Repo for organizing materials related to security.
- Solidity security considerations
- Trail of Bits curated list
- Caveats about ecrecover
- 2020 paradigm CTF writeup
- ERC20 token integration checklist
- OUSD PR checklist
- OUSD deployment checklist
- Origin Protocol New employee checklist: search for "New employee" on google drive.
Slither is a static analysis tool for Solidity contracts.
pip3 install slither-analyzer
cd origin-dollar/contracts
yarn install
yarn run slither
yarn run slither --triage
Running this command will open an interactive console where you can select the errors/warning that you want to be excluded. Once done, commit and push the updated Slither DB file. Note: make sure you are running the latest version of slither on your local.
Echidna is a test fuzzer for Solidity contracts.
The Echnida tests for the OUSD contracts are under contracts/contract/crytic.
On MacOS and Linux, download the latest pre-compiled binaries from here. Untar the files in a directory and add the path where the echidna-test binary was extracted to your shell's PATH.
To run the tests:
cd origin-dollar/contracts
yarn run echidna
Note that the test take about ~30min to run.
- OGN
- OUSD
- Single Asset Staking