Can good process save us from smart contract exploits?
If you're a smart contract developer, you dread the day when an exploit occurs…
While you cannot completely avoid mistakes, you can at least avoid making mistakes others have made and try to mitigate their impact.
One way to do this is to write down your process. Rari recently wrote down theirs and their GitHub checklist is easily one of the most useful pieces of advice about smart contract security.
When you have a process, every new idea, every tidbit of information your team comes across goes into the process.
Every new team member reads the process and can follow it. Every new governance contributor can read the process too and be asked to follow it.
Having a process won't prevent you from making mistakes or being prone to new kinds of vulnerabilities. In fact, following a process too rigidly can be a trap of its own. But with a good process, at least you won't make the same mistake twice.