first level title
Audit+ working group introduction
Security is crucial to any digital application, but in EOS security is a neglected area.
andSlowmistandSentnlLed by security experts, Slowmist and Sentnl are security audit companies commonly used by EOSIO and Solidity smart contract developers. The establishment of the Audit+ working group was welcomed byConsensys DiligenceInspired by EOSIO, the working group was formed because there are relatively few security-focused solutions in the EOSIO ecosystem compared to other blockchain technologies.
One of the key issues to be addressed by the Audit+ team is knowledge transfer within the developer community. The first prerequisite for completing knowledge transfer is to provide developers with the right tools and relevant documentation.
The EOSIO core system is very well designed in terms of security. However, there are still some fundamental issues that need to be addressed to ensure that the EOSIO security design can match the standards of other blockchains, and then take advantage of EOSIO's unique elements, such as its strong permission system, to push EOSIO further.
first level title
Open source security audit API and platform
As it stands, there is no service within the EOS community that can verify that the current smart contract code has been security audited. EOS also lacks a platform for security auditors to publish audit results and other information. This would create a major vulnerability in the EOS system and would give developers the subjective belief that the smart contracts they are dealing with are completely secure.
Therefore, the establishment of a source code verification and audit information disclosure platform can make it easier for the community to verify the security of interactive smart contracts.
first level title
Contract Upgrade Authorization
first level title
Software library for secure smart contract development
As the number and value of DeFi protocols grow, so does the risk of being attacked. While developing audits and more secure operations provides a start to securing the network, there are still many problems with security integration. The Audit+ working group plans to develop a roadmap to provide how to develop, audit commonly used smart contract templates and open source them to the community, with the aim of increasing cost savings and security assurance throughout the ecosystem, similar toOpenZeppelinServices for Solidity developers.
first level title
bug bounty
Bug bounties can fully mobilize the enthusiasm and talents of the community to protect the EOS network. The bounty will encourage the hacker community to take the time to analyze the EOS codebase, identify vulnerabilities, and flag them.
first level title
text
Creating more automated and freely available tools could make it easier for developers to check the security of contracts. Although some tools currently exist, these tools are not open source or free.
first level title
A knowledge base of common security pitfalls when compiling EOSIO smart contracts
When writing smart contracts, experienced developers can avoid some of the most common security pitfalls. But inexperienced developers will likely make some simple mistakes, and these mistakes lead to security problems. There is currently no list of common errors and troubleshooting for EOSIO smart contract development.
first level title
next step
The Audit+ Blue Book is expected to be released next week, covering recommendations and initiatives that can make the EOS network better. Each of these moves will put EOS at the forefront of protecting the ecosystem against current or future attacks.
Findings and recommendations from the Audit+ working group will give developers even more trust in EOS, making the EOS network a safe place to build dApps and conduct business.
EOS Network Foundation Chinese Twitter
About the EOS Network Foundation
The EOS Network Foundation is a non-profit organization that aims to listen to the voice of the community, convey the wishes of the community, and support the development of high-quality projects in the community. It will become an information sharing bridge for the EOS community and provide funds, technology, operations, future planning, Key infrastructure support such as ecological construction further develops the full potential of EOS as the world's fastest governance-based blockchain.
IOS
Android