{"version":1,"pages":[{"id":"Y3mbIfOOowHBpxWAq3Io","title":"The Complete Guide to Securing Web3 Projects","pathname":"/","siteSpaceId":"sitesp_ofj0Z","emoji":"1f510","description":""},{"id":"A8OZLELooegH9f2x25Hg","title":"Design","pathname":"/design","siteSpaceId":"sitesp_ofj0Z","description":""},{"id":"mB3zR4Yib3tSXKIRKdtj","title":"Design a Gradual Path Towards Immutability","pathname":"/design/gradual-immutability-path","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Design"}]},{"id":"Q1fYnfsVg2opBUgaV6q0","title":"Core/Periphery Design Pattern for Immutable Protocols","pathname":"/design/core-periphery-design","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Design"}]},{"id":"A1aVVOdEdYnm2gSyyvTf","title":"Actor-Based Threat Modeling","pathname":"/design/actor-based-threat-modeling","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Design"}]},{"id":"pgiQDxiiomcFRV3DiFo7","title":"Principle of Least Privilege","pathname":"/design/least-privilege","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Design"}]},{"id":"MP1pYxwbPeWCR6h1wnzm","title":"Implement a Role-Based Access Control (RBAC) Model","pathname":"/design/rbac","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Design"}]},{"id":"LpfD81yKCAgTYs5XFtit","title":"Design for Funds Isolation","pathname":"/design/funds-isolation","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Design"}]},{"id":"CDOvyEfAYtZC2ZDgDcBf","title":"Implement Circuit Breakers","pathname":"/design/circuit-breakers","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Design"}]},{"id":"gHEsV1k0EfpVW3CTQ9uX","title":"Global Registry for Project Deployed Smart Contracts","pathname":"/design/global-registry","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Design"}]},{"id":"rlNY1ISb1H5nYHTcOIB7","title":"Coding","pathname":"/coding","siteSpaceId":"sitesp_ofj0Z"},{"id":"LQ6OQZvRM11aKGqRW80U","title":"Code Conservatism: Less is More","pathname":"/coding/code-conservatism","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"4a11UukeJIjmYKS18vlr","title":"Use a Spell Checker","pathname":"/coding/use-spell-checker","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"g2C03l24IZGB178m0Q0L","title":"Use an Up-To-Date Compiler Version","pathname":"/coding/use-up-to-date-compiler-version","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"LiSRpTvNNPKpNAOc39J7","title":"Security-Driven Development","pathname":"/coding/security-driven-development","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"ShCSIcy4xeMGCHwP9HEP","title":"Define a Security-Oriented CI Environment","pathname":"/coding/security-oriented-ci","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"JvKEJNeDfsKwj9PoQb9W","title":"Prefer Unstructured Storage for Upgradeable Contracts","pathname":"/coding/unstructured-storage","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"vKWljUOR3MiGCaPKOiPk","title":"Avoid Vendoring Dependencies","pathname":"/coding/avoid-vendoring","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"6LLHudfxw0OVWudDkT4s","title":"Use a Plugin for Safe Upgrades","pathname":"/coding/plugin-for-safe-upgrades","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"xsZ4mUifDqFWGzsfEOAE","title":"Use Reentrancy Guards","pathname":"/coding/reentrancy-guards","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"kx7RZ8vXzvNs5NK4B3J9","title":"Revert/Return Early","pathname":"/coding/revert-return-early","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"GVfyMNvqXOlaFoCIczMM","title":"Revert vs Return","pathname":"/coding/revert-vs-return","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"L6Gp7a21Y8aIpdRLtDYO","title":"Avoid Unlimited ERC-20 Approvals","pathname":"/coding/avoid-unlimited-erc20-approvals","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"rgW9HGhczfHodvi4FOCO","title":"Use the Safe ERC-20 Library","pathname":"/coding/safe-erc20-library","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"aFwaTcOl5K75WZW94OEA","title":"Beware of \"NFT Front Running\" in ERC-721 Tokenization","pathname":"/coding/nft-front-running","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"LhiQ7JnDOUCeXuCYjvUH","title":"Rounding in Favor of the Protocol with Integer Division in Solidity","pathname":"/coding/round-in-favor-of-protocol","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"86BInTqq5qhzoBsI3yHt","title":"Use the SafeCast Library","pathname":"/coding/safe-cast-library","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"MAlJFvo1ZPDPG5GweFf3","title":"Use Cryptographic Libraries","pathname":"/coding/use-cryptographic-libs","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"868BxS37AJvpVriD5srb","title":"Consider Non-Sequential Nonces for Digital Signatures","pathname":"/coding/non-sequential-nonces","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"3fngoMSjsuIhUD5MyBua","title":"Prefer to Avoid Low-Level Calls","pathname":"/coding/avoid-low-level-calls","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"jhZ1pBI7yyR3JZXKsmZ4","title":"Use abi.encodeCall for Low Level