Rekt Test

What is this "Rekt Test" you may ask? It's a simple 12-question test to self-assess the security of digital asset protocols written by Trail of Bits.

1. Do you have all actors, roles, and privileges documented? Yes. Find them in the contracts Overview page.

2. Do you keep documentation of all the external services, contracts, and oracles you rely on? Yes. Look at the http://github.com/bandohq/evm-fulfillment-protocol repo.

3. Do you have a written and tested incident response plan? Yes. Internally alongside all of our standard operating procedures.

4. Do you document the best ways to attack your system? Yes. Find them in the Security Considerationspage.

5. Do you perform identity verification and background checks on all employees? Yes. We are a small company. Our few employees are known associates with checked bgs.

6. Do you have a team member with security defined in their role? Our CTO and Principal Engineer have security first in their job description.

7. Do you require hardware security keys for production systems? Yes.

8. Does your key management system require multiple humans and physical steps? Yes.

9. Do you define key invariants for your system and test them on every commit? Yes. Find them in

10. Do you use the best automated tools to discover security issues in your code? Yes.

11. Do you undergo external audits and maintain a vulnerability disclosure or bug bounty program? Yes.

12. Have you considered and mitigated avenues for abusing users of your system? Yes.