PricewaterhouseCoopers (PwC) Switzerland has brought in smart contract audit firm ChainSecurity, folding the company's technology and its expertise into the Big Four accounting firm, the companies announced earlier this week.
In what seems like an acquisition in all but name, the seven technical engineers are joining the accounting firm to bolster PwC Switzerland’s smart contract audit abilities.
After being spun out of the Swiss Federal Institute of Technology in Zurich (ETH Zürich) in October 2017, ChainSecurity has conducted more than 75 smart contract and blockchain audits globally and has had a long relationship with PwC Switzerland -- the company in the PwC network used by the Tezos Foundation for its external audit. Last year, ChainSecurity discovered an issue that delayed the Constantinople hard fork and issues with the Istanbul hard fork.
The team will continue to collaborate with the federal institute and work with its new employer to upgrade PwC Switzerland’s tools and make them more compatible with formal verification, or the mathematical proofs that test mission-critical source code to ensure it operates as programmers intended.
“For smart contracts in general, one can say that they represent modern business logic for companies,” said Hubert Ritzdorf, former chief technology officer at ChainSecurity and technical lead for smart contract assurance at PwC Switzerland. “If a stablecoin has a bug, you could create coins that are not properly backed by collateral.”
While formal verification was part of the team’s product suite before joining PwC, Ritzdorf and his colleagues plan to expand their offerings in the next generation of their products.
Usually tools that employ formal verification are used in high-risk industries like airplane engineering and space travel where organizations including Boeing or NASA use them, Ritzdorf added. In the crypto industry, where money is represented by digital units and dictated by code, traditional firms and start-ups are using formal verification to ensure it’s very unlikely that users can spend what they don’t have or lose what they do have.
The players in crypto that seek formal verification tend to be more serious, such as companies dealing with decentralized finance or stablecoins, said Daryl Hok, chief operating officer of blockchain cybersecurity company CertiK. The Libra Association also plans to create automated formal verification for its programming language, Move.
“We’re seeing more and more projects seeking out the rigor that formal verification provides,” Hok said. “Those are usually self-selecting and tend to be the most equipped teams and have enough capital to do these things.”
The clients that come to PwC Switzerland for blockchain audits tend to be majority enterprises from banking, manufacturing and trading, said Andreas Eschbach, partner and leader of risk assurance for PwC Switzerland and Europe.
“It has grown out of the startups and is becoming popular among companies that have been around 80 years plus,” Eschbach said.
With the legal expertise of PwC, the ChainSecurity team can go further than it was able to before in its analysis of smart contracts.
“The compliance step was always hard for us to do,” Ritzdorf said. “We just wrote down technically what the smart contract does and had to go to a law firm to check if it was legally compliant.”