Calls","pathname":"/coding/abi-encode-call","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"KUsOeIPm81rZzBLz9CEy","title":"Careful Vetting of Unchecked Blocks","pathname":"/coding/careful-vetting-of-unchecked-blocks","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"JiQL7BWWss9TnoMB34LA","title":"Avoid Arbitrary Low-Level External Calls","pathname":"/coding/avoid-arbitrary-external-calls","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"Nt4DDso1hXAFOI3PeoNW","title":"Follow the EIP-712 Standard for Digital Signatures","pathname":"/coding/adhere-to-eip-712","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"coA9FkOWIUiTHKJQRDUB","title":"Vetting Process for External Tokens","pathname":"/coding/vetting-process-for-external-tokens","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"SayJf4kmZiKilZGKHHYK","title":"Ensure Code Dependencies Are Secured","pathname":"/coding/code-dependencies-security","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Coding"}]},{"id":"esZyqpHbURH2ku8gLWXT","title":"Testing","pathname":"/testing","siteSpaceId":"sitesp_ofj0Z"},{"id":"Ql9mbRGrhmVcwoltRI6p","title":"Develop Comprehensive Unit Tests","pathname":"/testing/unit-tests","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Testing"}]},{"id":"JmZrgHkeHl67VPvE7qKc","title":"Develop Comprehensive Integration Tests","pathname":"/testing/integration-tests","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Testing"}]},{"id":"tLl5u7JygTvEvvz8vF0N","title":"Develop Comprehensive Fuzzing Tests","pathname":"/testing/fuzzing-tests","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Testing"}]},{"id":"2RzlihPlAYtIaA7NxFnv","title":"Develop Comprehensive Fork Tests","pathname":"/testing/fork-tests","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Testing"}]},{"id":"uL0nZv94YCZyYW0gPdVT","title":"Track and Optimize Test Coverage","pathname":"/testing/optimize-test-coverage","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Testing"}]},{"id":"m2DK6yhqvRtM6X0NL9n9","title":"Conduct End-to-End Testing on Testnet","pathname":"/testing/e2e-tests-testnet","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Testing"}]},{"id":"fUCjnEPx1XfanK3yKIeT","title":"Pre-Deployment","pathname":"/pre-deployment","siteSpaceId":"sitesp_ofj0Z"},{"id":"ir85rpNG2DtJVfNHIpza","title":"How to Decide What Type of Security Review Your Project Needs","pathname":"/pre-deployment/types-of-security-reviews","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Pre-Deployment"}]},{"id":"djACBiryEEJPyvdcD8hM","title":"Key Considerations for Setting the Mainnet Deployment Date","pathname":"/pre-deployment/setting-the-mainnet-deployment-date","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Pre-Deployment"}]},{"id":"MaThBUM3cx86G0pYwLiM","title":"Conduct an Internal Security Review","pathname":"/pre-deployment/internal-security-reviews","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Pre-Deployment"}]},{"id":"mTlpFWoiq93JAR2cuQVh","title":"The Importance of Code Freeze Before an External Security Review","pathname":"/pre-deployment/importance-of-code-freeze-before-an-external-review","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Pre-Deployment"}]},{"id":"Oj7MRpJQM2dufVKOdV6Y","title":"Conduct an External Security Review (a.k.a. Audit)","pathname":"/pre-deployment/external-security-reviews","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Pre-Deployment"}]},{"id":"kZ1t0tSTm50Vd1SUDT4X","title":"Implement Robust Monitoring Security Rules","pathname":"/pre-deployment/monitoring-security-rules","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Pre-Deployment"}]},{"id":"ASybs2uETfcYCxfrZo0B","title":"Leverage Security Reviews to Define Tailor-Made Monitoring Rules","pathname":"/pre-deployment/tailor-made-security-rules","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Pre-Deployment"}]},{"id":"UrUOMi7uoJPqxW2L7WCY","title":"Configuration Risk Assessment for DeFi Protocols","pathname":"/pre-deployment/configuration-risk-management","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Pre-Deployment"}]},{"id":"ZbI5UCs1I6WmCeeOrnfp","title":"Conduct an External Web2 Security Review","pathname":"/pre-deployment/web2-security-reviews","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Pre-Deployment"}]},{"id":"uz3LF4cmEMsDUr3wNRmI","title":"Protect Against DNS Poisoning","pathname":"/pre-deployment/dns-poisioning","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Pre-Deployment"}]},{"id":"z2UecRfElUVcr6H4XL82","title":"Conduct a Solvency Assurance Audit","pathname":"/pre-deployment/solvency-audit","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Pre-Deployment"}]},{"id":"iZlP1COdLHNMKEqZUxjk","title":"Establish a Contingency Plan","pathname":"/pre-deployment/establish-contingency-plan","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Pre-Deployment"}]},{"id":"G6XA0TGFD8YYRnVekpX8","title":"Deployment","pathname":"/deployment","siteSpaceId":"sitesp_ofj0Z"},{"id":"HRHx6rDefAjkXhPMLagQ","title":"Adopt a “Soft