Smart contracts

Secure coding guidelines
Internal assessments
External assessments

Secure coding guidelines

Smart contract codebases must be organized, readable, and understandable across multiple developers and project phases. Engineers developing these codebases follow industry-standard secure coding practices and style guides, including the Solidity style guide and the Coinbase Solidity style guide.

Internal assessments

Polygon Labs application security teams include senior and staff security engineers who perform internal reviews on all developed code. Reviews follow standard methodologies and use available tooling for static analysis, line-by-line manual review, fuzzing, and formal verification where applicable.

External assessments

After internal review, and based on a risk assessment, new smart contracts and major changes or upgrades are sent to tier-1 security consultancy organizations for formal external security assessments. Polygon Labs periodically rotates vendors to maintain an unbiased view of the code. Public audit reports are available on the Security reports page.

Software development

Vulnerability management

⌘I

Guides

Developer Tools

Security

Secure coding guidelines

Internal assessments

External assessments

Guides

Developer Tools

Security

​Secure coding guidelines

​Internal assessments

​External assessments

Secure coding guidelines

Internal assessments

External assessments