Repo for public materials related to OUSD security.
Table of Contents
Defi incident reports
Security materials
- Solidity security considerations
- Trail of Bits curated list
- Caveats about ecrecover
- 2020 paradigm CTF writeup
Checklists
- ERC20 token integration checklist
- OUSD PR checklist
- OUSD Verbose Contract PR checklist
- OUSD deployment checklist
- Origin Protocol New employee checklist: search for "New employee" on google drive.
Tools
Testing
Slither
Slither is a static analysis tool for Solidity contracts.
How to run it
pip3 install slither-analyzer
cd origin-dollar/contracts
yarn install
yarn run slither
Updating Slither DB
yarn run slither --triage
Running this command will open an interactive console where you can select the errors/warning that you want to be excluded. Once done, commit and push the updated Slither DB file. Note: make sure you are running the latest version of slither on your local.
Echidna
Echidna is a test fuzzer for Solidity contracts.
The Echnida tests for the OUSD contracts are under contracts/contract/crytic.
How to run it
On MacOS and Linux, download the latest pre-compiled binaries from here. Untar the files in a directory and add the path where the echidna-test binary was extracted to your shell's PATH.
To run the tests:
cd origin-dollar/contracts
yarn run echidna
Note that the tests take about ~30min to run.
Transaction viewers
Bytecode decompilers
4byte signature databases
External audits
See this directory