This article presents insights derived from the data obtained through the Solodit platform, showcasing the evolving landscape of market relevance and discernible shifts in error trends as observed during the audit process.
Warning
The data was collected on March 12, 2024. Keep in mind, things can change fast in this market, so the numbers might be a bit off now.
Introduction
Solodit is a free platform that gathers audit reports from multiple security companies and competitive auditing platforms.
With over 10,000 reports readily available, it’s a powerful tool for auditors looking to improve their vulnerability detection process.
Analysis
Amount of Issues Each Year
This graph shows the dramatic increase in vulnerabilities discovered each year. Between 2016 and 2023, the number of vulnerabilities found surged by a whopping ~19,642%.
The first upward movement became especially sharp in 2020, with the number of newly discovered flaws increasing another 476% by 2023.
TOP10 Sources by Number of Issues Found
Code4Arena currently holds the record for the highest number of vulnerabilities detected so far. However, the constantly evolving market of 2024 could see this statistic change.
Amount of Issues by Impact
Over ~42% of vulnerabilities fall into the LOW severity category. However, HIGH severity vulnerabilities still account for a concerning ~16.76%, highlighting the need for proactive security measures.
Amount of Issues by Type of The Protocol
The chart shows the number of errors detected in each protocol type, taking into account possible duplications of errors between different protocols. DEXes protocols rank first in the number of errors, with a slight lead over CDP (Collateralized Debt Position) protocols.
It is interesting to note that in 2023, there was a significant number of attacks on protocols such as DEXes.
More details about some of the largest hacks can be found here: https://www.linkedin.com/pulse/high-cost-inadequate-smart-contract-security-lessons-from-olisakwe-fyzdf
TOP5 Protocols by The Amount of Issues Found
This plot shows the protocol with the most vulnerabilities detected.
Leading the pack with the most vulnerabilities is the fixed-rate lending protocol Astaria, which participated in competitive audits on Sherlock and Code4Arena platforms, and underwent an audit by Spearbit.
What about languages?
Mastering vulnerability detection requires understanding smart contracts and their programming language concepts.
Solidity, Ethereum’s primary smart contract language, dominates the market with strong community support. By the end of 2023, its TVL reached $84.142 billion.
Vyper held strong for a while, but by year’s end, Rust had surged to the number two spot with a TVL of around $2.28 billion. This impressive rise is likely due to Rust’s unique combination of power and flexibility.
The year 2024 has witnessed a rise in audits of Rust-based protocols. This trend suggests growing user interest in Rust and potentially positions it as a strong competitor to Solidity’s dominance in the coming year.
Summary
This report analyzes data collected from reports published on the Solodit platform. While the findings offer valuable insights, it’s important to remember that the security landscape is constantly evolving. The coming years may bring significant changes that could impact the statistics presented here.
Read about the latest security news here:
And even more vulnerability analyses and security tips:
评论 (0)