Smart contract security firm Certora raised $36 million in a Series B round led by Jump Crypto to fund development and port its flaw-detection technology to new blockchains.
Other participants in the round included Tiger Küresel, Galaxy Digital, Electric Capital, ACapital, Framework Ventures, CoinFund, Lemniscap, Coinbase and VMware, according to a draft blog post provided to CoinDesk.
Blockchain security breaches have hit the headlines this year with some creating nine-figure financial losses. They include $326 million for blockchain bridge Wormhole and $625 million for Ronin Network, the infrastructure behind popular play-to-earn game Axie Infinity.
Certora is designed to help developers detect and prevent security mistakes before code is deployed. The firm’s Prover tool is meant to complement human audits and bug bounties. Certora said it is currently securing $50 billion in decentralized finance (DeFi) assets. The product finds and displays any rule violations or formally proves that there aren’t any.
The company is led by Shmuel “Mooly” Sagiv, computer science chair at Tel Aviv University and a pioneer of formal verification, a field that uses complex mathematics to prove or disprove the correctness of an algorithm, such as the smart contracts on a liquidity protocol.
Certora currently handles only Ethereum Virtual Machine (EVM) compatible blockchains. The next focus is extending support to Solana, then branching out further toward Polkadot.
“What we want to do in the next year is to cover all of the blockchains,” Sagiv told CoinDesk in an interview.
How it works
Certora identifies violations of invariants, or rules that shouldn’t be broken, in smart contracts. The firm’s technology has identified bugs in Aave, Compound, Balancer and SushiSwap. Most of the bugs were discovered and fixed before the code was deployed.
For example, Certora prevented a critical bug in SushiSwap’s Trident liquidity pool contract. In Trident, users add funds to create the pool then earn fees for their lending and swapping activities. The fees are proportional to their share of the overall liquidity.
For a liquidity pool to work, there has to be a technical rule that as long as there are pool funds, user shares must exist since someone is providing that liquidity. A violation of that rule means that either the shares of the pool are worthless or the funds exist but can’t be claimed by the users.
In the case of Trident, the Certora Prover found a rule violation that could have allowed an attacker to drain the pool’s funds. The sorun was identified and corrected before the code was deployed.
“Powered by world-class experts, Certora leverages formal verification to employ a suite of scalable and robust products that offer much higher reusability and granular testing,” said Jump Crypto partner and investments head Saurabh Sharma in a statement.
Read more: How Do Ethereum Smart Contracts Work?
Save a Seat Now
View All Prices
Sign up for The Node, our daily newsletter bringing you the biggest crypto news and ideas.