Group Module - Module Readiness Checklist

x/group Module Readiness Checklist

This checklist is to be used for tracking the final internal audit of new Cosmos SDK modules prior to inclusion in a published release.

Release Candidate Checklist

The following checklist should be gone through once the module has been fully implemented. This audit should be performed directly on master, or preferably on a alpha or beta release tag that includes the module.

Ping @blushi if there's any clarifying question on group spec.

The module should not be included in any Release Candidate tag until it has passed this checklist.

[x] API audit (at least 1 person)
- [x] Are Msg and Query methods and types well-named and organized? @amaurym #11515
- [x] Are Proto definitions well-named? @amaurym
- [x] Is everything well documented (inline godoc as well as /spec/ folder in module directory) @amaurym
- [x] https://github.com/cosmos/cosmos-sdk/pull/11631
- [x] https://github.com/cosmos/cosmos-sdk/pull/11516
  - Add missing client documentation for TallyResult query (https://github.com/cosmos/cosmos-sdk/pull /11315#issuecomment-1078959575)
  - Change docs and CLI from timeout to windows (see Discord post by Noam)
- [x] Ensure ORM documentation is clear @cmwaters @amaurym #11842
[x] State machine audit (at least 2 people)
- [x] Read through Keeper and MsgServer code and verify correctness upon visual inspection @amaurym https://github.com/cosmos/cosmos-sdk/pull/11559 @atheeshp
- [x] Ensure all state machine code which could be confusing is properly commented @amaurym @atheeshp
- [x] Make sure state machine logic matches Msg method documentation @amaurym @atheeshp
- [x] Ensure that all state machine edge cases are covered with tests and that test coverage is sufficient (at least 90% coverage on module code) @amaurym
- keeper package tests @JeancarloBarrios #11679
- [x] Assess potential threats for each method including spam attacks and ensure that threats have been addressed sufficiently. This should be done by writing up threat assessment for each method @amaurym @atheeshp
- [x] algorithmic complexity and places this could be exploited (ex. nested for loops)
- [x] charging gas complex computation (ex. for loops)
- [x] Storage is safe (we don't pollute the state).
- [x] Assess potential risks of any new third party dependencies and decide whether a dependency audit is needed
- [x] Ensure ORM code is correct (@amaurym) https://github.com/cosmos/cosmos-sdk/pull/11842
- [x] Ensure math code is correct @amaurym
- Did not audit github.com/cockroachdb/apd/v2
[x] Completeness audit, fully implemented with tests (at least 1 person)
- [x] Genesis import and export of all state (@amaurym)
- [x] Query services (@amaurym)
- [x] CLI methods (@JeancarloBarrios #11679)
- [x] All necessary migration scripts are present (if this is an upgrade of existing module)
[x] Blocker Issues
- [x] #11531
- [x] #11682
- [x] #11746

Published Release Checklist

After the above checks have been audited and the module is included in a tagged Release Candidate, the following additional checklist should be undertaken for live testing, and potentially a 3rd party audit (if deemed necessary):

[x] Testnet / devnet testing (2-3 people) (@assignee1, @assignee2, @assignee3) #11880
- [x] All Msg methods have been tested especially in light of any potential threats identified
- [x] Genesis import and export has been tested
[ ] Nice to have (and needed in some cases if threats could be high): Official 3rd party audit

cosmos / cosmos-sdk