2 个版本

0.1.2 2022 年 9 月 28 日
0.1.0 2022 年 9 月 28 日

#19 in #audit

MIT 许可证

18KB
300

审计文件

审计文件是一种新的标准,它为任何审计提供了一个正式的 JSON 规范。它目前正在开发中。

{
    "metadata": {
        "title": "XFarm Vaults",
        "source": "https://github.com/xfarms/vaults",
        "status": "auditing",
        "languages": [
            "solidity"
        ],
        "categories": [
            "vaults"
        ],
        "tags": [
            "medium"
        ],
        "networks": [
            "bsc"
        ],
        "timestamps": {
            "onboarded": 12312312312,
            "commencement": 12313212312,
            "completion": 12312321312
        },
        "project": {
            "title": "XFarm",
            "website": "https://xfarms.io",
            "twitter": "uno_farm",
            "github": "https://github.com/xfarms"
        }
    },

    "revisions": [
        {
            "id": "preliminary",
            "title": "Preliminary",
            "source.commit": "https://github.com/xfarms/vaults/tree/4a6a247e017f96cb5f569331ca64c7f5fd41189d",
            "timestamps": {
                "commencement": 12312312312,
                "completion": 1231232131
            },
            "status": "auditing"
        }
    ],

    "contracts": [{
        "id": "farm",
        "revisions": {
            "preliminary": {
                "file": "contracts/Farm.sol",
                "name": "Farm",
            }
        },
        "metadata": {
            "livematch": {
                "link": "https://bscscan.com/address/0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000",
                "status": "MATCHED",
                "timestamps": {
                    "commencement": 123123213,
                    "completion": 12312312312
                },
            },
            "privileged": [
                "transferOwnership",
                "renounceOwnership",
                "pause",
                "unpause"
            ]
        }
    }],

    "audit": {
        "contracts": {
            "farm": {
                "description": "The Farm contract is responsible for blabla",
                "issues": {
                    "count": 1,
                    "severities": {
                        "info": {
                            "count": 1,
                            "issues": [
                                { 
                                    "id": "farm-typographicerrors",
                                    "title": "Typographic Errors",
                                    "description": "The contract contains the following typographic errors:\n\nLine 3\n ```uint256 precsicion```",
                                    "recommendation": "Consider resolving the aforementioned errors.",
                                    "resolution": "",
                                    "status": "pending",
                                    "revisions": {
                                        "raised": "preliminary",
                                        "resolved": "resolutions1",
                                    },
                                    "timestamps": {
                                        "commencement": 12312321,
                                        "completion": 123123123
                                    }
                                }
                            ]
                        }
                    }
                }
            }
        }
    }
}

原则

  1. 可解释性:审计文件应该易于由模板工具和前端使用,以便向用户显示所有相关信息。
  2. 完整性:审计文件应存储至少审计所需的所有必要细节。审计后端应最多只需在数据库中存储其最小子集(例如,没有计数)

待办事项

  1. 基于时间戳的日期打破了可解释性原则

依赖关系

~0.7–1.6MB
~36K SLoC