SCSVS-DEFI
Temporary Checklist
This checklist contains the SCSVS v0.0.1 verification levels (L1, L2 and L3) which we are currently reworking into "security testing profiles". The levels were assigned according to the SCSVS v1 ID that the test was previously covering and might differ in the upcoming version of the SCSTG and SCS Checklist.
For the upcoming of the SCSTG version we will progressively split the SCSTG tests into smaller tests, the so-called "atomic tests" and assign the new SCS profiles to their respective SCWE weaknesses.
| SCG ID |
VR ID |
TEST ID |
Control / SCSTG Test |
Checklist |
| SCSVS-DEFI-1 |
S10.1.G1 |
No Test ID |
Verify accuracy of gas estimation. |
- Is gas estimated accurately for cross-chain messages? |
|
|
|
|
- What measures are in place to validate gas estimates? |
|
|
|
|
- Can inaccuracies in gas estimation lead to message failures? |
| SCSVS-DEFI-1 |
S10.1.G2 |
No Test ID |
Verify enforcement of input data validation. |
- Is there validation on the size of the input data? |
|
|
|
|
- How does the system handle input data that exceeds the expected size? |
|
|
|
|
- Are there measures to revert or clean unused bits if data size is invalid? |
| SCSVS-DEFI-1 |
S10.1.G3 |
No Test ID |
Verify security of gas fee mechanisms. |
- Is there a risk of exploiting low gas fees to execute a high volume of transactions? |
|
|
|
|
- What measures are in place to mitigate potential attacks associated with low gas fees? |
|
|
|
|
- How does the system address issues related to transaction volume and gas costs? |
| SCSVS-DEFI-1 |
S10.1.G4 |
No Test ID |
Verify consistency in block production timing. |
- Is block production consistency ensured in the protocol? |
|
|
|
|
- How does the system handle potential inconsistencies in block production? |
|
|
|
|
- What measures are in place to address unexpected application behaviors due to block production variability? |
| SCSVS-DEFI-1 |
S10.1.G5 |
No Test ID |
Verify Slippage Protection |
- Does the protocol include slippage protection mechanisms for user transactions? Verify if users can set a minimum output amount. |
|
|
|
|
- How does the contract handle price manipulation risks from front-running attacks? |
|
|
|
|
- Are there any controls in place to prevent attackers from exploiting slippage to benefit from user transactions? |
| SCSVS-DEFI-1 |
S10.1.G6 |
No Test ID |
Verify Transaction Gas Limit |
- Is there a possibility of iterating over a huge array in a single transaction? Verify the gas usage and limits associated with such operations. |
|
|
|
|
- How does the contract handle scenarios where the gas limit might be exceeded due to large-scale operations? |
|
|
|
|
- Are there safeguards or limits in place to prevent transactions from exceeding the block gas limit? |