Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/OriginProtocol/security
Materials related to security: docs, checklists, processes, etc...
https://github.com/OriginProtocol/security
Last synced: 3 months ago
JSON representation
Materials related to security: docs, checklists, processes, etc...
- Host: GitHub
- URL: https://github.com/OriginProtocol/security
- Owner: OriginProtocol
- Created: 2020-12-09T22:40:14.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2023-11-09T13:43:27.000Z (8 months ago)
- Last Synced: 2024-01-26T17:35:47.002Z (5 months ago)
- Language: Solidity
- Size: 7.86 MB
- Stars: 197
- Watchers: 26
- Forks: 26
- Open Issues: 17
-
Metadata Files:
- Readme: README.md
- Audit: audits/Narya - Origin OETH Report - May 2023 - Initial Report.pdf
Lists
- awesome-solidity - OriginProtocol/security - Materials related to security: docs, checklists, processes. (Resources)
- awesome-solidity - OriginProtocol/security - Materials related to security: docs, checklists, processes. (Resources)
- awesome-solidity - OriginProtocol/security - Materials related to security: docs, checklists, processes. (Resources)
- awesome-solidity - OriginProtocol/security - Materials related to security: docs, checklists, processes. (Resources)
README
Repo for public materials related to [OUSD](https://www.ousd.com) security.
# Table of Contents
1. [Defi incident reports](#defi-incident-reports)
1. [Security materials](#security-materials)
1. [Checklists](#checklists)
1. [Tools](#tools)
1. [External audits](#external-audits)# Defi incident reports
- [Reports](/incidents)# Security materials
- [Solidity security considerations](https://docs.soliditylang.org/en/v0.7.5/security-considerations.html)
- [Trail of Bits curated list](https://github.com/crytic/awesome-ethereum-security)
- [Caveats about ecrecover](https://docs.kaleido.io/faqs/why-ecrecover-fails/)
- [2020 paradigm CTF writeup](https://github.com/DanielVF/2020_paradigm_ctf_writeup)# Checklists
- [ERC20 token integration checklist](https://github.com/crytic/building-secure-contracts/blob/master/development-guidelines/token_integration.md)
- [OUSD PR checklist](https://github.com/OriginProtocol/origin-dollar/blob/master/pull_request_template.md)
- [OUSD Verbose Contract PR checklist](https://github.com/OriginProtocol/security/blob/master/templates/Contract-Code-Review-Example.md)
- [OUSD deployment checklist](https://docs.google.com/spreadsheets/d/1phyzOJMmTBPIqTTa0v7HY6XJkjRmbrcdULRZPo_JEoY/edit?usp=sharing)
- Origin Protocol New employee checklist: search for "New employee" on google drive.# Tools
## Testing
### Slither
[Slither](https://github.com/crytic/slither) is a static analysis tool for Solidity contracts.#### How to run it
```
pip3 install slither-analyzer
cd origin-dollar/contracts
yarn install
yarn run slither
```#### Updating Slither DB
```
yarn run slither --triage
```
Running this command will open an interactive console where you can select the errors/warning that you want to be excluded. Once done, commit and push the updated Slither DB file. Note: make sure you are running the latest version of slither on your local.### Echidna
[Echidna](https://github.com/crytic/echidna) is a test fuzzer for Solidity contracts.The Echnida tests for the OUSD contracts are under [contracts/contract/crytic](https://github.com/OriginProtocol/origin-dollar/tree/master/contracts/contracts/crytic).
#### How to run it
On MacOS and Linux, download the latest pre-compiled binaries from [here](https://github.com/crytic/echidna/releases).
Untar the files in a directory and add the path where the echidna-test binary was extracted to your shell's PATH.To run the tests:
```
cd origin-dollar/contracts
yarn run echidna
```Note that the tests take about ~30min to run.
## Transaction viewers
- https://openchain.xyz/trace
- https://tx.eth.samczsun.com
- https://ethtx.info## Bytecode decompilers
- https://library.dedaub.com/decompile## 4byte signature databases
- https://openchain.xyz/signatures
- https://www.4byte.directory# External audits
See [this directory](https://github.com/OriginProtocol/security/tree/master/audits)
# Bug bounty program
- Refer to https://docs.ousd.com/security-and-risks/bug-bounties
- [Example of a well written bug report](https://gist.github.com/DanielVF/66f459da88804d1fd917c47576c68523)