The first Develop module covers testing methods, testing productivity and tools. Our approach is thorough, covering different types of testing (unit testing, integration testing, etc.) as well as ways to define tests for a given smart contract based on different models (state machine models, equivalence classes of values, etc.).
The Codex has finally launched to a limited number of Beta users!
I truly appreciate all Beta participants who offered to take part in this journey and help us build out the Codex. What started as a set of Notion articles has grown into a standalone resource as demand from clients and friends alike led me to try and figure out a way to share this information more broadly. I hope that you find the resources helpful and look forward to receiving feedback about what is helpful and what is missing. Feel free to share your thoughts on Twitter or elsewhere.
Our goal? Create the most comprehensive and advanced guide to developing smart contracts and raise the bar on quality across the ecosystem.
Why?
Smart contract development is a unique professional challenge
Lawyers have long benefited from access to dedicated research portals (e.g., LexisNexis) to keep them up to date with the law and mitigate risk. Smart contract development carries as much risk or more and has a dazzling array of techniques, tools and concepts that need to be mastered. We want to reassure growing organizations that their teams have best practices instantly available. We also want to empower individual smart contract developers to compete in a level playing field.
Nobody talks about process
While documentation about smart contract tooling is readily available, the adoption of certain methods (e.g., fuzzing, formal verification) is limited as people don't know where to start or whether it will be worth the time investment. Knowing when and where to apply the tool is as useful as knowing how to apply it.
The number of resources is overwhelming
One of the greatest features of this ecosystem is the lack of dependence a single tool for any task. However, teams often don't have the time to evaluate all the different options before embarking on time sensitive activities. We think a consistent voice can be helpful in getting teams up to speed with new concepts or processes. We encourage, curate and explain the most popular options so benefits can be obtained more quickly.
Let's build this together
A given process is only as good as the number of times it has been applied and tested under stress. By creating a community that shares insights and best practices we can collectively become more efficient. Douglas Engelbart, a computing pioneer, postulated a while ago that organizations can enter into a powerful and compounding process of co-improvement when they share best practices and we want the Codex to be one of the vehicles for doing so.
The first Defend module covers security review approaches and security tools. Many ecosystem participants (users, DAOs and auditors) highlight challenges with the state of security in smart contract protocols. From the start, I've been wondering if there is a balanced development process that doesn't compromise speed or security. Over the years, the list of available security tools has only grown and so has the number of auditing firms (their availability, however, has not increased). Auditors have also pointed out that teams need to take ownership of their own security to make the most out of the auditing process.
While tools and security-minded individuals can be recruited, information about best-practice processes is still limited. My goal was to explore how a skilled team could execute a robust security review on their own code using freely available tools and diverse methods. During this process, I researched and documented both individual tools and techniques and compiled an extensive list of review techniques that help look at smart contracts from various insightful angles.
Other topics covered including preparation for security audits, the interplay between internal and external security reviews and others.
I recommend starting by reading How to Do a Security Review or How to Use the Codex.
The Codex has finally launched to a limited number of Beta users!
I truly appreciate all Beta participants who offered to take part in this journey and help us build out the Codex. What started as a set of Notion articles has grown into a standalone resource as demand from clients and friends alike led me to try and figure out a way to share this information more broadly. I hope that you find the resources helpful and look forward to receiving feedback about what is helpful and what is missing. Feel free to share your thoughts on Twitter or elsewhere.
Our goal? Create the most comprehensive and advanced guide to developing smart contracts and raise the bar on quality across the ecosystem.
Why?
Smart contract development is a unique professional challenge
Lawyers have long benefited from access to dedicated research portals (e.g., LexisNexis) to keep them up to date with the law and mitigate risk. Smart contract development carries as much risk or more and has a dazzling array of techniques, tools and concepts that need to be mastered. We want to reassure growing organizations that their teams have best practices instantly available. We also want to empower individual smart contract developers to compete in a level playing field.
Nobody talks about process
While documentation about smart contract tooling is readily available, the adoption of certain methods (e.g., fuzzing, formal verification) is limited as people don't know where to start or whether it will be worth the time investment. Knowing when and where to apply the tool is as useful as knowing how to apply it.
The number of resources is overwhelming
One of the greatest features of this ecosystem is the lack of dependence a single tool for any task. However, teams often don't have the time to evaluate all the different options before embarking on time sensitive activities. We think a consistent voice can be helpful in getting teams up to speed with new concepts or processes. We encourage, curate and explain the most popular options so benefits can be obtained more quickly.
Let's build this together
A given process is only as good as the number of times it has been applied and tested under stress. By creating a community that shares insights and best practices we can collectively become more efficient. Douglas Engelbart, a computing pioneer, postulated a while ago that organizations can enter into a powerful and compounding process of co-improvement when they share best practices and we want the Codex to be one of the vehicles for doing so.
The first Defend module covers security review approaches and security tools. Many ecosystem participants (users, DAOs and auditors) highlight challenges with the state of security in smart contract protocols. From the start, I've been wondering if there is a balanced development process that doesn't compromise speed or security. Over the years, the list of available security tools has only grown and so has the number of auditing firms (their availability, however, has not increased). Auditors have also pointed out that teams need to take ownership of their own security to make the most out of the auditing process.
While tools and security-minded individuals can be recruited, information about best-practice processes is still limited. My goal was to explore how a skilled team could execute a robust security review on their own code using freely available tools and diverse methods. During this process, I researched and documented both individual tools and techniques and compiled an extensive list of review techniques that help look at smart contracts from various insightful angles.
Other topics covered including preparation for security audits, the interplay between internal and external security reviews and others.
I recommend starting by reading How to Do a Security Review or How to Use the Codex.