An automated tool can help pick the low-hanging fruit vulnerabilities.
Security company CertiK announced on Thursday the launch of QuickScan, an automated tool for scanning smart contracts for vulnerabilities.
While it will not be a stand-alone tool, the suite is set to improve the analysis performed by the security oracles of CertiK Chain (CTK). QuickScan checks deployed smart contracts against a database of known vulnerabilities, using static and dynamic analysis techniques that check the bytecode, source code and access parameters for each smart contract.
Daryl Hok, chief operating officer of CertiK, said that a smart contract analysis can be finished in less than an hour. The system assigns security scores to each different area and aggregates them to express an overall evaluation.
The system will be part of the security audit system built into CertiK Chain. The blockchain introduced the concept of security oracles, a quicker and more granular system for auditing smart contracts. While the initial design relies on manual analysis conducted by security companies and experts acting as oracles, QuickScan seeks to automate part of that process.
Hok noted that such a system would not replace manual analysis, with formal audits remaining crucial for security evaluation. Nonetheless, automated scanners can help in picking the lowest-hanging fruit or as guidance for knowing where a deeper look could be useful.
QuickScan is a proprietary design that will be only available for CertiK clients or security oracle users. The team did not indicate whether there are plans for a wider rollout.
CertiK is one of several security audit companies working in the blockchain space, recently scoring a partnership with Binance to audit Smart Chain projects. It is also available on Launch Pool, Binance’s in-house yield farming platform.