{"id":13620011,"url":"https://github.com/OriginProtocol/security","last_synced_at":"2025-04-14T19:30:40.765Z","repository":{"id":39608041,"uuid":"320097367","full_name":"OriginProtocol/security","owner":"OriginProtocol","description":"Materials related to security: docs, checklists, processes, etc...","archived":false,"fork":false,"pushed_at":"2025-04-07T17:04:26.000Z","size":9982,"stargazers_count":201,"open_issues_count":18,"forks_count":26,"subscribers_count":24,"default_branch":"master","last_synced_at":"2025-04-07T18:23:27.791Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Solidity","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OriginProtocol.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":"audits/Certora - Formal verification - December 2024.pdf","citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-12-09T22:40:14.000Z","updated_at":"2025-04-07T17:04:29.000Z","dependencies_parsed_at":"2025-01-13T18:24:59.175Z","dependency_job_id":"a07e7844-4f5f-486b-9a2a-90b6ab1de9c7","html_url":"https://github.com/OriginProtocol/security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OriginProtocol%2Fsecurity","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OriginProtocol%2Fsecurity/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OriginProtocol%2Fsecurity/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OriginProtocol%2Fsecurity/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OriginProtocol","download_url":"https://codeload.github.com/OriginProtocol/security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248945721,"owners_count":21187374,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T21:00:51.143Z","updated_at":"2025-04-14T19:30:39.218Z","avatar_url":"https://github.com/OriginProtocol.png","language":"Solidity","readme":"Repo for public materials related to [Origin](https://www.originprotocol.com) security.\n\n# Table of Contents\n 1. [Defi incident reports](#defi-incident-reports)\n 1. [Security materials](#security-materials)\n 1. [Checklists](#checklists)\n 1. [Tools](#tools)\n 1. [External audits](#external-audits)\n\n# Defi incident reports\n  - [Reports](/incidents)\n\n# Security materials\n - [Solidity security considerations](https://docs.soliditylang.org/en/v0.7.5/security-considerations.html)\n - [Trail of Bits curated list](https://github.com/crytic/awesome-ethereum-security)\n - [Caveats about ecrecover](https://docs.kaleido.io/faqs/why-ecrecover-fails/)\n - [2020 paradigm CTF writeup](https://github.com/DanielVF/2020_paradigm_ctf_writeup)\n - [How to do a Proper Code Review](https://medium.com/@danielvf/how-to-do-a-proper-code-review-901bd037905c)\n\n# Checklists\n - [ERC20 token integration checklist](https://github.com/crytic/building-secure-contracts/blob/master/development-guidelines/token_integration.md)\n - [Contract PR checklist](https://github.com/OriginProtocol/origin-dollar/blob/master/pull_request_template.md)\n - [Verbose Contract PR Checklist](https://github.com/OriginProtocol/security/blob/master/templates/Contract-Code-Review.md)\n - [Deployment Plan template on notion](https://www.notion.so/originprotocol/Deployment-Plan-d5aa7d033cc54d78914e00bf040344d2)\n\n# Tools\n\n## Testing\n### Slither\n[Slither](https://github.com/crytic/slither) is a static analysis tool for Solidity contracts.\n\n#### How to run it\n```\npip3 install slither-analyzer\ncd origin-dollar/contracts\nyarn install\nyarn run slither\n```\n\n#### Updating Slither DB\n```\nyarn run slither --triage\n```\nRunning this command will open an interactive console where you can select the errors/warning that you want to be excluded. Once done, commit and push the updated Slither DB file. Note: make sure you are running the latest version of slither on your local.\n\n### Echidna\n[Echidna](https://github.com/crytic/echidna) is a test fuzzer for Solidity contracts.\n\nThe Echnida tests for the OUSD contracts are under [contracts/contract/crytic](https://github.com/OriginProtocol/origin-dollar/tree/master/contracts/contracts/crytic).\n\n#### How to run it\nOn MacOS and Linux, download the latest pre-compiled binaries from [here](https://github.com/crytic/echidna/releases).\nUntar the files in a directory and add the path where the echidna-test binary was extracted to your shell's PATH.\n\nTo run the tests:\n```\ncd origin-dollar/contracts\nyarn run echidna\n```\n\nNote that the tests take about ~30min to run.\n\n## Transaction viewers\n  - https://openchain.xyz/trace\n  - https://tx.eth.samczsun.com\n  - https://ethtx.info\n\n## Bytecode decompilers\n  - https://library.dedaub.com/decompile\n\n## 4byte signature databases\n  - https://openchain.xyz/signatures\n  - https://www.4byte.directory\n\n# External audits\n  See [this directory](https://github.com/OriginProtocol/security/tree/master/audits)\n  \n# Bug bounty program\n  - Refer to https://docs.ousd.com/security-and-risks/bug-bounties\n  - [Example of a well written bug report](https://gist.github.com/DanielVF/66f459da88804d1fd917c47576c68523)\n\n\n","funding_links":[],"categories":["Resources"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOriginProtocol%2Fsecurity","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FOriginProtocol%2Fsecurity","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FOriginProtocol%2Fsecurity/lists"}