Contents
The Three Prompts of Spec Thinking
Bugs are rarely just coding errors. They're broken assumptions. This article introduces a minimalist framework for smart contract auditing.
What is a Smart Contract?
An asset management system, where actors interact to gain specific benefits through actions.
The Three Prompts
1. What is expected?
This establishes the intended behavior and functionality of the system.
2. What is allowed?
This explores the possible interactions and edge cases that the system permits.
3. What was assumed but never enforced?
This identifies implicit assumptions that might not be validated by the code.
Applying the Framework
Start with critical points in the codebase, especially where assets change ownership or permissions are modified.
Conclusion
By systematically questioning expectations, permissions, and assumptions, we can uncover vulnerabilities that might otherwise remain hidden.
Related Posts
Understanding Smart Contract Security
An in-depth exploration of common vulnerabilities in smart contracts and how to prevent them.