About the Smart Contract Systems Security category


#1

Initially proposed by @maurelian, the Security working group is planning a Gathering of the Security Community in early September, 2018.

Goals

To share knowledge to prevent and mitigate security risks facing smart contract systems. I’m particularly interested in anything that improves the working relationship between auditors and developers, and the outcomes of working with a security audit firm.

Topics

For best results, the scope should be well defined, and strictly enforced.

in Scope
  • Secure development lifecycle
    • especially how auditors can work with developers earlier (not doing security at the end)
    • Auditing standards, techniques and best practices
  • Security analysis tools
  • Formal verification in practice
  • Risk mitigation
  • Upgradeability
  • Running a good bug bounty
Out of scope
  • Protocol governance
  • Security of protocol client software
  • Crypto-economics and game theory
  • Product/service sales pitches which are not educational, or fre

#2

In Scope:

  • Documentation
  • Requirements derivation and traceability
  • Event response planning