From 1ee714655071aa3cab27dea7c88c049fdeb7ab45 Mon Sep 17 00:00:00 2001
From: CyrusVorwald <90732384+CyrusVorwald@users.noreply.github.com>
Date: Mon, 24 Jul 2023 00:41:28 -0400
Subject: [PATCH] Create audit-readiness-checklist.md

---
 .../technical/audit-readiness-checklist.md    | 28 +++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 guidelines/technical/audit-readiness-checklist.md

diff --git a/guidelines/technical/audit-readiness-checklist.md b/guidelines/technical/audit-readiness-checklist.md
new file mode 100644
index 0000000..7f9f8b0
--- /dev/null
+++ b/guidelines/technical/audit-readiness-checklist.md
@@ -0,0 +1,28 @@
+# Audit Readiness Checklist
+
+This checklist provides an overview of the requirements that should be met before commissioning an audit for your project.
+
+- [ ] **Documentation:** Describe the project's architecture, functionalities, technology stack, and design.
+  - [ ] Create a state diagram defining every possible system state and state transitions.
+  - [ ] Create a logical flowchart depicting how data moves, where it goes, and what happens to it at each step.
+- [ ] **Internal Code Review:** Conduct an internal review of the project's codebase.
+  - [ ] Conduct internal threat modeling and assess vulnerability to identify potential security risks.
+  - [ ] Define the intended behavior of the critical components*, validate that the actual code aligns with the intended behavior, and document any discrepancies and improvements.
+- [ ] **Guard Rails:** Implement throttling and temporary halts when predefined metrics exceed their thresholds in accordance with [EIP-7265](https://github.com/ethereum/EIPs/pull/7265). Note that EIP-7265 is subject to change.
+- [ ] **Test Coverage:** Implement a minimum of 80% test coverage.
+- [ ] **Adherence to [software development guidelines](https://github.com/icon-project/community/blob/main/guidelines/technical/software-development-guidelines.md)**
+
+\* Critical components include but are limited to:
+* exchange of value
+  * transfer
+  * transferFrom
+  * send
+  * call
+  * delegatecall
+  * selfdestruct
+  * inline assembly code
+* access control
+  * onlyOwner or similar functions
+* fallback
+* external contract interactions
+* state variable operations