PQ Review Process Differences

Description of changes for Process Evolution

Versions

0.6 -- 15 October 2020

  1. Changed audit to review in the text of the process throughout (except where we are talking about an actual smart contract audit

  2. In "Summary of the Process" I removed question 2 in that says the GitHub matches the deployed code

  3. In "Summary of the Process" I changed the heading from Executing Code Verification to just Code

0.5 -- 7 August 2020

Added % Guidance to "Does the code match a tagged version on a code hosting platform (GitHub, GitLab, etc.)?"

Added % Guidelines to "Code coverage (Covers all the deployed lines of code, or explains misses) (%)" in Testing

Added % Guidelines to "Is it possible to trace requirements to the implementation in code (%)"

0.4 -- 24 July 2020

General rebalancing of the scoring weights

Added Summary of the Process section

Changed Deployed code to "Executing Code Verification"

Changed Requirements to Documentation

Scoring weight for the "deployed code address(s) readily available?" from 10 to 30 because it is fundamentally important

Scoring weight for the "Does the code match a tagged version on a code hosting platform (GitHub, GitLab, etc.)?" from 10 to 20

Scoring weight for the "Is development software repository healthy)?" from 20 to 10

Changed the heading of Requirements to Documentation for better clarity for the reader.

Deleted "Are the requirements available publicly? Question as it added little value.

Scoring weight for the "Are there sufficiently detailed comments for all functions within the deployed contract code?" from 5 to 10 because is important

Scoring weight for the "Code coverage", "Scripts and instructions to run the tests" and "Packaged with the deployed code" from 10 to 5 for balancing

Changed the weight of Audit from 50 to 70 for balancing

0.3 -- June 2020

"Is development software repository healthy?" of "Deployed Code" changed from Y/N to %. The AAVE code was developed in a private repository that the auditor cannot view. The public repository was created just to display the final code. This makes the public repository appear unhealthy. But as they have a valid reason and the auditor is comfortable a valid repository exists but cannot be seen we needed something better than a binary Y/N. So we changed to % and changed the explanation.

0.2 -- June 2020

This is the initial version used for the first three Audits