ZONA PROTOCOL
  • Welcome to Zona
  • What is ZONA?
  • Core Concepts
  • Network Architecture
  • Getting Started
    • ◼️Setting Up Wallets
    • ◼️Connecting to Testnet
    • ◼️Faucet Access
    • ◼️ZONA RPC & Chain Info
  • Smart Contract Development
    • ◻️EVM Compatibility Overview
    • ◻️Writing Contracts (Solidity)
    • ◻️Deploying to ZONA with Hardhat
    • ◻️Using Remix on ZONA
    • Advanced Topics
  • ◼️Gas Optimization on ZONA
  • ◼️Custom Modules with ZONA SDK
  • ◼️Security & Auditing Guidelines
Powered by GitBook
On this page

Security & Auditing Guidelines

Building on ZONA means having access to powerful tools from fast EVM execution to modular SDK-level control. However, with great power comes great responsibility: security must be a top priority in every deployment.

This section outlines best practices, audit preparation tips, and key threat vectors to watch out for when developing on ZONA Protocol.

✅ General Best Practices

1. Use Battle-Tested Libraries

  • Prefer audited libraries like OpenZeppelin for ERC standards, access control, math, and token logic.

  • For SDK modules, reuse ZONA/ZONA standard patterns where possible.

2. Follow the Principle of Least Privilege

  • Restrict access to sensitive functions using onlyOwner, onlyRole, or validator checks.

  • Avoid unnecessary public or external modifiers on internal logic.

3. Limit delegatecall and call Usage

  • Avoid low-level calls unless absolutely required these are common vectors for reentrancy and external dependency exploits.

4. Ensure Upgrade Safety

  • If using proxies or upgradable contracts, implement transparent proxy patterns.

  • Lock admin functions or upgradeability once live on mainnet.

🔍 Smart Contract Audit Checklist

Before deploying to ZONA Testnet or Mainnet, ensure the following:

🔐 Common Vulnerabilities to Avoid

Issue
Risk Example
Prevention

Reentrancy

Token drains via recursive fallback

Use nonReentrant modifier

Access Control Flaws

Unrestricted admin/mint/transfer functions

Use Ownable / AccessControl

Integer Overflows

Incorrect token math

Use Solidity ^0.8.x versions

Gas Griefing

Unbounded loops in user-facing calls

Limit iteration or cache state

Timestamp Dependency

Time manipulation via block.timestamp

Use block height instead where possible

🛡️ SDK Module Security (Advanced)

If building native modules using ZONA SDK:

  • Validate all message inputs in MsgServer

  • Always define ValidateBasic() for message types

  • Use parameter stores (ParamStore) for upgradable config

  • Protect cross-module communication (e.g., between bank, staking, evm)

  • Implement tests for every transaction and handler path

📄 Recommended Tools

  • Test Coverage: Hardhat Coverage Plugin

  • Formal Verification: Certora (for large-scale protocols)

  • Audit Partners: Contact certified firms for full ZONA/EVM support audits

📝 Audit Readiness

When preparing for a third-party audit:

  • Freeze all core logic before the audit begins

  • Provide complete test coverage and deployment scripts

  • Include full documentation and assumptions for your system

  • Disclose prior vulnerabilities or known limitations

🚨 Security is not a one-time effort it’s a continuous process. Audit early. Test often. Launch safely.

PreviousCustom Modules with ZONA SDK

Last updated 14 days ago

Static Analysis: , , Securify

◼️
Slither
MythX