When a smart contract has an exploitable bug, it can shake the very foundations of the application it supports. In 2018, Klevoya Founder and CEO Moti Tabulo realized that an opportunity existed for a service that could debug smart contracts. A technologist and entrepreneur with degrees in electronics and signal processing, he eventually found himself drawn towards the blockchain ecosystem.
According to Moti, “Writing secure smart contracts is a very highly specialized skill. There are only a few experts that actually know how to do that properly. And so relying on those few experts is really unscalable if blockchain technology is to fulfill the promise that we think it has. What’s really needed is an automated way of verifying smart contracts.”
Moti saw other blockchain networks struggling with scalability. “I wanted to focus my attention on a network that I think had solved that scalability problem which is why I decided to focus my attention on EOSIO.”
Tools for Secure and Functional Code
With a network chosen and his goal in mind, Moti says he chose the name Klevoya, inspired by the French word “clairvoyant”, meaning one who can see the future. He wanted to give developers the supernatural ability to see bugs in their code. “The way we do this is by building software-as-a-service developer tools that allow developers to easily test and verify the functionality of their smart contracts.”
On EOSIO blockchains, smart contracts control a number of critical permissions for digital rights, assets, and tokens. In addition, smart contracts feature open APIs, and when deployed on a public blockchain they are immutable. Once deployed, smart contracts become powerful tools that form the backbone of a blockchain application when proper precautions are taken to ensure security and functionality.
Today, tools built by EOS VC grant recipient Klevoya help developers audit and deploy secure code compatible with EOSIO 2.0 so that developers can perform robust testing on smart contracts to prevent hackers from hijacking tokens or otherwise disrupting system integrity. Hydra is one such tool built to test smart contracts for functionality. Now in beta, Inspect is another tool designed to run multiple tests for vulnerabilities without the need to maintain a local node.
Reaping the Benefits of EOS VM
Moti says his team stood on the shoulders of giants to create Hydra by modifying EOS VM, Block.one’s purpose built WASM for blockchains. Developers can use it to deploy secure EOSIO 2.0 compatible smart contracts, all without having to maintain a local node.
“Hydra gives you this really nice environment where you can write your test cases in a very granular and detailed way and then don’t have to worry about running a local node,” says Moti. “It also enables you to run tests in parallel, without being limited by block producing time. Plus you can also recreate different test scenarios, so if you’ve had a bug running on a live mainnet, you can recreate that very easily with Hydra.”
Deeper Analysis of Smart Contracts
While Hydra is already becoming a part of daily workflows for developers, Klevoya’s team is in the beta phase with another tool called Inspect, which will check smart contracts against known issues.
Moti explains how the code undergoes a process known as static analysis. “We develop an understanding of the whole smart contract, and mine the information, and look for patterns of known vulnerabilities to see whether those patterns are present in the smart contract.”
Moti says the tools will ultimately work together. “We like to think that developers will use our tools in different stages. Hydra is used when you’re in the process of developing your smart contract and it allows you to effectively run lots of different test cases without having to maintain a local node. Inspect on the other hand is specifically built to find known vulnerabilities.”
Enabling a Future Built on Blockchains
Moti says that in the future Klevoya would like to lead an initiative that leverages crowdsourced input by allowing members of the community to contribute collective documentation of vulnerabilities in a robust CVE format that cybersecurity organizations use. “Identifying vulnerabilities is sort of a community effort. There’s a lot of pooled knowledge that’s out there.”
Moti believes that eventually blockchains will be a household term. “At some point just like people don’t say cloud anymore, it’s a given that a web application runs with blockchain in the background. To make that future possible, we need to open up that pool of developers and allow as many people as possible to be able to write and develop smart contracts. So our intention is really to make writing secure smart contracts as easy as it would be to write front end web applications.”
The Team Behind the Toolkit
Klevoya Founder, CEO, Technology and Product Leader Moti Tabulo is a well-rounded serial entrepreneur. Klevoya is his third startup after two previous successes in software and robotics. He has a passion for taking products from an initial kernel of an idea, integrating customer feedback, and then scaling them for the market.
Lead Developer at Klevoya Christoph Michel has over a decade of experience in full-stack development and several years of smart contract development and auditing.
Klevoya Security Research Engineer Srinjoy Chakravarty has spent two years authoring and auditing smart contracts at several blockchain security firms. Prior to that, he worked for four years as a cybersecurity consultant at PwC.
Klevoya’s Software Engineer, Abell Wandili, graduated with a degree in computer science. To date, he has focused on improving Klevoya’s WASM decompiler engine.
Building on EOSIO?
Our #BuiltOnEOSIO series showcases some of the amazing projects leveraging EOSIO technology to build a more secure and connected world. If you would like to suggest a project for us to feature please send an email to firstname.lastname@example.org for our Developer Relations team to review.
– Block.one Developer Relations team
For more information on how EOS VC supports the EOSIO ecosystem through strategic investments and venture capital partnership funds, visit vc.eos.io.
. . .
Important Note: All material is provided subject to this important notice and you must familiarize yourself with its terms. The notice contains important information, limitations and restrictions relating to our software, publications, trademarks, third-party resources and forward-looking statements. By accessing any of our material, you accept and agree to the terms of the notice.