OpenZeppelin, a blockchain software company known for developing one of the most used implementations of the Ethereum ERC-20 contract, announced on Tuesday the release of a developer suite called Defender.
The tool helps automate many of the development operations associated with running Ethereum-based DApps. It provides a simple dashboard to manage upgrades and admin operations for existing smart contracts, which can help developers keep track of changes.
Other features include a transaction relayer that simplifies integrations with web-based backends, automated tasks like logging or oracle updates and a general knowledge base of best practices in development.
The company says that normally these features need to be developed independently by every team, which diverts time and effort from actual smart contract deployment.
OpenZeppelin’s chief technology officer, Jonathan Alexander, told Cointelegraph that this suite could help mitigate hacks in decentralized finance:
“Multiple exploits we’ve seen in DeFi this year, such as those in YAM, Uniswap, dForce, and Hegic, could have been avoided or reduced by following a careful security process, but teams lack a comprehensive system that fully informs them on security best practices and how to assess risk.”
The knowledge base shows how to mitigate some of the core issues that led to the hacks, for example the reentrancy attack used on dForce, according to a presentation shown to Cointelegraph.
Beyond the ease of access to best practices, Alexander said that a quick response tool could have reduced the loss of user funds in situations similar to the bZX and Opyn hacks.
The team decided to build the tool following conversations with developers, who “were spending months and months of precious time trying to build their own infrastructure and tools,” Alexander said. “OpenZeppelin Defender is the first SecOps [security operations] platform for Ethereum and as such is a critical addition that the ecosystem has been missing.”
Defender is free for use on testnet, but requires a paid subscription for production use.
It comes as new security and development tools are being released to simplify the process of developing a DApp. On Monday, CertiK announced the release of a blockchain that would create a more liquid market for security audits and scoring.