Cybersecurity services company CertiK has announced the launch of an automated QuickScan tool to detect vulnerabilities in smart contracts.
CertiK COO Daryl Hok said the QuickScan toolkit is designed to improve the analysis performed by CertiK Chain’s security oracles. QuickScan checks the involved smart contracts for known vulnerabilities using static and dynamic analysis methods.
In particular, the bytecode, source code and access parameters of each smart contract are checked. With this tool, analysis can be performed within an hour. The system puts down safety scores for each individual area, and then sums them up to give an overall grade.
Hawk noted that QuickScan will not work as a standalone tool, but will become part of the CertiK Chain security verification system. The main CertiK Chain launched last month and has a faster and more granular smart contract audit system.
The analysis was originally done manually by cybersecurity experts and companies. QuickScan now automates part of this process. Hawk added that such a system will not replace manual analysis, as formal verification continues to play an important role in safety assessments.
However, automated analyzers can tell you where to dig deeper when looking for vulnerabilities and what to pay more attention to. QuickScan is CertiK’s own development and will only be available to the company’s customers using its security oracles. CertiK executives did not say if they plan to implement QuickScan on a larger scale.
As a reminder, in February CertiK presented a demo and reference manual for its own programming language for smart contracts, DeepSEA.
