Template for Security Reviews

This is the Spearbit template repository for security reviews.

Create GitHub issues with the finding.md template and use the appropriate severity labels (see below).

  • Inside the ISSUE_TEMPLATE, change the [PROJECT]: name to the client's name accordingly.

  • Please run the create-labels.py script locally when preparing the audit repository to remove Github's default labels and introduce custom ones in order to improve auditors workflow.

Workflow

  • Leave initial comments / findings on the GitHub pull requests. This can be used to collaboratively discuss among the security review team and the client asynchronously.

  • Once a finding from a pull request review is finalized, it can be converted into a GitHub issue with the following tags:

    1. Severity: Critical Risk.
    2. Severity: High Risk.
    3. Severity: Medium Risk.
    4. Severity: Low Risk.
    5. Severity: Gas Optimization.
    6. Severity: Informational.
    7. Status: Acknowledged.
    8. Status: Fixed.
    9. Status: ReadyForReport.
Severity level Impact: High Impact: Medium Impact: low
Likelihood:high Critical High Medium
Likelihood:medium High Medium Low
Likelihood:low Medium Low Low
  • These issues should then be polished and properly typeset. This task is mainly aimed at non-lead security researchers and apprentices in the project. Please follow the style guidelines.