Can we get a thread of all the random things DeFi builders should do before their contract holds $25M? As in, if you are a person considering putting your money in a DeFi thing and they haven't done this, it's a big red flag?
Show this thread
-
"Evaluate your code for known flaws and ensure the absence of them." Reentrancy is extraordinarily well-understood and many tools are able to catch it, including Slither and
@CryticCI.https://github.com/crytic/slither#detectors …
Understand and document your data, trust zones, and required controls in a threat model https://github.com/trailofbits/publications/blob/master/reviews/voatz-threatmodel.pdf … Define and continuously evaluate your system for security properties critical to its function https://github.com/trailofbits/publications/blob/master/reviews/BalancerCore.pdf …
-
-
If you import, copy, or otherwise depend on third party code, take the time to understand its own security properties deeply. https://github.com/trailofbits/publications/blob/master/reviews/compound-2.pdf … Build an incident response plan for when things go wrong and test it regularly.https://blog.trailofbits.com/2018/10/29/how-contract-migration-works/ …
-
Avoid deploying smart contracts you know require fixes, testing, and changes later. Understand that security, especially DeFi security, is more than just technical flaws. Economic misalignment can be abused to drain your funds. https://mainnet360.com/
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.