KEY POINTS while conducting a Security Audit of NFT smart contract

I would like to understand and discuss more about the IMPERATIVE points that must be kept in mind while Auditing a NFT Smart contract.

Are there any standard checklist that one can refer to?

Should we create one?

1 Like

There is this review checklist for smart contracts (not NFT specific), which applies to all smart contract development. I think there are several of these lists with security best practices out there. Happy to start a collection here if other people want to add their best practices!

Also might be worth linking the security considerations from the Solidity Docs here.

WRT audit-specific checklists, I’m sure those exist as well. Will link them here if I come across any.

1 Like

Specifically for NFT, I might recommend to include somebody on the team that has deep experience with NFT implementations including normal, but also obscure extensions, and devotes their time to teaching others about how all this works.

Here’s a little more about me, including some public code reviews