EY Blockchain

blockchain.ey.com

Smart Contract & Token Review

Review the underlining code of smart contracts to increase confidence in blockchain-enabled transactions.

Security

Deter hackers in order to keep your digital assets secure.

Identify common vulnerabilities, mitigate potential exploits, and minimize the impact of new or unknown attacks by utilizing industry standards and creating customized tests.

Business logic alignment

Better understand the expected output of your digital agreement as it is implemented in the smart contract’s code.

Assess the smart contract’s compatibility with the system design and functionality as it is declared in the published documentation.

Create "what-if" scenarios

Through the Testing Studio, run pre-defined automated tests and simulate smart contract execution by configuring selected functions through a user interface.

Trust

Establish trust between counterparties in your ecosystem by supplying measures to assess the validity of smart contracts.

Transparency

Deliver insights about the behavior of the smart contract and design implications.

Reduced risk

Provide the information required to mitigate the operational and inherent risks in smart contracts.

Frequently Asked Questions

What is Smart Contract & Token Review?

The Smart Contract & Token Review (SC&TR) solution aims to increase confidence when interacting with smart contracts. This is done by enabling the user to run hundreds of industry standard and custom developed testing scenarios. Each test result is accompanied by a detailed description about the purpose and logic of the test and its results to help the user understand any flaws or inconsistencies in the smart contract being reviewed.

How does the SC&TR solution work?

When you submit your code, it is scanned, compiled with the relevant solidity compiler version, and sent to our testing engine. The testing engine uses static code analysis on both the source code and the Solidity AST, and a customized EVM (Ethereum Virtual Machine) dynamically simulates various testing scenarios.

Do I need any additional tools in order to review my contract with the SC&TR solution?

No, the solution has a rich UI that interacts with its testing engine, so just drop in your code and click scan for detailed results. No installation or integration with other tools are needed.

What type of blockchain do you support?

EY currently focuses on the Ethereum blockchain. With the SC&TR solution you can review smart contracts implemented in any available Solidity version.

Who should be using the SC&TR solution?

Blockchain specialists (or just tech-savvy) developers, auditors, compliance and risk teams, token economy investors and in general, just about any person or enterprise looking to assess a smart contract.

What is Functionality Testing?

Functionality Testing aims to verify that a smart contract behaves as expected. The free beta version of the SC&TR solution does so by validating compliance with The ERC-20 standard, both by reviewing the needed syntax and by simulating various scenarios that are part of the ERC-20 standard core functionality.

What type of security tests do you support?

The application covers common security vulnerabilities such as underflow/overflow, unsafe changes to smart contract state, use of deprecated or unsafe keywords, short address and more. The list of security tests is constantly being updated as we progress with our research and development.

Should I only use the SC&TR solution for contracts that have already been deployed to the Ethereum mainnet?

Not at all, actually the primary benefit of the SC&TR solution is utilizing it prior to deployment. Users have found it to be most useful as part of the development process or as a code validation method before you deploy a contract to the mainnet . Once it is deployed, it becomes immutable, and in most cases this means that you will be unable to fix bugs or mitigate risks stemming from security vulnerabilities.

Ready to get started?