{"id":13469784,"url":"https://github.com/InferenceAG/TezosSecurityBaselineChecking","last_synced_at":"2025-03-26T09:31:10.917Z","repository":{"id":109167495,"uuid":"455459037","full_name":"InferenceAG/TezosSecurityBaselineChecking","owner":"InferenceAG","description":null,"archived":false,"fork":false,"pushed_at":"2024-05-13T22:46:04.000Z","size":307,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-10-30T00:52:16.476Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/InferenceAG.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-04T07:32:46.000Z","updated_at":"2024-05-13T22:46:07.000Z","dependencies_parsed_at":"2024-05-13T23:49:05.306Z","dependency_job_id":null,"html_url":"https://github.com/InferenceAG/TezosSecurityBaselineChecking","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InferenceAG%2FTezosSecurityBaselineChecking","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InferenceAG%2FTezosSecurityBaselineChecking/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InferenceAG%2FTezosSecurityBaselineChecking/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/InferenceAG%2FTezosSecurityBaselineChecking/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/InferenceAG","download_url":"https://codeload.github.com/InferenceAG/TezosSecurityBaselineChecking/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245625907,"owners_count":20646257,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T16:00:15.952Z","updated_at":"2025-03-26T09:31:10.444Z","avatar_url":"https://github.com/InferenceAG.png","language":"Shell","funding_links":[],"categories":["Security checklist for Tezos smart contracts"],"sub_categories":["References:"],"readme":"# Tezos security baseline checking framework \n\n## WIP WARNING\nThis is work in progress (WIP). The framework is still in its infancy,\nthe scripts are unpolished bash, quirky, etc.\n\nWe invite you to help. Please see also section \"[contribution](#contribution)\".\n\n### Ideas \u0026 open points \u0026 goals\n- more flexibility in various aspects\n- test cases can be run against different networks, but also against\n  the pytezos interpreter, etc.\n- test cases can be run at any time\n- test cases can be run using different Ligo / SmartPy compilers\n- possibility to run only a subset of test cases\n- improving result checking\n- improving output\n- reusing already deployed contracts (mainnet?)\n- tracking / comparing changes between different environments/setups\n  (protocols, compilers, etc.\n- etc.\n\n## Purpose\nThe purpose of the Tezos security baseline checking framework is to\ncheck whether the underlying system for smart contracts on Tezos\ncontinues to behave as expected.\n\nPerforming these checks independently is crucial for smart contract\ndevelopers and, in particular, for security assessors in order to\nunderstand how the underlying system is working and whether it has\nbeen changed. Thus, a profound understanding of the underlying system\nforms a \"baseline\" for any security-related work on smart contracts.\n\nFor instance the Tezos\n[security assessment checklist](https://github.com/Inference/TezosSecurityAssessmentChecklist)\nis based on this baseline and can potentially need to be updated as\nsoon as the underlying system's mechanics have changed.\n\nAn additional benefit of this independent security baseline checking\nframework is the early detection of critical changes to the\nunderlying system for smart contract in the development of new Tezos\nprotocols, high-level smart contract compilers, etc. \n\n## Test cases\n### Overview\nAn overview over existing test cases can be found in [./index.md](./index.md)\n\n## How to run for Tezos testnets\n### Setup\n1. Download this repo: `git clone https://github.com/Inference/TezosSecurityBaselineCheckingFramework`\n2. Get a\n   [tezos-client executable](https://tezos.gitlab.io/introduction/howtoget.html),\n   which supports the network where you want to run the test cases on.\n\n3. Install [SmartPy](https://smartpy.io/docs/cli)\n4. Install [Ligo](https://ligolang.org/docs/intro/installation)\n5. Adapt parameters for SMARTPY, LIGO, and TEZOSCLIENT in the [_framework/init.sh](_framework/init.sh) file.\n6. Download two test accounts from the corresponding [testnet faucet](https://teztnets.xyz/), name one \"admin.json\" and the other \"deploy.json, and store these files under [./_framework/](./_framework)\n7. Change to the _framework directory  E.g. `cd _framework`\n8. Execute script `./import.sh` to import and activate the downloaded test accounts.\n\n### Execute all test cases\n1. Change to the _framework directory: `cd _framework`\n2. Execute the script `./execute_all.sh`\n\n### Execute a single test case\n1. Change to the test case directory. E.g. `cd testcases/TC-001]`\n2. Execute the script `./execute_test.sh`\n\n## Contribution\nEveryone is invited to contribute to the security baseline checking\nframework. We are eager to see new ideas, read new test cases and\nfoster the development of the framework by everyone in the Tezos\necosystem.\n\n## Disclaimer\nThis security baseline checking framework is currently \"work in\nprogress\". The security baseline checking framework does not claim to\nbe complete at any time as it is continuously developed.\n\n## Contact\nThis github repository is currently maintained by\n[Inference](https://inference.ag).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FInferenceAG%2FTezosSecurityBaselineChecking","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FInferenceAG%2FTezosSecurityBaselineChecking","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FInferenceAG%2FTezosSecurityBaselineChecking/lists"}