Guides

Introduction

Suggest Edits

This topic describes the smart contract review service (SCR) provided by the ZAN system. The SCR service provides contract security support for developers to develop Web3 applications on blockchains, from design and development in the early stage, to release and launch in the last stage.

Why is a Smart Contract Review needed?

  • Code is Law
    Smart Contract is auto-execution, plus tamper-proof.
    It's hard to change once released.
  • Professional Security Service needed
    52% of monthly active developers started contribution in 2022.
    More and more developers need professional security service.
  • Avoid Web3 Exploit Loss
    More than 300+ security events, $3.7B lost;
    30% caused by smart contract vulnerabilities.

What services can Smart Contract Review offer?

  • Static Analysis
    • More than 150 rules, including customized rules for multiple token standards and financial models.
    • Covers general vulnerability, code conventions, GAS optimization, complier bugs.
    • More than 90% detection rate.
    • Support Most Execution Environments in Ethereum Ecosystem.
  • AI powered Fuzz Testing
    • An intelligent fuzzing engine that efficiently explores millions of code paths by learning the input structure and transaction histories.
    • Instrumented check-points derived from massive real vulnerabilities.
    • 10x code & behavior coverage than manual written test cases
    • 100% newest exploits immunization with daily-updated vulnerability database
  • Formal Verification (Symbolic Execution)
    • Sound: Strong correctness guarantee  using symbolic execution to explore all possible contract behaviors under any input
    • Efficient: adoption of abstraction techniques to resolve state explosion problem. Capable of verifying
      real-world contract with 7k+ loc !
    • User-friendly: Flat learning curve on API-like specification language, no need for any formal logic related  background knowledge
  • Expert Review
    • Service is delivered by experts from AntChain OpenLab.
    • 10+ zero day bugs in web3 projects with accumulated TVL over $300M
    • Pwnie Awards "Most Innovative Research" candidate in 2021 and 2022 Multiple Winners of TFC and GeekPwn
    • 50+ flagship conference papers in cyber security, eg. CCS, USENIX Security, OOPSLA, Blackhat USA/EU/Asia, CanSecWest, Defcon, Zer0Con, HITB

Contact us

 Visit the homepage of the ZAN official website to contact us.

Updated about 1 year ago