The Smart Contract Security Alliance’s core mission is to support healthy growth and adoption of blockchain applications. As part of that, we are working with other members of the industry to develop accepted standards for creating and evaluating the security of smart contracts.
We’ve published our recommended standards here to help customers understand what they are buying when they purchase a security audit, and to increase the level of professionalism in the field. We believe the standardization of security evaluations will facilitate compatibility, accountability, interoperability, research, and credibility for all industry participants.
Smart contracts vulnerabilities are categorised according to a potential severity or business impact. Since it is not possible to define every possible condition or technical situation, these guidelines can only provide guidance.
Before you start writing your smart contract, there are a few questions you should define:
Articulate in your words clearly what exactly your smart contract is intended to do and what features it has.
Identify your target date of your audit completion and any reasons for such timing. As code complexity may increase the time associated with a complete audit, be cognizant of the pressure deadlines may hold.
Provide the location of your source code, preferably GitHub with the commit hash to be audited, and access to auditors, including any associated credentials, requirements, orterms.