September 28th, 2020
As we move past the summer of Covid-19, we want to let everyone know that the ETA has been hard at work creating the EthTrust Registry system as described below. In fact, it is even better, more robust, scalable and flexible than initially conceived thanks to the hard work and collaboration from the core team. The smart contract and system has been designed and implemented by Pierre-Alain Mouy and Jonathan Prince from NVISO and Cory Dickson, and the worker based flow than manages the data processing and business logic is coming together nicely.
In the coming months expect some major announcements from EthTrust as we deepen our relationships with the Enterprise Ethereum Alliance, Ethereum.org, Ethereum OASIS, Etherscan and more. Wouldn’t it be nice if all those DeFi projects had ETA badges on their contracts?
The Ethereum Trust Alliance is alive and well, and we hope that all of our friends and supporters are staying safe, healthy and productive. Take care!
April 17th, 2020
We would like to formally welcome NVISO to the Ethereum Trust Alliance. NVISO is a top tier cybersecurity consulting company with expertise in traditional web 2 security solutions as well as web 3 based blockchain and smart contract security. Pierre-Alain Mouy is the Director of the NVISO Frankfurt office, and will be taking lead on the smart contract registry along with some of the front end UX work as we quickly approach POC and Beta. We are very proud to have NVISO as a member of the ETA! Look for more updates over the coming weeks.
February 4th, 2020
Today we are very pleased to announce the formation of the Ethereum Trust Alliance (ETA). The ETA is a group of global blockchain security companies that are creating a security rating system for smart contracts to help users gain greater awareness of smart contract security and differentiate contracts which have gone through rigorous security checks.
The Ethereum ecosystem is growing, but for it to truly become a global settlement layer for all types of transactions across all types of industry sectors, there must be an indicator of the level of trust in the security of smart contracts that power those transactions. Automated analysis tools and audit firms have become more sophisticated in the ways in which they can assure a developer that smart contract security issues are found and fixed. The industry has further made sure that best practice guides, and lists of known vulnerabilities are well known. Yet for the industry to further evolve, we believe that a ratings system for security in smart contracts is absolutely necessary.
Why do we need security ratings?
In order for Ethereum to be trusted for financial transactions and management of large stores of value via decentralized applications, users and institutions must have more accurate information regarding risk. As we have seen many times, it only takes one small flaw in smart contract code to lock up or lose tens of millions of dollars in an instant Today there is no way to easily tell that one smart contract has been through a full security audit by a professional team while another has not, yet we click the send button anyway.
Credit ratings agencies such as Moody’s are designed to inform the public about the relative risk associated with a particular financial asset. Similarly, ETA ratings are designed to signal to the Ethereum community which smart contracts have been through certain levels of rigorous testing to help ensure that vulnerabilities have been addressed. The higher the ETA level the lower the associated risk.
How will ETA ratings be used?
The ETA will create a registry of smart contracts, where anyone can easily query the security rating level of a smart contract. With this, a variety of use cases will be enabled. Ethereum wallet users will see a contract’s security rating before they send tokens to it and executives and investors will be able to easily determine the risk level of smart contract systems. Exchanges can require a specific ETA rating level before new tokens are listed. Multi-member consortia with smart contracts created by multiple entities can require an ETA rating before they are published, and organizations will be able to include the ETA ratings in their internal (or external) risk analysis and assessment.
If only we had these ratings during the ICO boom of 2017, we believe that many of us who were woefully uninformed about fundamental risk indicators would have had the information required to make better decisions.
This announcement of formation concludes Phase 1 of the ETA. We are now beginning work on the of first specification to be delivered in Q1 2020, which will include:
1. Rating level definitions and requirements
2. Security tools and auditor requirements
3. A process for the application and issuance of ratings badges
4. Specifications for the API and registry.
After publishing the specification, we will begin community trials and testing of the API and Registry as we prepare to go live.
We thank you for your interest and support!