Metropolis Wants to Make It Easier To Spot Faulty Smart Contract Permissions
Exclusive: No technical expertise required to visualize smart contract permissions
OV11/Shutterstock modified by Blockworks
Smart contract permissions have been at the center of many hacks in the cryptocurrency ecosystem since their inception.
Metropolis, a company committed to protect on-chain permissions, said it hopes to achieve this with the launch of “The Podarchy Explorer,” a spatial interface that allows users to visualize smart contract permissions.
“We’ve been doing a lot of thinking on how we can bring faulty permissions to the surface, because they pose both a security risk in terms of basic user funds, but they also undermine ownership itself,” Chase Chapman, governance researcher at Metropolis, told Blockworks.
Using the platform, users can search any on-chain entity — including externally owned accounts (EOAs), multisigs, and smart contracts — and identify all relevant connections and permissions.
“Governance tokens don’t mean anything if they don’t have permissions to govern,” Chapman said. “The Podarchy Explorer will surface those permissions and easily identify faulty permissions without having to deep dive into code.”
Specifically, the company has indexed two widely adopted vectors for on-chain control: Safe membership and OpenZeppelin access control. It intends this to enable users to search up any wallet and addresses associated with Safe membership and help them to view its permissions over associated smart contracts.
“The Metropolis team anticipates the Podarchy Explorer will reveal some major flaws and anti-patterns across the ecosystem, which is ultimately positive, as hidden faulty permissions are posing a massive threat to the entire space,” Chapman said.
Don’t miss the next big story – join our free daily newsletter.