1 Comment

Thank you for sharing your research. You may be interested in the CryptoCurrency Security Standard (CCSS) which has a requirement for security assessments including smart contract audits. The CCSS Steering Committee understands the importance of third-party audits of software code such as smart contracts. Of course software code audits are just one information security control in a suite of controls required. For example, there should be a policy to have devs trained in secure coding techniques. Documented peer review, comprehensive security testing and strict deployment processes.

2.01.1.3 A regular security audit at a level similar to SOC2, ISAE3402, or ISO-27001, that includes vulnerability, penetration testing, and code audit (if applicable) has been completed by an independent qualified third-party. Documentation shows that all concerns raised by the audit have been evaluated for risk, addressed by the organization, and known vulnerabilities have been removed from the system. Ongoing audits are scheduled on a (minimum) yearly basis.

https://cryptoconsortium.org/ccss-table/

Expand full comment