We want to communicate crypto product security to end-users.
What it does
Wayback shows a list of events recorded by product developers in the past that showcase important deveopment milestones. Some of the records can be signed by third-parties (like auditors, or DAOs). Records have names and optional metadata.
Records can include:
- Deployment to testnet/mainnet
- Preliminary audit
- Audit for mainnet deployment
- Start of a bounty program
- Pay out by a bounty program
- Incident occurrence
- Incident response
The developer is the only manager of the records so there is no risk in getting something unwanted added to the track, only an opportunity to show to the end-user a good timely process.
Other incentives include:
- Supply of metadata to determine a level of trust for a contract
- Allow investigation of the quality process used in the contract development
- Determine the reputation of auditors and developers
- Incentivize developers to think about security early
How we built it
Since communication of a good development process is the cornerstone for our project, we focused on using such process in the development of Wayback itself.
We used a community project we worked on before (SecurEth Guidelines) to set up clear development milestones and build as much documentation as possible that can be recorded as metadata on milestone completions.
Check out the docs we made:
- 01 - System Description Document
- 02 - Architecture
- 03 - Development Plan
- 04 - Preliminary Audit Meeting Notes
- 05 - Software Requirements
- 06 - Audit Prep Report
Challenges we ran into
- Front-end proved to be more difficult than expected.
- Drizzle turned out to be difficult to set up.
- Pulling up past events in Drizzle was not trivial and had no examples or docs.
- Metamask kept crashing when used by Drizzle.
requirestatements proved to be difficult
Accomplishments that we're proud of:
- We got positive feedback for our docs from both devs and auditors!
- We made tests! Full functional coverage and best we could do for the branch coverage: https://github.com/SecurEth/Wayback/blob/master/test/TestWayback.js
What we learned
- There is not much metadata that comes with a smart contract and it is valuable
- There is a real need to structure and simplify the documentation process
- Audits are done a lot faster with proper documentation
What's next for Wayback
We want to finish Wayback in the same spirit:
- Make exemplary documentation while researching best practices
- Deploy it to mainnet and make available for integrations
- Come up with a set of documentation templates and share with community