smart contract language, Scilla, the collaboration looks to address the need for greater security standards and infrastructures in the blockchain industry.
ChainSecurity will be developing an extensible static analysis framework, allowing developers to identify security and correctness issues by automatically analysing the source code of their programs. The framework will support state-of-the-art control-flow, data-flow, and information-flow analyses, which are important prerequisites to verifying non-trivial security properties. ChainSecurity is a spin-off from the ICE Centre, a leading R&D lab focused on blockchain security at top-ranking European university ETH Zurich. Helmed by a team of seasoned security researchers, ChainSecurity has become a trusted partner of over 75 clients in the blockchain industry.
Additionally, ChainSecurity’s introduction of a security scanner will enable developers to also identify generic security vulnerabilities as well as design issues arising from poor coding practises. Having conducted professional security audits of Scilla smart contracts, ChainSecurity will be able to leverage its deep understanding of the language’s semantics in order to identify relevant security properties. The security scanner will be extensible, allowing the Zilliqa community to easily add more relevant security checks and vulnerability patterns over time in order to establish best practises for smart contract development.
Dr. Petar Tsankov, Chief Scientist and Co-Founder of ChainSecurity said,
The collaboration between the ChainSecurity and Zilliqa teams dates back to 2017 when we first conducted a security audit of the Zilliqa token. We look forward to further collaborating with the Zilliqa team and bringing our knowledge in building advanced security tools to the Zilliqa ecosystem.”
Scilla is a programming language designed with smart contract safety in mind. Developed by leading programming language researchers and designers in accordance to functional programming language principles, Scilla is amenable to formal verification, allowing developers to leverage mathematical proofs to ensure that their contracts are verifiably correct at the language level. Scilla addresses certain classes of vulnerabilities such as re-entrancy attacks and changes to critical state variables, which are present in today’s smart contract languages. Most recently, Scilla was peer-reviewed at OOPSLA 2019, a renowned global academic conference on programming languages and software engineering.
Amrit Kumar, President and Chief Scientific Officer of Zilliqa said,
From Scilla to our mainnet and smart contracts launch, security has underscored all areas of technical development at Zilliqa. For the past two years, ChainSecurity has played a key role in bolstering our network. As we continue to grow, these tools will help us proactively address any potential vulnerabilities along the way. Moving towards developing enterprise-grade solutions, we believe such collaborations will provide support to our growing community and enterprise partners whilst establishing a higher benchmark of security standards across the industry.”
This project marks the first step in the strategic collaboration between ChainSecurity and Zilliqa. Funded by Zilliqa’s Ecosystem Grant Programme, ChainSecurity will be developing the extensible static analysis framework and security scanner over the coming months. The two teams have already outlined follow-up collaborations which will target the development of additional security tools for the Zilliqa ecosystem.
Please leave your questions and comments below: