Request Chainlink on-chain randomness following the diamond pattern (ERC-2535) for agile development.
- Allows to iterate development on-chain at low cost (including mainnet)
- Organise app logic into modules with a facet per feature where storage can be shared or unique to the module
A facet can have a specific proxy storage (eternal storage, another diamonds stockage, etc...). This will depend on the evolution of the dApp complexity throught development lifecycle.
An overview of the uses of each visibility layer is as follows:
folder | layer | contents | description | example |
---|---|---|---|---|
- | 'internal' interface |
custom error , enum , struct , event & preferably modifier |
parent of IXyz.sol |
IRandomnessWritableInternal.sol , IRandomnessReadableInternal.sol |
- | interface |
function prototypes | child of internal interfaces (e.g. IRandomnessWritable is IRandomnessWritableInternal ) |
IRandomnessFallback.sol , IRandomnessReadble.sol , IRandomnessWritable.sol |
fallback | external | any function visibility | set of functions, which are only used when a callback is made to the diamond (e.g. VRFConsumerBaseV2.fulfillRandomWords ). It can modify and/or read the state, which is why it can be nor in readable or writable only. |
RandomnessFallback.sol |
readable | external | external or public functions | set of functions that defines a module's getters | RandomnessReadable.sol |
writable | external & internal | any function visibility | set of functions that defines a module's core logic; internal function always declares as xyzWritableInternal.sol |
RandomnessInternalWritable.sol , RandomnessWritable.sol |
./ | storage | internal library functions, structs | library for accessing and modifying storage; useful when sharing access to storage between implementation contracts that will be deployed separately (such as in the "diamond" proxy architecture) | RandomnessStorage.sol |
TBD
TBD
- 2612: permit (off-chain approval)
- Code formatter & linter: prettier, solhint, husky, lint-staged & husky
- Foundry
- Solidity Patterns
- Solcurity Codes
- Secureum posts (101 & 101: Security Pitfalls & Best Practice)
- Smart Contract Security Verification Standard
- SWC
- Well refactored & commented code (NatSpec comment & PlantUML)
- Unit (TDD) & integration (BDD) tests (green)
- Paper code review (architecture & conception tests) - not required for this project
- Use auditing tools (internally)
- Secureum articles
- Formal verification testing: solidity smt & else
- Fuzz testing (echidna): (semi-)random inputs
- Static analysers (mythril, slither)
- Differential Testing
- MythX (report)
- Etc.. (rattle, etheno, surya…)
- invariant testing
- symbolic execution
- mutation testing