This document is meant to serve as a guide for auditors engaging in Spearbit audits. Note that client and project team will be used interchangeably. High level breakdown of the process: Spearbit megabrain - Frame 1(1) Roles Note: Information about promotions can be found here: https://github.com/spearbit/proposals/discussions/3

General suggestions Example rendered pdf. Avoid first/second person tenses. Avoid starting and using sentences such as "I think", "I agree", "he said", etc... Avoid using #. Make sure there aren't any #s written in the Issue description. The issue description should be detailed. Ideally, someone who is outside of the project and the security review team should be able to understand the issues, merely by reading the issue description. Group issues together, whenever that's relevant. For example, if a certain gas optimization is relevant throughout the codebase, keep it as a single issue. Avoid screenshots. Prefer text whenever possible, for example, for code snippets, specification, etc. Consider minimizing code examples for the most relevant parts. Use permalinks for links to a hosted git source code (to specific commit hashes). Avoid raw links, i.e, prefer NoDelegateCall.sol#L18 instead of https://github.com/Uniswap/v3-core/blob/62d65bf88c4fb23671104c28f5bcae566274cb15/contracts/NoDelegateCall.sol#L18.

When Title: The Blockchain Guardians: Safeguarding the Future of Ethereum Smart Contract Security Friday 7 JulyMax: 20 minutes 17:20 - 17:40 DRIVE CON COSAS: https://docs.google.com/presentation/d/1T6N3K57t6q1m1NYMztzWhpfO9u3mzd6W/edit?usp=sharing&ouid=103083562722676049066&rtpof=true&sd=true Topics

TLDR The Venus engineering team has approached Spearbit to review Isolated Pools, Staking gated yield boosting, a stable rate borrow replacing the comptroller with a diamond proxy and two other features yet to be decided. Based on the risk and complexity of this review as well as high demand for the reserachers with the specific skillset required to ensure a high quality coverage of the codebase, we proceed to offer a discounted quote for the amount of $664,125 for a review spanning 10,5 weeks (~2.5 months). Read Spearbit and the proposal below! Background The Venus engineering team demonstred a proactive commitment to security by approaching Spearbit with a request to perform an audit of their contracts.

TLDR The Venus engineering team has approached Spearbit to review Isolated Pools, Staking gated yield boosting, a stable rate borrow replacing the comptroller with a diamond proxy and two other features yet to be decided. This proposal is a cost efficient and lower coverage alternative to a full Spearbit engagement, where a reduced security team from Spearbit is hired on the Cantina application to review the target scope. The full cost for a Cantina Managed review, targeting the code in scope and lasting for 10,5 weeks (~2.5 months) amounts to a discounted rate of $422,625. Background This proposal is presented to the Venus community as an alternative to a full, high coverage Spearbit security review. The Venus engineering team has requested cmichel to be part of the engagement, who we shall bring onto the team as a Lead Security Reseracher.

Venue Convento do Beato do Beato 40, 1950-042 Lisboa, Portugal Shcedule

Contact @cbym from Speabit for more information. Actively looking for feedback. The information hereby filled by the project will serve as additional documentation to the security review. The information hereby filled by the project will serve as additional documentation to the security review. - About the bridge - Economic - Security Development Process - Attack Surface - Incident Response

SpearBit reports This is the Spearbit Template repository for security reviews. This one is the Report template for writing audit reports Create GitHub issues with the Finding template and use the appropriate severity labels (see below). Requirements needed to get started with the report template