Security checklist for Tezos smart contracts
One of the goals of Inference is to share knowledge within the Tezos community in order to foster both security and security awareness in the Tezos ecosystem. Inference has therefore created a first version of a security assessment checklist for Tezos smart contracts.
We provide this checklist to the community as a “white-labeled” document, so that anyone can use it:
Tezos smart contract beginners can learn about smart contracts on the Tezos blockchain and potential security issues/pitfalls. Note, in particular, that links in the checklist point to additional information and code examples.
Tezos smart contract developers can use the checklist to cross-check their developed code.
Security assessors may use the checklist in their assessments.
Inference thanks the Ligo team, SmartPy team, and Papers for providing very valuable feedback in a first review round before publication. By making the checklist public we are hoping that this security assessment checklist will be widely used, and we also invite everyone to contribute in order to improve it and improve security on the Tezos blockchain in general.
If you have any feedback, please contact us via contact-at-inference.ag.