Total Cardano noob here, focus mainly on application security but am trying to transfer those skills over to some projects on the blockchain. I have recently been doing some research into smart contracts and the way bugs/logic errors can obviously lead to exploitation.
With the pending release of Cardano smart contracts, are there pre-established best practices to follow? Are there companies/consultants ready to audit?
I know that there is already a fairly well-established ecosystem around ethereum smart contracts when it comes to 3rd parties companies, bug bounties, and tooling. I am curious as to if that ecosystem will naturally bleed over into the Cardano space, if it already exists as a part of the launch, or if we are entering mostly uncharted territories that will be pathed as we go?
I remember that March’s Cardano 360 had an interview with someone from a company called Runtime Verification that uses formal methods and a semantic framework DSL for verification/audits. There have also been a couple of proposals on Cardano IdeaScale related to auditing.
I will have to go back and rewatch some of the Cardano 360 event and see specifically where that is mentioned, thank you!
I think it is a really interesting domain to explore. I am looking for some way to get involved in the community, and security is truly one of my passions so it seems this may be a good place to potentially start.
It looks like it’s about 26 minutes into the video: Cardano360 - March 2021 - YouTube.
I’m interested in smart-contract auditing, too, and would appreciate links to useful resources.
Thank you! And I will shoot you a PM, would love to bounce some ideas around if you are interested