Skip to content

Prepare external audit checklist for smart contracts #1296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
TUPM96 wants to merge 1 commit into
base: master
Choose a base branch
from
+209 −0
Open

Prepare external audit checklist for smart contracts #1296

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions contracts/program-escrow/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,13 @@
//! 5. **Complete Audit Trail**: Full payout history tracking
//! 6. **Overflow Protection**: Safe arithmetic for all calculations
//!
//! ## External Audit Preparation
//!
//! The public entrypoint inventory, access-control matrix, error-code registry,
//! threat model, and remediation tracker live in
//! `docs/security/external-audit-checklist.md`. Keep that checklist in sync with
//! any new state-mutating entrypoint, new authorization branch, or new error code.
//!
//! ## Usage Example
//!
//! ```rust
Expand Down
33 changes: 33 additions & 0 deletions contracts/program-escrow/src/test.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -999,6 +999,14 @@ fn test_invalid_role_proposal() {
// Try to propose same admin - should fail
client.propose_admin(&admin);
}

/// Test rate-limit configuration requires admin authorization.
#[test]
#[should_panic]
fn test_update_rate_limit_config_requires_admin() {
let env = Env::default();
let contract_id = env.register_contract(None, ProgramEscrowContract);
let client = ProgramEscrowContractClient::new(&env, &contract_id);
let admin = Address::generate(&env);
let non_admin = Address::generate(&env);

Expand Down Expand Up @@ -4793,3 +4801,28 @@ fn test_batch_payout_schema_version_set_on_init() {
// Version 0 means not yet written (legacy) — any value is acceptable.
let _v = client.get_batch_payout_schema_version();
}

#[test]
fn test_external_audit_checklist_covers_required_scope() {
const CHECKLIST: &str = include_str!("../../../docs/security/external-audit-checklist.md");

for required in [
"contracts/program-escrow/",
"contracts/bounty_escrow/",
"contracts/grainlify-core/",
"Reentrancy",
"Oracle Manipulation",
"Fee Drain",
"Draft state incomplete",
"Missing test imports",
"Unauthorized(1)",
"ClaimNotFound(500)",
"CIRCUIT_OPEN(1001)",
"cargo test -p program-escrow",
] {
assert!(
CHECKLIST.contains(required),
"audit checklist must include required item: {required}"
);
}
}
Loading
Loading