Skip to content

Latest commit

 

History

History
62 lines (44 loc) · 3.87 KB

readme.md

File metadata and controls

62 lines (44 loc) · 3.87 KB

Solodit's Aggregated Smart Contract Audit Checklist

The checklist is hosted at Solodit

Introduction

In "The Checklist Manifesto. How to Get Things Right", Atul Gawande emphasizes the increasing prevalence of errors arising from oversight in complex tasks, advocating for the adoption of checklists as a solution, as demonstrated by their transformative impact on surgical outcomes.

In the ever-evolving landscape of blockchain and smart contract technologies, ensuring the security of deployed smart contracts has become paramount. In many instances, vulnerabilities are overlooked, not due to negligence, but due to the lack of a systematic approach in the review process.

Solodit aims to address this by introducing a comprehensive aggregation of various checklists used in smart contract audits. Derived from a myriad of sources and previously conducted audit reports, this checklist is intended to be a living document, constantly enriched and improved upon by the community.

Why Solodit's Checklist?

  1. Comprehensive Coverage: By aggregating checklists from numerous auditors and audit reports, Solodit ensures a holistic approach to smart contract auditing.
  2. Community-Driven: This checklist is open for the community to contribute and refine, ensuring that it is always up-to-date with the latest vulnerabilities and best practices.
  3. Building Automatic Analyzers: With a structured approach, this checklist can also pave the way for developing automatic analyzers in the future, elevating the audit process's efficiency and accuracy.

Goals

  • Standardize the Audit Process: By having a standard checklist, auditors can ensure they don't overlook any critical aspect of the smart contract.
  • Promote Collaboration: Encourage auditors, developers, and blockchain enthusiasts to contribute, ensuring a rich and comprehensive checklist.
  • Advance Security Maturity: As the blockchain ecosystem matures, it's paramount that the security protocols around it mature as well. This checklist is a step in that direction.

Usage

We show the checklist on Solodit's website in a user-friendly format and allow you to check off items as you go through the audit process.

However, you can also view the checklist in a raw JSON format here.

The checklist is divided into multiple categories, each containing a list of items to check for. Each item consists of an ID, an imperative statement, a question, a description, a remediation, and a list of references.

  • ID: A unique identifier for the check item.
  • Question: A question that can be used to help the auditor in the review process.
  • Description: A detailed description of the item.
  • Remediation: A list of steps to take to remediate the item.
  • References: A list of references to learn more about the item.

Contribution

We welcome contributions from the community. Issues and pull requests are encouraged. Contributions can be made from the Solodit website in a more user-friendly format as well. Please check out our contribution guidelines for more details.

Acknowledgements

The checklist is heavily inspired by the following resources:


Powered by Cyfrin - We value every effort to level up the Web3 security