Solidified

From Bitcoin Wiki
This is the approved revision of this page, as well as being the most recent.
Jump to: navigation, search
Solidified logo

Solidified is the #1 full-audit service for smart contracts. Having helped secure companies like Gnosis, Polymath, Bankera, Melonport and more than 40 others, Solidified has established itself as the leader in a high-quality technical audit on Ethereum.

Solidified has the largest (200+) community of Solidity experts and incorporates all stages of technical smart contract due diligence into a single platform in order to bulletproof smart contracts.

The company has been operating since November 2017. Since then, they have performed over 50 audits securing over 85M EUR.

Solidified's first ICO is scheduled to go live on July 23rd, 2018, at 00:00 (UTC+2).


Solidified Review[edit]

Name[edit]

Solidified takes its name from Solidity language and carries the spirit of "hardening" your code through many iterations of peer-review. Solidity is the most popular smart contract programming language.

Fully Decentralized Smart Contract Audit Process[edit]

Smart contracts are the foundation of a decentralized economy. But ongoing hacks, allowed by poor code quality and insufficient audits, put mass adoption at risk. Automated solutions cannot account for the ever-evolving logic and use cases of smart contracts. With their proven process, the bug prediction market and the Solidifed stamp, Solidified offers a reliable standard for smart contract security and trust.

Securing a smart contract is a multi-step process. Solidified is the only platform where the entire technical due diligence lifecycle is performed.

  • Phase 1: Multi-expert Audit

Several highly-competent Solidity auditors perform an isolated and unbiased review of your contract. Each of them sits down 1:1 with the contract and prepares an audit report. After each auditor finishes their individual report, they enter into a group debrief. During the debrief, they discuss the validity of each found issue and cross-check each other for quality. From the group consensus, the final combined report is prepared and delivered to the client. The report contains issues in different categories and recommendations on how to fix each issue.

  • Phase 2: Fixes and Verification

Client addresses the issues found and submits the updated version of the contracts. Solidified uses the same auditors as assigned in Phase 1 to verify that the issues have been fixed and no new vulnerabilities have been introduced. After the verification is complete, the audit report is amended, stating which issues have been addressed, and final version is sent to the client. (An additional service is soon to be implemented, where the auditors can implement the fixes for the issues found on behalf of the client.)

  • Phase 3: The Bounty program

The client posts their contract on Solidified bounty platform where it is put in front of the entire verified expert community (150+). This is an optional, but highly recommended step, especially for more complex smart contracts. Client selects incentives for Critical, Major and Minor bugs found and funds the escrow account with the total bounty pool. After this, the contract goes live on bounty and recommended to stay there for at least 2 weeks. If a bug is found and approved (either by client or through community arbitration) the reward is automatically released from the escrow to the bounty hunter.

  • Phase 4: Bug Prediction Market (coming early 2019)

To further show confidence and transparency in the security of your code, a prediction market is automatically opened for your smart contract on whether a bug will be found in the deployed code within timeframe X. This feature is currently in development.

Bug Prediction Market[edit]

Solidified aims to significantly improve smart contract security by introducing the first fully decentralized smart contract audit process and Bug Prediction Market.

In a bug prediction market, actors can bet on whether a vulnerability will be discovered in a smart contract by a certain date. The basis for such a market is a smart contract that has been audited and secured by an individual or a group of auditors using the Solidified platform. These actors are held accountable for securing the code by having staked income and reputation in form of the SOLID token.

This new model diminishes the current problems of smart contract audits, namely:

  1. No consequences (Doing a bad or lazy audit job has no consequences for the auditor);
  2. False incentives (A single auditor or a connected group might choose to wait and exploit a bug when the smart contract is live); and
  3. Lack of trust (There is no accurate security confidence metric that determines how secure any given smart contract is, producing a lack of trust in projects and leaving room for scams)

The system ensures that incentives in the audit process are re-aligned. By holding actors accountable for the assurances they made when auditing a code through the staked income and reputation in form of the SOLID token, the Bug Prediction Market:

  1. Incentivizes reporting bugs found in deployed contracts rather than exploiting them.
  2. Serves as an early warning system that a vulnerability will be discovered.
  3. Provides an economic measure of confidence in a deployed contract’s security.
  4. Allows bug hunters to be rewarded for evaluating a smart contract, even if it’s bug-free.

SOLID Token[edit]

The core of the Bug Prediction Market is the SOLID Token. This token is to be used to (i) purchase security audits, (ii) place bids for audit jobs, (iii) back security assertions, (iv) fund and participate in bug bounties, (v) open and trade in bug prediction markets, and (vi) participate as a juror in the bug verification oracle.

The SOLID Token is planned to be an ERC20 token with a maximum total supply of 4,000,000, and no inflationary mechanism. Token burning would be used in the event of a fork. A fork results in the destruction of the original token and tokens can only be migrated to one of the competing forks. This would permanently decrease the token supply (more accurately, split it), but is not expected to occur often

Token Sale Details[edit]

This ICO has a static price token sale that only accepts payment in ETH. The cost of 1 SOLID token is 0,015 ETH (ERC20, divisible). No soft caps, refunds or token burning are planned. A combination of max participation limit and KYC help protect against whale participation. Only whitelisted contributors are allowed to participate. There’s a 6-month non-transferable period on all tokens, from the end of the main sale. The token sale priority is given to auditors, developers, security experts, and Ethereum projects to encourage the proper use of the token.

Minimum Participation: 0.5 ETH

Maximum Participation: 100 ETH

Buy SOLID Tokens[edit]

Detailed instructions on how to purchase SOLID tokens can be found in https://token.solidified.io/

External links[edit]

See also[edit]

Resources[edit]

https://token.solidified.io/files/Solidified_Whitepaper.pdf – Solidified Whitepaper