-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #100 from icon-project/audit-readiness-checklist
Create audit-readiness-checklist.md
- Loading branch information
Showing
1 changed file
with
28 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Audit Readiness Checklist | ||
|
||
This checklist provides an overview of the requirements that should be met before commissioning an audit for your project. | ||
|
||
- [ ] **Documentation:** Describe the project's architecture, functionalities, technology stack, and design. | ||
- [ ] Create a state diagram defining every possible system state and state transitions. | ||
- [ ] Create a logical flowchart depicting how data moves, where it goes, and what happens to it at each step. | ||
- [ ] **Internal Code Review:** Conduct an internal review of the project's codebase. | ||
- [ ] Conduct internal threat modeling and assess vulnerability to identify potential security risks. | ||
- [ ] Define the intended behavior of the critical components*, validate that the actual code aligns with the intended behavior, and document any discrepancies and improvements. | ||
- [ ] **Guard Rails:** Implement throttling and temporary halts when predefined metrics exceed their thresholds in accordance with [EIP-7265](https://github.com/ethereum/EIPs/pull/7265). Note that EIP-7265 is subject to change. | ||
- [ ] **Test Coverage:** Implement a minimum of 80% test coverage. | ||
- [ ] **Adherence to [software development guidelines](https://github.com/icon-project/community/blob/main/guidelines/technical/software-development-guidelines.md)** | ||
|
||
\* Critical components include but are limited to: | ||
* exchange of value | ||
* transfer | ||
* transferFrom | ||
* send | ||
* call | ||
* delegatecall | ||
* selfdestruct | ||
* inline assembly code | ||
* access control | ||
* onlyOwner or similar functions | ||
* fallback | ||
* external contract interactions | ||
* state variable operations |