Bando Docs
Launch AppLearn More
  • Bando for Developers
    • The On-chain Spending Protocol
    • Quickstart
    • Glossary
    • Use Cases
    • Protocol Architecture
      • Payment Reference Validation
      • Order Request
      • Order Fulfillment
      • Refunds
  • Spending Widget
    • Widget Quick Start
    • Installation
    • Configuration
    • Customization
    • Localization
    • Wallet Management
    • Framework Integration
      • Next.js
      • Svelte
  • Fulfiller API
    • Get Started with the API
    • Authentication
    • Guides
      • Get Available Products
      • Get a Payment Reference
      • Validate a payment reference
      • Get a Quote
      • Get Available Tokens for a Chain
    • API Reference
  • EVM Smart Contracts
    • EVM Smart Contracts | Architecture
    • Contracts
      • Core
        • BandoERC20Fulfillable
        • BandoFulfillmentManager
        • BandoFulfillable
        • BandoRouter
        • FulfillmentTypes
      • Libraries
        • FulfillmentRequestLib
        • SwapLib
      • Periphery
        • ERC20TokenRegistry
        • FulfillableRegistry
      • Proxy
        • Upgradeability
    • Security
      • Access Control
      • Security Considerations
      • Rekt Test
      • Audits
    • Code
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. EVM Smart Contracts
  2. Security

Rekt Test

How does the Bando Fulfillment Protocol scores on the "Rekt Test"?

PreviousSecurity ConsiderationsNextAudits

Last updated 6 months ago

Was this helpful?

What is this "Rekt Test" you may ask? It's a simple 12-question test to self-assess the security of digital asset protocols written by .

  1. Do you have all actors, roles, and privileges documented? Yes. Find them in the contracts page.

  2. Do you keep documentation of all the external services, contracts, and oracles you rely on? Yes. Look at the repo.

  3. Do you have a written and tested incident response plan? Yes. Internally alongside all of our standard operating procedures.

  4. Do you document the best ways to attack your system? Yes. Find them in the Security Considerationspage.

  5. Do you perform identity verification and background checks on all employees? Yes. We are a small company. Our few employees are known associates with checked bgs.

  6. Do you have a team member with security defined in their role? Our CTO and Principal Engineer have security first in their job description.

  7. Do you require hardware security keys for production systems? Yes.

  8. Does your key management system require multiple humans and physical steps? Yes.

  9. Do you define key invariants for your system and test them on every commit? Yes. Find them in

  10. Do you use the best automated tools to discover security issues in your code? Yes.

  11. Do you undergo external audits and maintain a vulnerability disclosure or bug bounty program? Yes.

  12. Have you considered and mitigated avenues for abusing users of your system? Yes.

Trail of Bits
http://github.com/bandohq/evm-fulfillment-protocol