EEA EthTrust Security Levels Specification Defines Smart Contract Security Certification Requirements for Ethereum Ecosystem
WAKEFIELD, Mass. – August 22, 2022 – The Enterprise Ethereum Alliance (EEA) today announced the publication of the EthTrust Security Levels Specification V1. Developed by the EEA EthTrust Security Levels Working Group, the new specification aims to make it quick and easy for auditors to define how to certify whether a smart contract has been through a full security audit by a professional team.
The blockchain space has exploded with a flurry of activity that has individuals and organizations deploying token contracts, adding liquidity to pools and deploying smart contracts to support a wide range of business models and important services. While there are a number of established firms that offer to check the security of smart contracts in the Ethereum ecosystem, there has been no standard set of tests, nor a common rating system, until now.
“The EthTrust Security Levels Specification V1 offers the first quality framework with broad industry backing and provides guidance on the requirements organizations need to certify a level of assurance, backed not only by the reputation of the auditor issuing the certification but by the collective reputation of the multiple security experts from many competing organizations who have contributed to this work,” said EEA Executive Director Dan Burnett. “I’d like to thank the EthTrust Security Levels Working Group for collaborating to ensure that this specification defines protections against a real and significant set of known vulnerabilities.”
The EEA EthTrust Security Levels Working Group is chaired by Chris Cordi of Splunk. The working group brings together EEA member representatives known primarily for their auditing and security expertise, including ConsenSys Diligence, The Depository Trust & Clearing Corporation (DTCC), Hacken, OpenZeppelin, Banco Santander and Trail of Bits, as well as security experts from broader-based members such as EY, JP Morgan, Microsoft, SAE, Splunk, and more.
“As the Ethereum blockchain industry grows, so does the need for a mature framework to assess the security of smart contracts,” said Cordi. “In particular, DeFi platforms have grown explosively in the past couple of years to collectively hold billions of dollars in assets, and they are frequent targets of exploits. This specification can help improve the security of these platforms and mitigate security risks.”
“This work is for organizations putting smart contracts on Ethereum blockchains. This specification allows new auditors to establish that they are working at the same quality level as their established peers. It also enables developers to learn what the industry knows, build better and manage security risks more effectively in their own work,” said EEA Technical Program Director Chaals Nevile. “The EEA is happy to complete this important first step in developing security standards to increase trust in the ecosystem of EVM-based blockchains, users, partners, and providers, especially as the need for effective security assessment only continues to grow.”
EEA EthTrust Security Levels Working Group Supporting Quotes
“The EEA EthTrust Specification has been years in the making and it’s exciting to see the release of the first specification. One of the main challenges with building such a standard has been the fast pace of the changes and discovery of new vulnerabilities in the smart contract systems, which are becoming increasingly mature and complex. The rise in complexity has increased the likelihood of security issues being hidden in a system’s code base. In the broader Ethereum ecosystem, it is increasingly difficult to measure a smart contract system’s security properties in a way that remains structured and comparable. The EEA EthTrust Security Levels Specification is the first cross-industry effort to formalize requirements for the security of such systems and a certification scheme that offers various levels of confidence. Having this framework in place will allow for increased investor and individual confidence in the contracts they invest in and interact with. As long-time contributors to the EEA’s EthTrust working group and specification, we sincerely hope this specification will contribute to the prominence of security measures in the software development lifecycle and the Ethereum ecosystem,” said Dominik Muhs, Sr. Security Engineer, ConsenSys Diligence, an EEA and EEA EthTrust Security Levels Working Group member.
“Smart contracts have proven to be vulnerable to exploitation due to inadequate coding practices and a lack of standards around the measurement of their maturity and reliability. The EthTrust Security Levels Specification will introduce much-needed standards that will bring increased safety and confidence to this space as the blockchain ecosystem continues to evolve. We are proud to be a part of EEA and look forward to supporting the Specification roll-out and its advancement,” stated Bill Izzo, Director, Information Technology Security at DTCC, an EEA and EthTrust Security Levels Working Group member.
“The EEA EthTrust Security Levels Specification is the most significant attempt to level the playing field for all crypto auditors and ultimately bring unparalleled levels of security, ethics, and trust to Ethereum blockchain technology. Contributing to the Specification in collaboration with major security players is integral to Hacken’s mission of making Web3 secure. The Ethereum EthTrust Security Levels ecosystem has more and more use cases, but exploits are becoming more prevalent too. Before initiating a transaction, there must be a way to tell how secure a contract or address is. With the Specification, leading crypto auditors, including Hacken, provide a baseline level of protection against known and consequential smart contract weaknesses,” said Yevhenii Bezuhlyi, Head of Smart Contracts Audits Department, Hacken, an EEA and EthTrust Security Levels Working Group member.
“We’re incredibly excited about the EthTrust Specification as it is the first step towards a more robust Web3 ecosystem. Getting security industry leaders and competitors together under one roof is essential for the adoption of security standards we can all trust,” said Michael Lewellen, Head of Solutions Architecture, OpenZeppelin, an EEA and EthTrust Security Levels Working Group member.
About the EEA’s EthTrust Security Levels Working Group
The Working Group’s mission is to develop standards for Ethereum and EVM smart contract security audits to benefit the ecosystem. The EthTrust Security Levels Working Group invites companies that are interested in participating in their ongoing work to reach out to [email protected] to become an EEA member. Current EEA members can get access to the EthTrust Working Group through the EEA membership collaboration portal.
About the EEA
The Enterprise Ethereum Alliance (EEA) enables organizations to adopt and use Ethereum technology in their daily business operations. The EEA empowers the Ethereum ecosystem to develop new business opportunities, drive industry adoption, and learn and collaborate. The EEA Community Projects provides a hub for open source development of code, APIs, standards, and reference implementations. To learn more about joining the EEA, reach out to [email protected] or visit https://entethalliance.org/become-a-member/.