You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/developers/docs/smart-contracts/security/index.md
+9-1Lines changed: 9 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -214,7 +214,7 @@ Decentralized governance can be beneficial, especially because it aligns the int
214
214
215
215
One way of preventing problems related to on-chain governance is to [use a timelock](https://blog.openzeppelin.com/protect-your-users-with-smart-contract-timelocks/). A timelock prevents a smart contract from executing certain actions until a specific amount of time passes. Other strategies include assigning a “voting weight” to each token based on how long it has been locked up for, or measuring the voting power of an address at a historical period (for example, 2-3 blocks in the past) instead of the current block. Both methods reduce the possibility of quickly amassing voting power to swing on-chain votes.
216
216
217
-
More on [designing secure governance systems](https://blog.openzeppelin.com/smart-contract-security-guidelines-4-strategies-for-safer-governance-systems/) and [different voting mechanisms in DAOs](https://hackernoon.com/governance-is-the-holy-grail-for-daos).
217
+
More on [designing secure governance systems](https://blog.openzeppelin.com/smart-contract-security-guidelines-4-strategies-for-safer-governance-systems/), [different voting mechanisms in DAOs](https://hackernoon.com/governance-is-the-holy-grail-for-daos), and [the common DAO attack vectors leveraging DeFi](https://dacian.me/dao-governance-defi-attacks) in the shared links.
218
218
219
219
### 8. Reduce complexity in code to a minimum {#reduce-code-complexity}
220
220
@@ -468,6 +468,8 @@ If you plan on querying an on-chain oracle for asset prices, consider using one
468
468
469
469
-**[ABI Encoder](https://abi.hashex.org/)** - _A free online service for encoding your Solidity contract functions and constructor arguments._
470
470
471
+
-**[Aderyn](https://github.com/Cyfrin/aderyn)** - _Solidity Static Analyzer, traversing the Abstract Syntax Trees (AST) to pinpoint suspected vulnerabilities and printing out issues in an easy-to-consume markdown format._
472
+
471
473
### Tools for monitoring smart contracts {#smart-contract-monitoring-tools}
472
474
473
475
-**[OpenZeppelin Defender Sentinels](https://docs.openzeppelin.com/defender/v1/sentinel)** - _A tool for automatically monitoring and responding to events, functions, and transaction parameters on your smart contracts._
@@ -490,6 +492,8 @@ If you plan on querying an on-chain oracle for asset prices, consider using one
490
492
491
493
-**[Trail of Bits](https://www.trailofbits.com/)** - _Cybersecurity company that combines security research with an attacker mentality to reduce risk and fortify code._
492
494
495
+
-**[Cyfrin](https://cyfrin.io)** - _Web3 security powerhouse, incubating crypto security through products and smart contract auditing services._
496
+
493
497
-**[PeckShield](https://peckshield.com/)** - _Blockchain security company offering products and services for the security, privacy, and usability of the entire blockchain ecosystem._
494
498
495
499
-**[QuantStamp](https://quantstamp.com/)** - _Auditing service facilitating the mainstream adoption of blockchain technology through security and risk assessment services._
@@ -506,6 +510,8 @@ If you plan on querying an on-chain oracle for asset prices, consider using one
506
510
507
511
-**[Code4rena](https://code4rena.com/)** - _Competitive audit platform that incentivizes smart contract security experts to find vulnerabilities and help make web3 more secure._
508
512
513
+
-**[CodeHawks](https://codehawks.com)** - _Leading competitive smart contract audit marketplace for security researchers and Web3 projects._
514
+
509
515
### Bug bounty platforms {#bug-bounty-platforms}
510
516
511
517
-**[Immunefi](https://immunefi.com/)** - _Bug bounty platform for smart contracts and DeFi projects, where security researchers review code, disclose vulnerabilities, get paid, and make crypto safer._
@@ -542,6 +548,8 @@ If you plan on querying an on-chain oracle for asset prices, consider using one
542
548
543
549
-**[Smart Contract Security Verification Standard](https://github.com/securing/SCSVS)** - _Fourteen-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors._
544
550
551
+
-**[Learn Smart Contract Security and Auditing](https://updraft.cyfrin.io/courses/security) - _Ultimate smart contract security and auditing course, created for smart contract developers looking to level up their security best practices and become security researchers._
552
+
545
553
### Tutorials on smart contract security {#tutorials-on-smart-contract-security}
546
554
547
555
-[How to write secure smart contracts](/developers/tutorials/secure-development-workflow/)
0 commit comments