Ethereum applications of over 1.2 million have used few-known security tool to assist them in preventing expensive bugs that have occurred due to spontaneous execution of the line of code, referred to as smart contracts.
Security tool was Introduced by Ethereum technology-based startup, Amberdata way back in October. The security tool can be accessed by everyone and is a free tool; used to analyze the security of active applications over the Ethereum blockchain. Errors in Smart contact have resulted in huge losses which could be around hundreds of millions.
The automatic service tool scans for regular vulnerabilities that have been detected in smart code and produces a specific rating such as A, B or C mainly for the security of decentralized applications (dApps).
The feature is one of the important ones, out of various tools that are supporting top practices and also increasing the level of transparency among dApp developers and end-users within the Ethereum coding system.
The feature has been in the web space for a certain period of time. In a press release, the CEO of Amberdata Shawn Douglass underlined the perspective of the security grading tool of Amberdata that, the vision is to offer better access and also improve the visibility into smart contracts. Shawn Douglass further added, “By offering these security tools to the society we hope that we will be able to reduce external dependencies and allow the society to create rapidly and more securely”.
Identically to this, another Privacy-minded browser in recent time, DuckDuckGo has introduced a Chrome browser extension other than the dApps, which is used to rate websites with a grade letter. This browser extension will permit users insight on how badly the service administrators safeguards the privacy of users or how good it manages to protect user privacy.
The DuckDyckGo’s blog post published in January 2017 states its mission by saying, “The vision of the company is to increase the quality of the trust through online.”
Process of rating the applications
The CTO of Amberdata Joanes Esponal mentioned that, indicating to the 13 kinds of bugs scanned automatically by the program has connected all the vulnerabilities to “engine lights dashboard”. “It actually states that I only need to examine what’s going with the car. Any effect of these can result in security bug.”
When Amberdata’s security scan detects more security bugs, the dApp will receiv lower of an alphabet letter grade. The rating varies from an A+ to down to an F.
They completely don’t depend on the number of security bugs. The 13 vulnerabilities hold different levels of severity. The degree of severity will affect the final grade of the dApps. There are 2 vulnerabilities that have less severity namely “delegate call to a user-supplied address” and “message call to external contract” Espanol mentioned.
How to achieve A+ grade letter rating
Vulnerabilities with high severity will significantly impact the security rating of the applications even harder. High severity will specify an error code of greater potential and even exploit.
The dApp developers should reframe from some features such as ‘sucide()’ and ‘tx.origin’. Described by Espanol as deprecated code and might be deleted from Solidity language in future. CryptoKitties security rating is A+ by Amberdata as of now.