Audits & Development Process

Development Process

Here is a brief overview of our Lean Agile auditing practices for software development and testing.

Our developmental process is based on agile practices, which means we follow an iterative approach to project management and software development. This approach allows us to deliver value to our customers (you) in a timely and responsible manner, taking into account user safety and proper testing cycles. By using agile practices, we can continuously improve our products and services to meet the evolving needs of our community.

We (as a team) participate in several Agile practices such as:

  • Pair-Programming:
    • This is where two developers work together to solve an issue or design a solution for a problem.
  • Stand-ups:
    • Several times a week, all of the developers on our team come together and discuss what tasks we are currently working on, share relevant information that might help others with their tasks, and express any critical issues so that they can get help accordingly if needed.
  • Test-Driven Development:
    • We write things called "unit tests" for all of the products that we release. These unit tests allow us to ensure that we have written the code properly for all of the product specifications and give us a guideline to follow when performing beta testing. It also allows us to verify that our UI/UX is implemented correctly.

Here is a few examples of our Unit Tests:

it("Should expect the launchpad usdc balance to be 1M * 1e6", async () => {
console.log("launchpad usdc balance", await usdcToken.balanceOf(launchpad.address));
console.log("launchpad usdc balance formatted", formatUnits(await usdcToken.balanceOf(launchpad.address), "6"));
expect(await usdcToken.balanceOf(launchpad.address)).to.equal(times1e6(1_000_000));
it("Should expect 53 participants to have participated", async () => {
expect(await launchpad.getParticipantCount()).to.equal(53);

Independent Verification and Internal Auditing

To ensure the highest level of security for our community, we conduct independent verifications, audits, and reviews of the codebase before releasing anything to production. One of our lead engineers oversees the development of each smart contract or website upgrade, and all in-house developers conduct independent reviews of the contracts and changes to ensure there are no security risks or logic errors.

After receiving approval from all in-house developers, our project managers conduct a final review through a combination of code review and QA testing. Our QA testing includes testing for mobile devices and PC to ensure that the update meets our standards across all platforms. Once we confirm that everything is up to our standards, we initiate the update process and submit the contract changes to our multi-sig for further verification and approval.

We take the security of our user-facing and user-affected products and services seriously and have disaster recovery plans, backups, and mechanisms in place before any code ever reaches the blockchain. Although we have never had to use these mechanisms, they exist for all products and services in case we need to perform a rollback or recovery for any reason.

Here is the general development cycle for a feature that we release:

- Scope determination / Community Vetting with NDA'd personnel - Scope Elaboration into Requirements for the following areas: - Contract Requirements (detailed) - UI / UX Designs (Adobe XD) - Kick-off with Developers - Development (Testing at all stages) - Contract Development - Peer Reviewed - Script Testing for computational validity - Prototype dApp Testing to verify contract - dApp Development based on UI / UX designs - Backend Technical Requirements Developed based on program needs for performance - Backend / API Development - Analytics Development - Integration - Mobile Responsiveness - Community User Acceptance Testing - Release Documentation - Deployment

At Croswap, we prioritize quality over quantity, which is why our updates may take longer than some of our competitors in the scene. We take pride in developing our products properly and from scratch, using industry-standard protocols to ensure the highest level of security and reliability. If you have any questions or clarifications regarding our process, please don't hesitate to reach out to us.

3rd Party Audits

Given the extensive size of the codebase for Croswap and our use of the premier Solidity standard EIP-2535, we are faced with a predicament where third-party audits are currently not feasible due to their exceptionally high cost and limited benefits for our project. Our previous project, CronosNode, had 43 Solidity files that were part of our Certik audit that cost over $100,000. Croswap has over 9 times the number of files and the content in each file is much larger.

While audits provide valuable insights into the security and reliability of our products and services, it is important to note that they are not reflective of our ongoing development. Each time a facet is upgraded in our ecosystem, we would have to undergo the expensive and time-consuming process of re-auditing everything making the whole process inefficient. Instead, we follow industry-standard protocols and best practices to ensure the highest level of security and reliability for our community throughout the entire development lifecycle.

Click here to view the CronosNode Certik Audit.

Disclaimer: Social score is not current due to the merge of CronosNode into Croswap's ecosystem.