Introduction

The primary aim of the OWASP Smart Contract Security Verification Standard (SCSVS) Project is to provide an open security standard for designing, building, and testing secure smart contracts.

The standard offers guidelines that address the specific security risks and concerns related to smart contracts, decentralized applications (dApps) and EVM-based blockchain systems, focusing on the core principles of security in smart contract development.

Initial Draft Version - 0.0.1

The latest stable version is version 0.0.1 (dated September 2024), which can be found:

• OWASP Smart Contract Security Verification Standard 0.0.1 English (PDF)

The master branch of this repository will always be the “bleeding edge version,” which may have in-progress changes or other edits open.

We gratefully recognize the organizations that have supported the project either through significant time provision or financially on our “Supporters” page!

Standard Objectives

The requirements were developed with the following objectives in mind:

1. Develop and Refine Security Guidelines: Consolidate general security practices into a comprehensive set of guidelines for smart contract developers and security professionals.
2. Address Unique Security Challenges of Smart Contracts: Focus specifically on vulnerabilities, such as reentrancy, overflows/underflows, gas optimization, and economic attacks.
3. Guide Development Teams in Secure Practices: Provide detailed guidance to developers for implementing secure coding practices in smart contract development.
4. Assist Security Teams in Audits and Penetration Testing: Offer methodologies for effective smart contract audits and penetration testing, including blockchain data integrity, access control, and business logic.
5. Establish and Update Security Benchmarks: Create and regularly update security benchmarks to reflect the evolving nature of blockchain ecosystems and smart contract security.
6. Promote Best Practices in Smart Contract Security: Encourage the adoption of best practices, such as defensive coding, formal verification, and test-driven development, to secure smart contract environments.
7. Align Security Expectations Among Stakeholders: Establish a common understanding of security expectations for developers, auditors, blockchain platforms, and decentralized finance (DeFi) users.