Ethereum-based startup Solidified is developing a decentralized, smart contract audit platform, aiming to make the process easier to arrange and to provide a transparent and accountable metric of smart contract security. The company recently conducted a Seed round with Innogy New Ventures to develop a new initiative in security — the Bug Prediction Market.

"Solidified is an established, full-service audit platform, having helped secure large Ethereum projects such as Gnosis, Polymath, Bankera and Melonport among 50+ others," said Eduard Kotysh, CEO and founder of the Solidified platform.

According to the Solidified ‘one pager,’ the platform has already gathered over 200 audit experts in its community. The market cap of audited firms has reached 400,000 ETH.

Debugging smart contracts

Bug bounty became a standard method for maintaining safety in a world of technological giants like Google, Facebook, eBay and others. As internal security audits are not 100 percent efficient, the companies provide rewards to their users who find and report bugs. “It occurs from the fact that audits by a single party don't always catch everything, so bug bounties are intended as a last line of defense to protect against that,” said Nick Munoz-McDonald, who is an auditor with Solidified.

The Solidified team is working to develop the first Bug Prediction Market, where smart contract security experts can stake on whether a severe vulnerability will be found in a contract by a certain date. Such users “are held accountable for securing the code by having staked income and reputation in the form of the Solid token,” according to the company’s white paper.

By introducing the Solid token, Solidified allows access to the largest community of smart contract security experts and holds them accountable via bug bounties and the Bug Prediction Market.

The problems and solutions

According to the Solidified team, there are three general problems in a smart contract audit that the Bug Prediction Market (and Solid token implementation) is aiming to resolve.

First, doing a low-quality audit job has no consequences: Demand is growing and the professional level of an auditor is hard to verify. Second, a single auditor or a connected group might wait and exploit a bug when the smart contract is live. Finally, there is no accurate security-confidence metric that determines how secure any given smart contract is, producing a lack of trust in projects and leaving room for scams.

Solidified aims to offer an alternative solution to these problems by implementing the bug bounties and the Bug Prediction Market. "In this system, every endorsement is economically backed by auditors. Auditors bid Solid tokens to take an audit job. Those who make incorrect assessments would have their stakes transferred to those who correct them during [the] bug bounty. The risk involved in securing smart contracts would be accurately modeled and capitalized, instead of externalized," explains the text of the white paper. According to the paper, this process will bring transparency and accountability to the entire smart contract audit segment.

According to the project's roadmap, Solidified is going to launch a beta version of the Bug Prediction Market on its testnet in Q1 2019, accompanied by extensive testing of the security-confidence metric. In Q3 2019, the startup plans to launch the Bug Prediction Market on the mainnet, giving a big start to the development of decentralized audits and the bug bounty platform. The token sale has already started and will last until October 23, 2018.