Recently apx. 80% of smart contracts are deployed without external audit. It's because asking audit agencies or asking for bug bounty takes a lot of time and cost. Hence creating a dev tool to integrate smart contract audit into developement process is necessary for several reasons:
Early Detection of Vulnerabilities: By integrating secure smart contract analysis tools into CI/CD pipelines, developers can detect vulnerabilities early in the development process. This allows for timely remediation and prevents potential security issues from making their way into production environments.
Ensuring Code Quality: Secure smart contract analysis tools help ensure code quality by identifying coding errors, security flaws, and best practice violations. This ensures that smart contracts are developed to the highest standards and comply with industry best practices.
Reducing Security Risks: Smart contracts often deal with valuable assets and sensitive transactions. Integrating security analysis tools helps reduce security risks by identifying and addressing vulnerabilities that could lead to exploits, hacks, or financial losses.
Compliance Requirements: Many industries and regulatory frameworks require adherence to specific security standards and guidelines. By integrating secure smart contract analysis tools into CI/CD pipelines, developers can ensure compliance with relevant security standards and regulations.
Streamlining Development Workflow: Integrating secure smart contract analysis tools into the CI/CD process streamlines the development workflow by automating security checks. This reduces the burden on developers and later on the smart contract auditors to ensure that security is built into the development process from the outset. Demonstrating a commitment to security and robustness enhances trust and reputation among users, investors, and stakeholders.
First and foremost hurdle to tackle was to find a team to work on the project. Once that was resolved, we had to learn to use the Github SDK in all it's glory, how to create github actions, how to listen to webhook events on a webserver, how to add github app to users repo and authorize/install users repo into our project's app account so that we could act on user's behalf. Additionally, for some of us we had to learn overnight how to create server side rendered websites in vanilla JS without a framework as well as understand how to spin up a vectorDB to store document embeddings and load them for prompt engineering.
But, we were able to put our heads together and get over all the hurdles coz team work makes the dream work!!
Tracks Applied (7)
Base
NEAR
NEAR
NEAR
Polkadot
Polkadot
Cheering for a project means supporting a project you like with as little as 0.0025 ETH. Right now, you can Cheer using ETH on Arbitrum, Optimism and Base.
Discussion