There are some common patterns and footguns possible that we should be aware of any time we're releasing contracts publicly. Examples:
interactions between consensus and execution chains, can anything be frontrun?
triple check crypto libs for validation
any race conditions that happen as a result of async communication / messaging delays?
contract upgrade? does it hold value? are mistakes reversible?
vote extensions aren't always validated (make this more precise, see cantina review)
Proposed Solution
Draft a standard checklist for new features that should act as a sanity check before releasing something or sending it to audits, rooted in our experiences with audits so far.
Problem to Solve
There are some common patterns and footguns possible that we should be aware of any time we're releasing contracts publicly. Examples:
Proposed Solution
Draft a standard checklist for new features that should act as a sanity check before releasing something or sending it to audits, rooted in our experiences with audits so far.