Wayback

Inspiration

We want to communicate crypto product security to end-users.

What it does

Wayback shows a list of events recorded by product developers in the past that showcase important deveopment milestones. Some of the records can be signed by third-parties (like auditors, or DAOs). Records have names and optional metadata.

Records can include:

Deployment to testnet/mainnet
Preliminary audit
Audit for mainnet deployment
Start of a bounty program
Pay out by a bounty program
Incident occurrence
Incident response

The developer is the only manager of the records so there is no risk in getting something unwanted added to the track, only an opportunity to show to the end-user a good timely process.

Other incentives include:

Supply of metadata to determine a level of trust for a contract
Allow investigation of the quality process used in the contract development
Determine the reputation of auditors and developers
Incentivize developers to think about security early

How we built it

Since communication of a good development process is the cornerstone for our project, we focused on using such process in the development of Wayback itself.

We used a community project we worked on before (SecurEth Guidelines) to set up clear development milestones and build as much documentation as possible that can be recorded as metadata on milestone completions.

Check out the docs we made:

Challenges we ran into

Front-end proved to be more difficult than expected.
- Drizzle turned out to be difficult to set up.
- Pulling up past events in Drizzle was not trivial and had no examples or docs.
- Metamask kept crashing when used by Drizzle.
Solidity
- Testing require statements proved to be difficult

Accomplishments that we're proud of:

We got positive feedback for our docs from both devs and auditors!
We made tests! Full functional coverage and best we could do for the branch coverage: https://github.com/SecurEth/Wayback/blob/master/test/TestWayback.js