Comparing HYDN Seal and ERC-7512: Onchain Audit Representations

hydn sushi banner image

Comparing HYDN Seal and ERC-7512: On-Chain Audit Representations

 

In the rapidly evolving world of blockchain and smart contract security, the need for transparent and verifiable audit representations has never been more pressing. Two notable initiatives in this space are the HYDN Seal, introduced in 2022, and the recently proposed ERC-7512.

 

HYDN Seal: A Beacon of Trust

 

HYDN, a blockchain security company specializing in SmartContract Audits, Web3 Penetration Testing, and Proactive Fraud Prevention, introduced the HYDN Seal in 2022 as a response to the growing distrust and security concerns within the Smart Contract Audit space.

HYDN Seal serves as a testament to the quality and authenticity of an audit. Here's what sets it apart:

 

- Provable Security: Each HYDN Seal is an ERC-1155 token stored on-chain, ensuring that all contracts have been audited. This on-chain representation eliminates the possibility of fake audit badges and provides an easy way for users to verify the authenticity and timeliness of an audit.

- Transparency: The token contains essential metadata about the audit, such as the contract bytecode's hash, the audit date, and a link to the report. This ensures 100% transparency and allows anyone to query the smart contract for validity.

- Code Validity: HYDN also take the time to ensure that the code that is deployed matches the code that was audited and do not issue aSeal without verifying this. This helps ensure that projects are not deploying un-audited code whilst claiming to have been audited.

- User-Centric: HYDN Seal showcases the audit date on the NFT, ensuring users are aware of when the contracts were last audited and if any modifications have occurred since the audit.

 

ERC-7512: Onchain Audit Representations

Proposed by a group of security researchers, including representatives from Safe, OtterSec, ChainSecurity, OpenZeppelin, and more,ERC-7512 aims to standardize on-chain audit report representations. The proposal emphasizes:

- Standardization: ERC-7512 introduces a uniform method for representing audit reports on the blockchain, eliminating the need for manual verification.

- Trust Establishment: By allowing users and dApps to verify audits conducted by reputable auditors, ERC-7512 aims to create an on-chain reputation system for auditors.

- Future-Proofing: The proposal is not just a one-time initiative. It paves the way for future extensions, such as support for additional standards and networks, enhanced handling of polymorphic contracts, and mechanisms for managing signing keys for auditors.

 

Problems With Trust For ERC-7512 

It suggests a project is secure

 

Users may trust a project more if ERC-7512 confirms it has been audited, but this doesn’t necessarily mean it can be trusted. Currently it places an emphasis on “positive audits”, so if four audit companies carried out audits and one found no issues, but three found a Critical Issue, it would still say the project has been successfully audited as it makes no mention of the findings.

This could lead to a user unknowingly trusting and using a protocol with a critical vulnerability.

 

No Easy Solution

 

Whilst both HYDN Seal and ERC-7512 aim to enhance transparency and trust in the blockchain ecosystem, they do both come with their own limitations. As covered above, ERC-7512 can lead to trust in a project that actually has vulnerabilities.

HYDN Seal mitigates this by verifying the deployed code matches the audited code, once a project makes changes to their contracts, the audit is then invalidated. The extra time in the audit lifecycle required to verify that deployed code matches audited code is also problematic. In our experience, some projects don’t deploy for months after an audit, meaning that our auditors have to go back in after a long wait to verify the code is the same.  

Conclusion

 

While ERC-7512 is a commendable community effort to standardize on-chain audit representations, it still comes with a number of problems including trust, implementation, over-complexity and more.

To learn more about HYDN Seal or book a Smart Contract Audit with our team fill in our Contact Form.

share