ICP Blockchain Audit Tools - Quite basic?

I know the Devs are really busy on some excellent projects which will really push the capabilities of the IC to new highs. The integration with BTC and ETH will be awesome and could lead the IC to become the transaction/ defi layer of those blockchains.

With the implementation of these integrations and SNS capabilities it is likely that some very interesting projects will emerge. This leads to an interesting question –
How can I audit the smart contract ‘canisters’ that I am interacting with? The blockchain and crypto industry is built on the premise of transparency and trustless interactions however devs/ projects on the IC can hide their code in canisters. This is potentially good for security however completely kills the trustless nature of blockchains. It might make it very easy to create rug-pulls or apps that don’t do what they say they do.

Furthermore, on the topic of transparency, the current ICP dashboard is very basic from an audit point of view. I was recently trying to work out if two large accounts were wash trading NFT’s… the tl;dr it’s almost impossible to ‘follow the money’ with the current tools. I’d like to see a blockchain explorer with tools that empower users to effectively audit and explore transactions. For example - visually showing the relationship between accounts and exchange/ marketplace canister labelled when viewing transactions.

I’m interested on people’s thoughts on this.


I think one starting point is Cover, which lets developers prove that their canister’s code matches its open source code.

For DeFi and other sensitive dapps, making the canister autonomous (and thus no longer controlled by anyone) is probably a good next step.

I’m especially interested in the possibilities between “unilaterally controlled” and “fully autonomous” canisters. The former is web2. The latter is Ethereum.

SNS makes possible “community governed” canisters. That’s one possibility. But I believe there are other hybrid models that are yet to be properly explored. For example, is it possible to have a canister that’s closed source but verified by a 3rd party canister (which itself is open source and possibly autonomous)? In other words, verification-as-a-service… but completely trustless? Just spitting out random ideas…

1 Like