Before deploying any smart contract on the BenFen mainnet, it is crucial to conduct strict internal and external security audits.
Core Security Review Items:
-
Follow Move Language Safety Paradigms: Fully leverage the resource-oriented model of Move. Ensure no assets get unintentionally locked or lost within contracts.
-
Code Clarity & Testing: Maintain clean, modular logic and write comprehensive unit tests for all public functions, especially those involving edge cases.
-
Strict Access Control: Limit access to sensitive functions (e.g., minting, burning, upgrading) to trusted roles such as the contract owner or DAO-controlled addresses.
-
Prevent Arithmetic Overflows: Always use safe math operations and enforce bounds on numeric inputs to avoid overflow/underflow errors.
-
Dependency Audit: Ensure that all external contracts or libraries your code depends on are audited, trustworthy, and secure.
-
Formal Verification Recommended: For contracts managing core asset logic, it is strongly advised to write formal specifications and validate them using Move Prover.
-
Third-Party Security Audit: Before mainnet deployment, submit your code to a reputable security audit firm (e.g., SlowMist, Certik) for a full review.