Launch” Strategy","pathname":"/deployment/soft-launch","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Deployment"}]},{"id":"WYwLatRbCeT13JpBlKPE","title":"Never Deploy Code That Was Not Reviewed Externally","pathname":"/deployment/never-deploy-without-review","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Deployment"}]},{"id":"SrXPRQrP7imnpPdpn2Zw","title":"Verify Your Deployed Contracts","pathname":"/deployment/post-deployment-verification","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Deployment"}]},{"id":"MOE4wNDAA5nEBVa8Bz2c","title":"Launch a Bug Bounty Program","pathname":"/deployment/bug-bounty","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Deployment"}]},{"id":"qyxRoPQdjnakOBdu7GYP","title":"Ongoing Upgrades","pathname":"/ongoing-upgrades","siteSpaceId":"sitesp_ofj0Z"},{"id":"CZ9NcjWlgCGL7kZYFzbD","title":"Handling Communications Before a Smart Contract Upgrade","pathname":"/ongoing-upgrades/handling-comms-upgrade","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Upgrades"}]},{"id":"h0uZMfo1Vba31IH2JRUM","title":"Ensure Changes Are Backwards Compatible","pathname":"/ongoing-upgrades/upgrade-backwards-compatibillity","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Upgrades"}]},{"id":"h7rMlMKYvWNHKePPRYra","title":"Use Existing Unit Tests to Prevent Regression Bugs","pathname":"/ongoing-upgrades/prevent-regression-bugs","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Upgrades"}]},{"id":"NtlZ1WXLVzuJrNxpU6pO","title":"Handling State Migration in a Secure Way","pathname":"/ongoing-upgrades/handling-migrations","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Upgrades"}]},{"id":"VDpmAwgo155JeP2cmCYB","title":"Key Considerations for the Security Review of Upgrades","pathname":"/ongoing-upgrades/key-considerations-upgrade-reviews","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Upgrades"}]},{"id":"pS06d9sedipEpDnAkyIT","title":"Ongoing Operations","pathname":"/ongoing-operations","siteSpaceId":"sitesp_ofj0Z"},{"id":"h8ctWOgv3J5ztyMWVfsX","title":"Establish a Head of Security Role","pathname":"/ongoing-operations/head-of-security","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"ihzvx0ZfhqwHPcBHIXEm","title":"Establish a Security Council","pathname":"/ongoing-operations/security-council","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"Uj5jxl7BwtZ3pANXg0eh","title":"Managing Privileged Accounts Securely","pathname":"/ongoing-operations/securing-privileged-accounts","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"CniPcx51PeHqntG10pJv","title":"Add Regression Tests After Fixing Vulnerabilities","pathname":"/ongoing-operations/regression-tests-for-vulns","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"9jBEkMyI0siUWmu0byIW","title":"Conduct a Web3SOC-Style Review","pathname":"/ongoing-operations/web3soc-review","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"wkjBFCx6afUixMU3PtF3","title":"Secure Your Treasury","pathname":"/ongoing-operations/secured-treasury","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"mQMhIx1JmDgnPAPuHrsT","title":"Securing DAOs and DAO Voting","pathname":"/ongoing-operations/securing-daos","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"vcYZb34qHZ6Xhy97j9hk","title":"Background Checks and Personnel Security for Web3 Projects","pathname":"/ongoing-operations/personnel-security","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"eTgq9HI4riCmAKVGpbHa","title":"Protect Against Social Media Takeovers (Twitter, Discord)","pathname":"/ongoing-operations/social-media-takeovers","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"CI91vFIvNYQmPK4iFTHx","title":"Protect Against Phishing Attacks","pathname":"/ongoing-operations/phishing-attacks","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"A9uuwsZ3n2ByanbIWJAl","title":"Protect Against Denial-of-Service (DoS/DDoS) Attacks","pathname":"/ongoing-operations/denial-of-service","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"Zw8KqroAvIxiGDOMFk1I","title":"Protect Against SIM Swapping","pathname":"/ongoing-operations/sim-swapping","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"eXLAjAzFH88ymTSTz5wG","title":"Protect Against Credential Stuffing and Account Takeovers","pathname":"/ongoing-operations/credential-stuffing","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"yCtAzH6trGsQsqu4xtGK","title":"Periodically Revoke Permissions to Critical Assets","pathname":"/ongoing-operations/periodic-permissions-revocation","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Ongoing Operations"}]},{"id":"pUgLJc49OR0kwNcVB7fb","title":"Emergency Response","pathname":"/emergency-response","siteSpaceId":"sitesp_ofj0Z"},{"id":"Zku6vOa2UfPHeMKOWEl6","title":"Handling a Security Incident","pathname":"/emergency-response/handling-security-incident","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Emergency Response"}]},{"id":"A1yu1rnPYFkU6FRLCoUw","title":"Post-Incident Actions","pathname":"/emergency-response/post-incident-actions","siteSpaceId":"sitesp_ofj0Z","description":"","breadcrumbs":[{"label":"Emergency Response"}]}]}