This document outlines security best practices and checklist items for Callora vault contracts to improve audit readiness and reviewer confidence.
- All privileged functions protected by onlyOwner / role-based access
- No public or external access to admin functions
- Ownership transfer tested and documented
- No integer overflow/underflow possible
- Solidity ^0.8.x overflow checks relied upon or SafeMath used where required
- For Soroban/Rust:
checked_add/checked_subused for all balance mutations -
overflow-checksenabled in both dev and release profiles
- Initializer protected against multiple calls
- Upgradeable patterns use initializer guards
- No unprotected re-init functions
-
initvalidates all input parameters (rejects negative values where appropriate)
- Emergency pause mechanism implemented
- Paused state blocks fund movement
- Pause/unpause flows tested
- Ownership transfer is two-step (optional but recommended)
- Ownership transfer emits events
- Renounce ownership reviewed and justified
- Checks-effects-interactions pattern followed
- Reentrancy protection where external calls exist
- No untrusted delegatecalls
- Token transfers use safe transfer patterns
- Deposit/withdraw invariants tested
- Vault balance accounting verified
- Funds cannot be locked permanently
- Minimum deposit requirements enforced
- Maximum deduction limits enforced
- Revenue pool transfers validated
- Batch operations respect individual limits
- All amounts validated to be > 0
- Address/parameter validation on all public functions
- Boundary conditions tested (max values, zero values)
- Error messages provide clear context for debugging
- All state changes emit appropriate events
- Event schema documented and indexed
- Critical operations (deposit, withdraw, deduct) logged with full context
- Unit tests cover all public functions
- Edge cases and boundary conditions tested
- Panic scenarios tested with
#[should_panic] - Integration tests for complete user flows
- Minimum 95% test coverage maintained
Before any mainnet deployment:
-
Engage an independent third-party security auditor
- Choose auditors with experience in Soroban/Stellar smart contracts
- Ensure auditor understands vault-specific risk patterns
-
Perform a full smart contract audit
- Review all contract code for security vulnerabilities
- Analyze upgrade patterns and migration paths
- Validate mathematical correctness of balance operations
-
Address all high and medium severity findings
- Create tracking system for audit findings
- Implement fixes for all H/M severity issues
- Document rationale for any low severity findings that won't be fixed
-
Publish audit report for transparency
- Make audit report publicly available
- Include summary of findings and remediation steps
- Provide evidence of test coverage and validation
- WASM compilation verified and reproducible
- Stellar network parameters validated (fees, limits)
- Cross-contract call security reviewed
- Storage patterns optimized and secure
- Fee structures reviewed for economic attacks
- Revenue pool distribution validated
- Maximum loss scenarios analyzed
- Slippage and market impact considered
- Deployment process documented and automated
- Key management procedures established
- Monitoring and alerting configured
- Incident response plan prepared
- Stellar Security Best Practices
- Soroban Documentation
- Smart Contract Weakness Classification Registry
Note: This checklist should be reviewed and updated regularly as new security patterns emerge and the codebase evolves.