Smart contract security firm Certora raised $36 million in a Series B round led by Jump Crypto to fund development and port its flaw-detection technology to new blockchains.
Other participants in the round included Tiger Global, Galaxy Digital, Electric Capital, ACapital, Framework Ventures, CoinFund, Lemniscap, Coinbase (COIN) and VMware (VMW), according to a draft blog post provided to CoinDesk.
Certora is designed to help developers detect and prevent security mistakes before code is deployed. The firm’s Prover tool is meant to complement human audits and bug bounties. Certora said it is currently securing $50 billion in decentralized finance (DeFi) assets. The product finds and displays any rule violations or formally proves that there aren’t any.
The company is led by Shmuel “Mooly” Sagiv, computer science chair at Tel Aviv University and a pioneer of formal verification, a field that uses complex mathematics to prove or disprove the correctness of an algorithm, such as the smart contracts on a liquidity protocol.
Certora currently handles only Ethereum Virtual Machine (EVM)-compatible blockchains. The next focus is extending support to Solana, then branching out further toward Polkadot.
“What we want to do in the next year is to cover all of the blockchains,” Sagiv told CoinDesk in an interview.
How it works
Certora identifies violations of invariants, or rules that shouldn’t be broken, in smart contracts. The firm’s technology has identified bugs in Aave, Compound, Balancer and SushiSwap. Most of the bugs were discovered and fixed before the code was deployed.
For example, Certora prevented a critical bug in SushiSwap’s Trident liquidity pool contract. In Trident, users add funds to create the pool then earn fees for their lending and swapping activities. The fees are proportional to their share of the overall liquidity.
For a liquidity pool to work, there has to be a technical rule that as long as there are pool funds, user shares must exist since someone is providing that liquidity. A violation of that rule means that either the shares of the pool are worthless or the funds exist but can’t be claimed by the users.
In the case of Trident, the Certora Prover found a rule violation that could have allowed an attacker to drain the pool’s funds. The problem was identified and corrected before the code was deployed.
“Powered by world-class experts, Certora leverages formal verification to employ a suite of scalable and robust products that offer much higher reusability and granular testing,” said Jump Crypto partner and investments head Saurabh Sharma in a statement.
Read more: How Do Ethereum Smart Contracts Work?
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.