2 releases

0.1.2 Sep 28, 2022
0.1.0 Sep 28, 2022

#26 in #audit

MIT license

18KB
300 lines

The Auditfile

The Auditfile is a new standard, it's a formal json specification for any audit. It is presently in development.

{
    "metadata": {
        "title": "XFarm Vaults",
        "source": "https://github.com/xfarms/vaults",
        "status": "auditing",
        "languages": [
            "solidity"
        ],
        "categories": [
            "vaults"
        ],
        "tags": [
            "medium"
        ],
        "networks": [
            "bsc"
        ],
        "timestamps": {
            "onboarded": 12312312312,
            "commencement": 12313212312,
            "completion": 12312321312
        },
        "project": {
            "title": "XFarm",
            "website": "https://xfarms.io",
            "twitter": "uno_farm",
            "github": "https://github.com/xfarms"
        }
    },

    "revisions": [
        {
            "id": "preliminary",
            "title": "Preliminary",
            "source.commit": "https://github.com/xfarms/vaults/tree/4a6a247e017f96cb5f569331ca64c7f5fd41189d",
            "timestamps": {
                "commencement": 12312312312,
                "completion": 1231232131
            },
            "status": "auditing"
        }
    ],

    "contracts": [{
        "id": "farm",
        "revisions": {
            "preliminary": {
                "file": "contracts/Farm.sol",
                "name": "Farm",
            }
        },
        "metadata": {
            "livematch": {
                "link": "https://bscscan.com/address/0xDeadDeAddeAddEAddeadDEaDDEAdDeaDDeAD0000",
                "status": "MATCHED",
                "timestamps": {
                    "commencement": 123123213,
                    "completion": 12312312312
                },
            },
            "privileged": [
                "transferOwnership",
                "renounceOwnership",
                "pause",
                "unpause"
            ]
        }
    }],

    "audit": {
        "contracts": {
            "farm": {
                "description": "The Farm contract is responsible for blabla",
                "issues": {
                    "count": 1,
                    "severities": {
                        "info": {
                            "count": 1,
                            "issues": [
                                { 
                                    "id": "farm-typographicerrors",
                                    "title": "Typographic Errors",
                                    "description": "The contract contains the following typographic errors:\n\nLine 3\n ```uint256 precsicion```",
                                    "recommendation": "Consider resolving the aforementioned errors.",
                                    "resolution": "",
                                    "status": "pending",
                                    "revisions": {
                                        "raised": "preliminary",
                                        "resolved": "resolutions1",
                                    },
                                    "timestamps": {
                                        "commencement": 12312321,
                                        "completion": 123123123
                                    }
                                }
                            ]
                        }
                    }
                }
            }
        }
    }
}

Principles

  1. Interpretability: The auditfile should be easily usable by templating tools and frontends to display all relevant info to the user.
  2. Completeness: The auditfile should store at least all necessary details for an audit. An auditing backend should at most need to store the minimum subset of it in its database (eg. no counts)

Todos

  1. Timestamp based dates break the interpretability principle

Dependencies

~0.7–1.6MB
~34K SLoC