secure-workflow-guide

# Secure Workflow Guide ## Purpose Guides through Trail of Bits' secure development workflow - a 5-step process to enhance smart contract security throughout development. **Use this**: On every check-in, before deployment, or when you want a security review --- ## The 5-Step Workflow Covers a security workflow including: ### Step 1: Check for Known Security Issues Run Slither with 70+ built-in detectors to find common vulnerabilities: - Parse findings by severity - Explain each issue with file references - Recommend fixes - Help triage false positives **Goal**: Clean Slither report or documented triages ### Step 2: Check Special Features Detect and validate applicable features: - **Upgradeability**: slither-check-upgradeability (17 upgrade risks) - **ERC conformance**: slither-check-erc (6 common specs) - **Token integration**: Recommend token-integration-analyzer skill - **Security properties**: slither-prop for ERC20 **Note**: Only runs checks that apply to your codebase ### Step 3: Visual Security Inspection Generate 3 security diagrams: - **Inheritance graph**: Identify shadowing and C3 linearization issues - **Function summary**: Show visibility and access controls - **Variables and authorization**: Map who can write to state variables Review each diagram for security concerns ### Step 4: Document Security Properties Help document critical security properties: - State machine transitions and invariants - Access control requirements - Arithmetic constraints a...