Metropolis Wants to Make It Easier To Spot Faulty Smart Contract Permissions

Exclusive: No technical expertise required to visualize smart contract permissions

article-image

OV11/Shutterstock modified by Blockworks

share

Smart contract permissions have been at the center of many hacks in the cryptocurrency ecosystem since their inception.

From recent the Wormhole counter exploit to Euler finance’s hack and the bZx DAO ruling, identifying faulty smart contract permissions could help protect the broader cryptocurrency ecosystem.

Metropolis, a company committed to protect on-chain permissions, said it hopes to achieve this with the launch of “The Podarchy Explorer,” a spatial interface that allows users to visualize smart contract permissions.

“We’ve been doing a lot of thinking on how we can bring faulty permissions to the surface, because they pose both a security risk in terms of basic user funds, but they also undermine ownership itself,” Chase Chapman, governance researcher at Metropolis, told Blockworks. 

Using the platform, users can search any on-chain entity — including externally owned accounts (EOAs), multisigs, and smart contracts — and identify all relevant connections and permissions. 

“Governance tokens don’t mean anything if they don’t have permissions to govern,” Chapman said. “The Podarchy Explorer will surface those permissions and easily identify faulty permissions without having to deep dive into code.”

Specifically, the company has indexed two widely adopted vectors for on-chain control: Safe membership and OpenZeppelin access control. It intends this to enable users to search up any wallet and addresses associated with Safe membership and help them to view its permissions over associated smart contracts.

“The Metropolis team anticipates the Podarchy Explorer will reveal some major flaws and anti-patterns across the ecosystem, which is ultimately positive, as hidden faulty permissions are posing a massive threat to the entire space,” Chapman said.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Unlocked by Template (10).png

Research

Innovations on Aptos’ technical design through Raptr, Shardines, and Zaptos approach near-optimal latency and throughput by unlocking 100% utilization of network resources, with the capacity to settle 260k transactions per second with latencies less than 800ms. The original Move language was revamped with the launch of Move 2, supporting more expressivity in smart contract logic and a scalable ability to interact with high volume datasets. The ecosystem has benefitted from strong asset inflows, now hosting over $1.3B in stablecoins, $450M in bridged BTC, and $530M in RWAs. Activity in the Aptos ecosystem has grown notably over the past year, with monthly application revenue reaching ~$835k and monthly DEX volumes growing to over $5B, both at new all time highs.

article-image

Also, only three tokens have outperformed bitcoin so far this year: XMR, HYPE and SKY

article-image

The fund group has submitted proposals in recent months for other funds that would hold litecoin, solana, XRP, HBAR, Sui and others

article-image

Momentum’s back — BTC leads, risk assets follow

article-image

Ondo Finance’s acquisition of blockchain development company Strangelove follows its buy of Oasis Pro

article-image

Cryptocurrency and stock traders alike had a lot to unpack Wednesday

article-image

The government says Storm was a money-hungry aid to criminals; the defense says it’s not his fault that people used his code for illicit activities.