15427c96c0
- Change file mode from 644 to 755 for all project files - Add chain_id parameter to get_balance RPC endpoint with default "ait-devnet" - Rename Miner.extra_meta_data to extra_metadata for consistency
46 lines
1.5 KiB
Markdown
Executable File
46 lines
1.5 KiB
Markdown
Executable File
# Smart Contract Audit Gap Checklist
|
|
|
|
## Status
|
|
- **Coverage**: 4% (insufficient for mainnet)
|
|
- **Critical Gap**: No formal verification or audit for escrow, GPU rental payments, DAO governance
|
|
|
|
## Immediate Actions (Blockers for Mainnet)
|
|
|
|
### 1. Static Analysis
|
|
- [ ] Run Slither on all contracts (`npm run slither`)
|
|
- [ ] Review and remediate all high/medium findings
|
|
|
|
### 2. Fuzz Testing
|
|
- [ ] Add Foundry invariant fuzz tests for critical contracts
|
|
- [ ] Target contracts: AIPowerRental, EscrowService, DynamicPricing, DAO Governor
|
|
- [ ] Achieve >1000 runs per invariant with no failures
|
|
|
|
### 3. Formal Verification (Optional but Recommended)
|
|
- [ ] Specify key invariants (e.g., escrow balance never exceeds total deposits)
|
|
- [ ] Use SMT solvers or formal verification tools
|
|
|
|
### 4. External Audit
|
|
- [ ] Engage a reputable audit firm
|
|
- [ ] Provide full spec and threat model
|
|
- [ ] Address all audit findings before mainnet
|
|
|
|
## CI Integration
|
|
- Slither step added to `.github/workflows/contracts-ci.yml`
|
|
- Fuzz tests added in `contracts/test/fuzz/`
|
|
- Foundry config in `contracts/foundry.toml`
|
|
|
|
## Documentation
|
|
- Document all assumptions and invariants
|
|
- Maintain audit trail of fixes
|
|
- Update security policy post-audit
|
|
|
|
## Risk Until Complete
|
|
- **High**: Escrow and payment flows unaudited
|
|
- **Medium**: DAO governance unaudited
|
|
- **Medium**: Dynamic pricing logic unaudited
|
|
|
|
## Next Steps
|
|
1. Run CI and review Slither findings
|
|
2. Add more invariant tests
|
|
3. Schedule external audit
|