MELD Announces Hachi
MELD joins forces with Dr. Nguyen Anh Quynh to build the first auditing tools for Cardano smart contracts
Cardano (ADA) has recently announced that it has successfully conducted the Alonzo White Hard Fork. A Twitter thread confirmed that the network is now making blocks successfully and there had been no problems with the hard fork so far.
For those of you who don’t know, The Alonzo hard fork is a key moment along with Cardano’s roadmap, paving the way for smart contract functionality. Meaning, we are getting closer to having full-fledged DeFi protocols operating on the Cardano Blockchain!
Having the ability to deploy Smart Contracts is fundamental for the creation of DeFi on Cardano, but what about tools for ensuring the security, analysis, and auditing of these Smart Contracts?
We want to be a core contributor to the development and security of the DeFi ecosystem being built on Cardano and one of our first pursuits towards this effort is to perform in-depth research, technical writeups, and the development of the first auditing tools for Cardano Smart Contracts…
We’re very proud to finally announce Hachi!
The project builds the first low-level analysis & auditing tools for Cardano Smart Contracts.
The Hachi project is being advised by Dr. Nguyen Anh Quynh, one of the world’s leading security researchers. Being a public endeavor, our MELD engineers have been humbly supporting and inviting other researchers and engineers worldwide to join hands. The project has been working on forming the Security Standards for Cardano Smart Contracts and building the toolings required in the upcoming years.
Most of the research and technical writeups will be totally free and open-source for the whole ecosystem. Hachi is for the community, and by the community.
At this point in time, the team is in deep research mode to layout the correct foundation for Hachi. The main focus now is to analyze (Untyped) Plutus Core either statically in its pure form, dynamically through evaluation and interpretation, or compiling it to another intermediate representation for further analysis. Hachi is also following KEVM and IELE for progress and integration on that end. The key is to always reverse engineer from the low-level — what exactly is being stored on-chain, but support for high-level dynamic analysis is also possible in the future.
About — Hachi
Hachi focuses on analyzing Plutus Core, the on-chain form of the Cardano smart contract. By leveraging static and dynamic analysis, we can understand how the code actually executes on the blockchain, rather than code at a higher level. Thanks to this unique insight, we shall be able to comprehend and uncover things that other approaches may just too easily miss.
This project proposes to build a new analysis framework for the Cardano platform, in which we can reverse, debug, analyze and evaluate Cardano smart contracts. Once this foundation is ready, we would proceed to build a range of new toolsets including, but are not limited to:
- Smart contract debugger.
- Smart contract tracer/profiler/optimizer.
- Smart contract reverser.
- Smart contract vulnerability hunter.
Hachi is also closely following KEVM and IELE progress for future integration. The key is to always analyze code from low-level — what exactly is being stored and executed on-chain. Support for high-level code analysis is also considered in the future.
MELD — Hachi
Most of the research and technical write-ups will be totally free and open-source for the whole ecosystem, via our Github repo here. Read transcriptions of our past AMAs to learn more about how MELD’s founders, Hai and Ken, are making security a core element of the MELD protocol.
The MELD engineers are helping to build the toolsets for the whole compilation pipeline, the reversing engine, and other interactive utilities. This also includes things like scanners that search and filter on-chain scripts by security properties and patterns. The plan is to have standards and tools in place to help with the auditing process of the Cardano smart contract.
DISCLAIMER: These proposals are subject to change, as we progress with our research.
Dr. Nguyen Anh Quynh —Project SME
On top of all of this, Dr. Nguyen Anh Quynh has agreed to join the MELD advisory board where he will be able to further contribute to other areas of the MELD protocol.
Dr. Nguyen is a regular speaker at cybersecurity conferences such as Blackhat USA/Europe/Asia, Defcon, Recon, and many more. He also presented his research in academic venues such as Usenix, IEEE, ACM, LNCS. His contribution to the field (like his reversing trilogy) lays the foundation for various innovative works in the cybersecurity industry and academia.
He was also the Co-Founder and Head of Lab at Verichains, where he co-authored several security research papers and talks on Ethereum Smart Contract Security. He also led the team that built RK87 — a formal security verification tool for Smart Contract. As well as leading the team to audit DeFi projects like Kyber Network.
We are excited to join forces with Dr. Nguyen to build the first low-level analysis & auditing tools for Cardano Smart Contracts, and the evolution of Hachi as a toolkit for auditors over the coming months.
Stay Tuned — MELD
We think it’s essential for everyone to gain control of their financial lives and have equal access to financial instruments used by professionals, not just centralized institutions, governments, or the 1%. We want to provide financial freedom and control to the masses, including the unbanked.
We have a long-term goal to enable the $15 trillion that is currently locked out of the global economy, including 2 billion individuals worldwide that are either underbanked or have no access to banking services whatsoever, access to these tools. These are the people that are paying the highest fees, getting the worst customer service, and they are the ones that are having the most problems.
Our vision is to create an ecosystem that empowers individuals to regain financial control by providing them with the tools and services they need to manage their money on their terms. Whether that be creating a collateralized debt position (CDP) with cryptocurrency, earning an interest return for lending fiat to borrowers, or even participating in reward incentive programs, we strive to provide our users with the functions they need to manage their own financial lives.