Content pfp
Content
@
0 reply
0 recast
2 reactions
six pfp
six
@six
How do you get over anxiety around deploying contracts that handle people's money while also not being able to get audited?
14 replies
20 recasts
60 reactions
alex pfp
alex
@proxystudio.eth
Having done this a few times this year (as a non dev): Don’t get over it, care about it Use every inch of forked, audited code you can Get smarter people to review the code if willing Learn as much as you can about solidity, familiarize yourself with the core functions & the mechanisms used, any dependencies & libraries Hopefully this process is fruitful and you accumulate more resources to audit Be lucky
3 replies
1 recast
13 reactions
SarveshⓂ️ pfp
SarveshⓂ️
@tokenstaker.eth
Anxiety is there even after audit lol
0 reply
0 recast
0 reaction
Sam (crazy candle person) ✦ pfp
Sam (crazy candle person) ✦
@samantha
Have a few friends look at it. Make sure everything is up to date and no public API keys etc, follow security best practices etc. Most attackers don’t exploit vulns unless there’s lots of money in a contract. There are bigger fish to fry than a contract with $100k. my day job is in devsec so feel free to msg if you need any help!
0 reply
0 recast
0 reaction
HH pfp
HH
@hamud
Putting a disclaimer as a popup on the frontend that it's an unaudited experimental release, no liability, etc etc
0 reply
0 recast
0 reaction
will pfp
will
@w
you never really do i think. even audits don't make it go away. still, there are things you can do to help at the margin: - keep the contracts as short and simple as possible - thorough testing, esp fuzzing - as many eyes as possible (informal peer reviews)
0 reply
0 recast
0 reaction
Matthew pfp
Matthew
@matthew
ask @briang
0 reply
0 recast
0 reaction
agrimony↑🎩 pfp
agrimony↑🎩
@agrimony.eth
Yeah I helped to design a sc which later found to have a vuln. Fortunately not exploitable (basically bricks people's funds but no one gains). Caught it early enough that funds lost was manageable But that was a good lesson to fuzz more
0 reply
0 recast
1 reaction
Deployer pfp
Deployer
@deployer
the #1 thing most important thing before deploying a mission critical contract is to write unit tests for every piece of code in the contract. if it interacts with live contracts i run fork tests against the actual chain. i also use the transparent proxy pattern in case there is an issue and an upgrade is required.
0 reply
0 recast
0 reaction
Maretus pfp
Maretus
@maretus
I think you’re about 90% ahead of the competition just asking this question lol.
0 reply
0 recast
0 reaction
Uncle HODL pfp
Uncle HODL
@unclehodl.eth
By simply not doing those 😭 Right @xcryptobro.eth 😏
0 reply
0 recast
0 reaction
Kuririn pfp
Kuririn
@kuririn
Write as many tests as possible and learn basics of security to be aware of different possible attacks.
0 reply
0 recast
0 reaction
sebayaki.eth pfp
sebayaki.eth
@if
I can't. We always do full unit test coverage + community audits + audits by security firms. This takes a lot of time and resources, but I can't just deploy contracts with anxiety.
0 reply
0 recast
0 reaction
Rex Pepple pfp
Rex Pepple
@pepplerex
It’s tough, but start small, test thoroughly, and get multiple eyes on it. Community feedback, open source contributions, and bounties can help reduce risks when audits aren't an option.
0 reply
0 recast
0 reaction
Valhalla 1 🎩 pfp
Valhalla 1 🎩
@valhalla1
One mistake and you could ruin life’s for several folks …
0 reply
0 recast
0 reaction