Can we get a thread of all the random things DeFi builders should do before their contract holds $25M? As in, if you are a person considering putting your money in a DeFi thing and they haven't done this, it's a big red flag?
Show this thread
-
Need to do real work. Shouting out ppl I know have valuable insights on DeFi-specific or good security culture stuff.
@rleshner@samczsun@trailofbits@OpenZeppelin@nanexcool@ChrisBlec@WhinfreyChris@Corpetty@Magoo@sniko_@hosseeb@el33th4xor@thegrifft@fubuloubu@jespow
"Evaluate your code for known flaws and ensure the absence of them." Reentrancy is extraordinarily well-understood and many tools are able to catch it, including Slither and @CryticCI.https://github.com/crytic/slither#detectors …
-
-
Understand and document your data, trust zones, and required controls in a threat model https://github.com/trailofbits/publications/blob/master/reviews/voatz-threatmodel.pdf … Define and continuously evaluate your system for security properties critical to its function https://github.com/trailofbits/publications/blob/master/reviews/BalancerCore.pdf …
-
If you import, copy, or otherwise depend on third party code, take the time to understand its own security properties deeply. https://github.com/trailofbits/publications/blob/master/reviews/compound-2.pdf … Build an incident response plan for when things go wrong and test it regularly.https://blog.trailofbits.com/2018/10/29/how-contract-migration-works/ …
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.