Quality Assurance

During this phase, we document the capabilities of privileged actors within the protocol and assess the maturity of the codebase across multiple categories, highlighting areas for improvement.

Access Control

During the assessment, we outline each role within the system along with its corresponding capabilities. This evaluation ensures that robust access controls are established, effectively managing each user's permissions within the system.

Code Maturity

The Code Maturity Evaluation is based on several key guidelines, as outlined in the table below.

Category
Description

Access Control

The use of robust access controls to handle identification and authorization, as well as ensuring safe interactions with the system.

Arithmetic

The proper use of mathematical operations, including addition, subtraction, multiplication, and division, as well as semantics.

Centralization

The proper use of permissionless principles for mitigating insider threats and managing risks posed by contract upgrades.

Code Stability

The extent to which the code was altered during the audit and the frequency of changes made over time.

Upgradability

The presence of upgradeable logic that allow modifications after deployment, ensuring adaptability to future needs.

Front-Running

The system’s resistance to front-running attacks, where transactions are manipulated to exploit market conditions.

Monitoring

The presence of events that are emitted whenever there are operations that change the state of the system.

Specification

The presence of comprehensive and readable codebase documentation outlining the purpose, functionality, and design choices of the system.

Testing & Verification

The presence of robust testing procedures, including unit tests, integration and end-to-end tests, ensuring the reliability and correctness of the system.

This framework helps ensure a comprehensive understanding of the codebase's robustness and identifies areas for improvement.

Note: Upon completion of this phase, a draft report is provided to the client, summarizing the findings. A brief overview is presented during the Close-out Meeting, after which the engagement transitions into the Fix Review phase.

Last updated