# Scope [Back to Master Tracking Doc](https://hackmd.io/LOZjAsz-THelSD5lWqSVlw) The primary focus of this assessment is to review the code in the [specs-actors](https://github.com/filecoin-project/specs-actors) repository most pertinent to the function of Filecoin's builtin actors. This assessment is concerned with the business logic of the builtin actors. Outside of identifying issues in the implementation of actors' business logic, this review will attempt to: * Identify areas consuming user-supplied input * Ensure input is validated correctly, according to business logic * Ensure methods correctly handle the entire range of possible values for a type (ex, negative / nil values) * Ensure methods correctly handle all address protocols (BLS, SECP, ID, ACTOR) * Identify user roles and their associated permissions * Ensure methods only authorize users according to least-privelege principles * Assess overall error handling * Ensure that errors are thrown when business logic deems it appropriate * Ensure that thrown errors are not accompanied with state changes * Assess error handling in the context of the implicit messages sent to the Reward/Cron actors * Ensure that execution will not result in unhandled errors Outside of code review, this assessment has these foci: * Understand and document specs-actors business logic and low-level functions * Attempt to identify potential performance bottlenecks and suggest mitigations * Attempt to identify areas of high complexity and suggest simplifications * Assess the state of specs-actors unit testing, and suggest improvements * Ahead of planned scenario testing, suggest various scenarios that should be tested #### Files Review will center on Go files (`*.go`) within the [`/actors`](https://github.com/filecoin-project/specs-actors/tree/master/actors) directory. Of these files, this assessment is **not** concerned with: * Any non-go files * `*_test.go` files outside the [`/actors/builtin`](https://github.com/filecoin-project/specs-actors/tree/master/actors/builtin) directory * `cbor_gen.go` files anywhere in the specs-actors repository * Files in the [`/actors/puppet`](https://github.com/filecoin-project/specs-actors/tree/master/actors/puppet) directory Of these files, this assessment is **less** concerned with: * Files outside the [`/actors/builtin`](https://github.com/filecoin-project/specs-actors/tree/master/actors/builtin) directory #### Out of scope * Implementation of and usage of dependencies, including (but not limited to): * `filecoin-project/go-address` * `filecoin-project/go-amt-ipld` * `ipfs/go-hamt-ipld` * `filecoin-project/go-bitfield` * `ipfs/go-cid` * `ipfs/go-ipld-cbor` * `minio/blake2b-simd` * `minio/sha256-simd` * `multiformats/go-multihash` * `whyrusleeping/cbor-gen` * The Lotus client, including (but not limited to): * Implementation of runtime interface exposed to builtin actors * Storage Power Consensus implementation * Block/Epoch/Tipset processing * Message/signature verification * Networking components * PoRep / PoSt * Correctness of cryptoeconomic incentives and supporting implementation: * Parameters used for monetary policy, incentives, penalties, power accounting * Block/Epoch reward calculation and smoothing