From 581f92c26b792136db07c029e134786aac14f753 Mon Sep 17 00:00:00 2001 From: Natalie Chin Date: Wed, 17 Aug 2022 16:01:19 -0400 Subject: [PATCH 1/2] Updated development guidelines --- development-guidelines/guidelines.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/development-guidelines/guidelines.md b/development-guidelines/guidelines.md index dbcac12a..86378c1c 100644 --- a/development-guidelines/guidelines.md +++ b/development-guidelines/guidelines.md @@ -76,12 +76,11 @@ The architecture of your codebase should make your code easy to review. Avoid ar ### Testing and verification - **Write thorough unit-tests.** An extensive test suite is crucial to build high-quality software. -- **Write [Slither](https://github.com/crytic/slither), [Echidna](https://github.com/crytic/echidna) and [Manticore](https://github.com/trailofbits/manticore) custom checks and properties.** Automated tools will help ensure your contract is secure. Review the rest of this guide to learn how to write efficient checks and properties. -- **Use [crytic.io](https://crytic.io/).** Crytic integrates with Github, provides access to private Slither detectors, and runs custom property checks from Echidna. +- **Write [Slither](https://github.com/crytic/slither) and [Echidna](https://github.com/crytic/echidna) custom checks and properties.** Automated tools will help ensure your contract is secure. Review the rest of this guide to learn how to write efficient checks and properties. ### Solidity -- **Favor Solidity 0.5 or 0.6.** In our opinion, Solidity 0.5 and 0.6 are more secure and have better built-in practices than 0.4. Solidity 0.7 is too young to be used in production and needs time to mature. +- **Favor Solidity versions outlined in our [Slither Recommendations](https://github.com/crytic/slither/wiki/Detector-Documentation#recommendation-99)** In our opinion, older Solidity are more secure and have better built-in practices. Newer Solidity versions may be ttoo young to be used in production and require additional time to mature. - **Use a stable release to compile; use the latest release to check for warnings.** Check that your code has no reported issues with the latest compiler version. However, Solidity has a fast release cycle and has a history of compiler bugs, so we do not recommend the latest version for deployment (see Slither’s [solc version recommendation](https://github.com/crytic/slither/wiki/Detector-Documentation#recommendation-39)). - **Do not use inline assembly.** Assembly requires EVM expertise. Do not write EVM code if you have not _mastered_ the yellow paper. From 539094b900d9a1cba4f04d2c3d0fa20635ad17b5 Mon Sep 17 00:00:00 2001 From: Feist Josselin Date: Tue, 6 Sep 2022 11:21:25 +0200 Subject: [PATCH 2/2] Update guidelines.md --- development-guidelines/guidelines.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/development-guidelines/guidelines.md b/development-guidelines/guidelines.md index d319bbc2..5e19b58b 100644 --- a/development-guidelines/guidelines.md +++ b/development-guidelines/guidelines.md @@ -81,8 +81,8 @@ The architecture of your codebase should make your code easy to review. Avoid ar ### Solidity -- **Favor Solidity versions outlined in our [Slither Recommendations](https://github.com/crytic/slither/wiki/Detector-Documentation#recommendation-99)** In our opinion, older Solidity are more secure and have better built-in practices. Newer Solidity versions may be ttoo young to be used in production and require additional time to mature. -- **Use a stable release to compile; use the latest release to check for warnings.** Check that your code has no reported issues with the latest compiler version. However, Solidity has a fast release cycle and has a history of compiler bugs, so we do not recommend the latest version for deployment (see Slither’s [solc version recommendation](https://github.com/crytic/slither/wiki/Detector-Documentation#recommendation-39)). +- **Favor Solidity versions outlined in our [Slither Recommendations](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity)** In our opinion, older Solidity are more secure and have better built-in practices. Newer Solidity versions may be ttoo young to be used in production and require additional time to mature. +- **Use a stable release to compile; use the latest release to check for warnings.** Check that your code has no reported issues with the latest compiler version. However, Solidity has a fast release cycle and has a history of compiler bugs, so we do not recommend the latest version for deployment (see Slither’s [solc version recommendation](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-versions-of-solidity)). - **Do not use inline assembly.** Assembly requires EVM expertise. Do not write EVM code if you have not _mastered_ the yellow paper. ## Deployment guidelines