Ethereum Devs Put Forth ERC-7512 Standard to Represent Audit Reports On-Chain
Ethereum (ETH) developers have introduced a new smart contract standard, ERC-7512, aimed at enhancing transparency and accessibility to smart contract audits for decentralized finance (DeFi) protocols.
The proposal was posted on the Ethereum Magicians forum by Richard Meissner, co-founder of Safe earlier this month, and has sparked lively discussions among developers.
Other notable contributors to the proposal include developers from OtterSec, ChainSecurity, OpenZeppelin, Ackee Blockchain, and Hats Finance.
The primary objective of ERC-7512 is to establish an on-chain representation of audit reports that can be parsed by contracts, enabling users to extract relevant information about the audits performed, including the auditors involved and the verified standards.
“The proposal aims to create a standard for an on-chain representation of audit reports that can be parsed by contracts to extract relevant information about the audits, such as who performed the audits and what standards have been verified,” the authors wrote.
“To provide strong guarantees about security and allow better composability, it is important that it is possible to verify on-chain that a contract has been audited.”
Developers Discuss Implementing ERC-7512
Although the proposal has received widespread support from the community, developers are engaging in detailed discussions regarding the implementation of the standard.
Dexara, founder of Callisto Network, suggested an alternative approach by utilizing a registry that organizes audits through non-transferable Soulbound Tokens, instead of introducing a new Ethereum standard.
“The idea of having on-chain audits is useful. However, the implementation proposed in this ERC is overcomplicated significantly.”
Meissner, in response, suggested that the ERC can be used within the context of a registry, cautioning against an overly centralized approach.
Shay Zluf added that the focus of ERC-7512 is to standardize what auditors should sign, rather than defining the registry itself.
“This ERC focuses on standardizing what auditors should sign, rather than defining the registry. The goal is to ensure consistent verification across the ecosystem.”
Meissner also highlighted that while security audits are valuable, they do not guarantee flawless code for protocols.
As an example, the recent launch of BANANA, the token associated with a Telegram trading bot, experienced a bug in its smart contract shortly after deployment, despite claims of undergoing two audits by the team.
Interestingly, a Twitter user named punk9059 ran BANANA’s code through the AI chatbot, ChatGPT, which quickly identified the problem.
Ethereum Devs Delay Launch of Holesky Testnet
Earlier this week, Ethereum developers had to delay the launch of the much-anticipated Holesky testnet, which failed to operate as intended as a result of a parameter mismatch.
Nethermind, an Ethereum client team, said a relaunch would likely take place in one week’s time, suggesting Holesky could go live as early as this Friday.
However, Barnabus Busa, a DevOps engineer for the Ethereum Foundation, published a GitHub pull request suggesting the relaunch should occur on September 28.
“It’s extremely likely that we relaunch the network with new genesis files and have the network up ~two weeks from now,” said Paritosh, an Ethereum foundation DevOps engineer.
We're waiting on a decision, but it's extemely likely that we relaunch the network with new genesis files and have the network up ~two weeks from now.— parithosh | 🐼👉👈🐼 (@parithosh_j) September 15, 2023