OWASP Smart Contract Security Verification Standard

OWASP Incubator
Creative Commons License

Introduction

The primary aim of the OWASP Smart Contract Security Verification Standard (SCSVS) Project is to provide an open security standard for designing, building, and testing secure smart contracts.

The standard offers guidelines that address the specific security risks and concerns related to smart contracts, decentralized applications (dApps) and EVM-based blockchain systems, focusing on the core principles of security in smart contract development.

Initial Draft Version - 0.0.1

The latest stable version is version 0.0.1 (dated September 2024), which can be found:

The master branch of this repository will always be the “bleeding edge version,” which may have in-progress changes or other edits open.

We gratefully recognize the organizations that have supported the project either through significant time provision or financially on our “Supporters” page!

Standard Objectives

The requirements were developed with the following objectives in mind:

  1. Develop and Refine Security Guidelines: Consolidate general security practices into a comprehensive set of guidelines for smart contract developers and security professionals.
  2. Address Unique Security Challenges of Smart Contracts: Focus specifically on vulnerabilities, such as reentrancy, overflows/underflows, gas optimization, and economic attacks.
  3. Guide Development Teams in Secure Practices: Provide detailed guidance to developers for implementing secure coding practices in smart contract development.
  4. Assist Security Teams in Audits and Penetration Testing: Offer methodologies for effective smart contract audits and penetration testing, including blockchain data integrity, access control, and business logic.
  5. Establish and Update Security Benchmarks: Create and regularly update security benchmarks to reflect the evolving nature of blockchain ecosystems and smart contract security.
  6. Promote Best Practices in Smart Contract Security: Encourage the adoption of best practices, such as defensive coding, formal verification, and test-driven development, to secure smart contract environments.
  7. Align Security Expectations Among Stakeholders: Establish a common understanding of security expectations for developers, auditors, blockchain platforms, and decentralized finance (DeFi) users.


Supporters

Major Supporters and Sponsors

This initiative would not have been possible without the support of our sponsors and the resources they have provided. We would like to express our gratitude to the following for their support.

CredShields

CredShields Logo SolidityScan Logo

The OWASP SCSVS project was initiated to share the knowledge gained from the CredShields Security Team’s research into Smart Contract security while developing SolidityScan.com, an AI-powered vulnerability scanner for Smart Contracts. We extend our gratitude to CredShields for their efforts in defining the initial requirements and founding this project.