Smart Contract Security Verification Standard (SCSVSv2)

2 January 2022

Introduction

Damian Rusinek @drdr_zz ([email protected]) and Paweł Kuryłowicz @wh01s7 ([email protected]) released an updated version of their free Smart Contract Security Verification Standard: https://github.com/securing/SCSVS/tree/prerelease/SCSVSv2 .

What is a (security) verification standard?

It is a checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.

The list helps to avoid the majority of known security problems and vulnerabilities by providing guidance at every stage of the development cycle of the smart contracts (from designing to implementation).

Objectives

Help to develop high quality code of the smart contracts.
Help to mitigate known vulnerabilities by design.
Provide a checklist for security reviewers.
Provide a clear and reliable assessment -Security Health Factor- of how secure smart contracts are in the relation to the percentage of SCSVS coverage.

What is new in version 2?

Security, Composability and Transparency are fundamentals of the SCSVS. These values are achieved thanks to the engagement and cooperation of the #BlockSec community. The standard structure distinguishes 3 chapters, each operating in a slightly different area.

General - common and general security problems including, among others, design, upgrades, policies.
Components - contracts that make up the project, frequently used patterns with their typical security issues.
Integrations - components with which the project integrates, general recommendations and threats to frequently used smart contracts.