This checklist is to be used for tracking the final internal audit of new Cosmos SDK modules prior to inclusion in a published release.
Release Candidate Checklist
The following checklist should be gone through once the module has been fully implemented. This audit should be performed directly on master, or preferably on a alpha or beta release tag that includes the module.
Ping @blushi if there's any clarifying question on group spec.
The module should not be included in any Release Candidate tag until it has passed this checklist.
[x] API audit (at least 1 person)
[x] Are Msg and Query methods and types well-named and organized? @amaurym #11515
[x] Are Proto definitions well-named? @amaurym
[x] Is everything well documented (inline godoc as well as /spec/ folder in module directory) @amaurym
[x] Ensure all state machine code which could be confusing is properly commented @amaurym @atheeshp
[x] Make sure state machine logic matches Msg method documentation @amaurym @atheeshp
[x] Ensure that all state machine edge cases are covered with tests and that test coverage is sufficient (at least 90% coverage on module code) @amaurym
keeper package tests @JeancarloBarrios #11679
[x] Assess potential threats for each method including spam attacks and ensure that threats have been addressed sufficiently. This should be done by writing up threat assessment for each method @amaurym @atheeshp
[x] algorithmic complexity and places this could be exploited (ex. nested for loops)
[x] charging gas complex computation (ex. for loops)
[x] Storage is safe (we don't pollute the state).
[x] Assess potential risks of any new third party dependencies and decide whether a dependency audit is needed
[x] Completeness audit, fully implemented with tests (at least 1 person)
[x] Genesis import and export of all state (@amaurym)
[x] Query services (@amaurym)
[x] CLI methods (@JeancarloBarrios #11679)
[x] All necessary migration scripts are present (if this is an upgrade of existing module)
[x] Blocker Issues
[x] #11531
[x] #11682
[x] #11746
Published Release Checklist
After the above checks have been audited and the module is included in a tagged Release Candidate, the following additional checklist should be undertaken for live testing, and potentially a 3rd party audit (if deemed necessary):
x/group Module Readiness Checklist
This checklist is to be used for tracking the final internal audit of new Cosmos SDK modules prior to inclusion in a published release.
Release Candidate Checklist
The following checklist should be gone through once the module has been fully implemented. This audit should be performed directly on
master
, or preferably on aalpha
orbeta
release tag that includes the module.Ping @blushi if there's any clarifying question on group spec.
The module should not be included in any Release Candidate tag until it has passed this checklist.
/spec/
folder in module directory) @amaurymTallyResult
query (https://github.com/cosmos/cosmos-sdk/pull /11315#issuecomment-1078959575)timeout
towindows
(see Discord post by Noam)keeper
package tests @JeancarloBarrios #11679for
loops)for
loops)Published Release Checklist
After the above checks have been audited and the module is included in a tagged Release Candidate, the following additional checklist should be undertaken for live testing, and potentially a 3rd party audit (if deemed necessary):