Skip to content

SCSVS-CODE-1

S2.1 Development Policies

Control Objective

Establish and enforce secure coding standards and review processes to minimize vulnerabilities and ensure best practices are followed throughout the development lifecycle.

S2.1.A Secure Coding Standards

SCSVS VR ID Requirement L1 L2 L3 SWE
S2.1.A1 Ensure that developers do not use outdated compiler versions and adhere to the latest compiler recommendations. ✓ ✓
S2.1.A2 Verify that deprecated functions are not used in the code. ✓ ✓

S2.1.B Code Review Processes

SCSVS VR ID Requirement L1 L2 L3 SWE
S2.1.B1 Verify that all smart contract code changes are reviewed by at least two independent developers with expertise in smart contract security before merging to the main branch. ✓ ✓
S2.1.B2 Ensure that code reviews of smart contracts involve automated static analysis tools specifically designed for smart contracts, and that all flagged issues are addressed or documented prior to merging. ✓ ✓
S2.1.B3 Check that the code review process for smart contracts includes a thorough analysis for vulnerabilities such as reentrancy attacks, integer overflows, and improper access control. ✓ ✓
S2.1.B4 Verify that code reviews include adherence to smart contract development standards, such as the use of safe math libraries and secure design patterns. ✓ ✓
S2.1.B5 Ensure that code reviews incorporate a checklist of common smart contract vulnerabilities, and that each item on the list is addressed before code is approved. ✓ ✓