All development for StrellerMinds smart contracts must follow these security principles:
- Principle of Least Privilege: Contracts should request only the permissions they need.
- Input Validation: All inputs must be validated before processing.
- Error Handling: Proper error handling must be implemented for all operations.
- Access Control: Clear access control mechanisms must be in place.
- Audit Readiness: Code should be written with clarity for future audits.
- All PRs must undergo security review before merging.
- Static analysis tools must be run on all code.
- Test coverage must include security-focused test cases.
If you discover a security vulnerability, please do NOT open an issue. Email security@strellerminds.com instead.