CIP proposal: Cardano audit best practice guidelines

This topic is to discuss this draft of Cardano audit best practice guidelines.

These guidelines are the result of a process of discussion between IOG staff, and members of the audit and academic communities, over a series of online meetings in February and March 2022. Audit organisations involved include Tweag, WellTyped, Certik, Runtime Verification, BT Block, MLabs, Quviq and Hachi/Meld, all of which supported the guidelines outlined here.

These guidelines describe the audit process in general before setting out for DApp developers what information they will need to supply to auditors as part of the process. These are guidelines rather than requirements, and different auditors may engage differently, providing complementary services. The guidelines aim to establish a common baseline, including alternative ways of satisfying high-level requirements.