silken_net

Projects that follow the best practices below can voluntarily self-certify and show that they've achieved an Open Source Security Foundation (OpenSSF) best practices badge.

There is no set of practices that can guarantee that software will never have defects or vulnerabilities; even formal methods can fail if the specifications or assumptions are wrong. Nor is there any set of practices that can guarantee that a project will sustain a healthy and well-functioning development community. However, following best practices can help improve the results of projects. For example, some practices enable multi-person review before release, which can both help find otherwise hard-to-find technical vulnerabilities and help build trust and a desire for repeated interaction among developers from different companies. To earn a badge, all MUST and MUST NOT criteria must be met, all SHOULD criteria must be met OR be unmet with justification, and all SUGGESTED criteria must be met OR unmet (we want them considered at least). If you want to enter justification text as a generic comment, instead of being a rationale that the situation is acceptable, start the text block with '//' followed by a space. Feedback is welcome via the GitHub site as issues or pull requests There is also a mailing list for general discussion.

We gladly provide the information in several locales, however, if there is any conflict or inconsistency between the translations, the English version is the authoritative version.
If this is your project, please show your badge status on your project page! The badge status looks like this: Badge level for project 13358 is silver Here is how to embed it:
You can show your badge status by embedding this in your markdown file:
[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/13358/badge)](https://www.bestpractices.dev/projects/13358)
or by embedding this in your HTML:
<a href="https://www.bestpractices.dev/projects/13358"><img src="https://www.bestpractices.dev/projects/13358/badge"></a>


These are the Gold level criteria. You can also view the Passing or Silver level criteria.

Baseline Series: Baseline Level 1 Baseline Level 2 Baseline Level 3

        

 Basics 1/5

  • General

    Note that other projects may use the same name.

    Silken Net: a trustless, decentralized D-MRV / Nature-as-a-Service (NaaS) platform for planetary-scale forest-health monitoring. Edge IoT sensors in trees bridge to the Polygon blockchain via a Chainlink oracle, minting Silken Carbon (SCC) and Silken Forest (SFC) tokens from verified biomass-growth telemetry; a Lorenz-attractor homeostasis signal guards against fraud.

    Please use SPDX license expression format; examples include "Apache-2.0", "BSD-2-Clause", "BSD-3-Clause", "GPL-2.0+", "LGPL-3.0+", "MIT", and "(BSD-2-Clause OR Ruby)". Do not include single quotes or double quotes.
    If there is more than one language, list them as comma-separated values (spaces optional) and sort them from most to least used. If there is a long list, please list at least the first three most common ones. If there is no language (e.g., this is a documentation-only or test-only project), use the single character "-". Please use a conventional capitalization for each language, e.g., "JavaScript".
    The Common Platform Enumeration (CPE) is a structured naming scheme for information technology systems, software, and packages. It is used in a number of systems and databases when reporting vulnerabilities.

    Honest TRL: backend TRL 8, firmware TRL 6, bio-anchor TRL 3; multi-zone licensing — see NOTICE.

  • Prerequisites


    The project MUST achieve a silver level badge. [achieve_silver]

  • Project oversight


    The project MUST have a "bus factor" of 2 or more. (URL required) [bus_factor]
    A "bus factor" (aka "truck factor") is the minimum number of project members that have to suddenly disappear from a project ("hit by a bus") before the project stalls due to lack of knowledgeable or competent personnel. The truck-factor tool can estimate this for projects on GitHub. For more information, see Assessing the Bus Factor of Git Repositories by Cosentino et al.

    Unmet — the project currently has a single maintainer, so its bus factor is 1. This is mitigated: the project is fully FLOSS with all code, history, issues and releases public on GitHub (forkable by anyone — see GOVERNANCE.md "Continuity"), so loss of the maintainer does not lose the project, only its stewardship. The maintainer intends to add co-maintainers as the contributor base grows, raising the bus factor to 2+.
    https://github.com/Alexey-Lukin/silken_net/blob/main/GOVERNANCE.md#continuity



    The project MUST have at least two unassociated significant contributors. (URL required) [contributors_unassociated]
    Contributors are associated if they are paid to work by the same organization (as an employee or contractor) and the organization stands to benefit from the project's results. Financial grants do not count as being from the same organization if they pass through other organizations (e.g., science grants paid to different organizations from a common government or NGO source do not cause contributors to be associated). Someone is a significant contributor if they have made non-trivial contributions to the project in the past year. Examples of good indicators of a significant contributor are: written at least 1,000 lines of code, contributed 50 commits, or contributed at least 20 pages of documentation.

    Unmet — the project currently has a single significant contributor: the founding
    maintainer, who appears in git history under two spellings of the same name
    (Oleksii Lukin / Alexey Lukin, same email). The other commit authors are not
    independent significant contributors — GitHub Copilot and Dependabot are AI/automation
    directed and owned by that maintainer (DCO-signed by the human), and the one other
    human author is well below the significance threshold (a few commits, not ~50
    commits / 1000 LOC / 20 pages). This is the same single-maintainer reality as
    bus_factor. It is mitigated by the project being fully FLOSS and open to outside
    contribution (CONTRIBUTING.md); the maintainer intends to onboard unassociated
    significant contributors as the community grows.
    https://github.com/Alexey-Lukin/silken_net/graphs/contributors


  • Other


    The project MUST include a license statement in each source file. This MAY be done by including the following inside a comment near the beginning of each file: SPDX-License-Identifier: [SPDX license expression for project]. [license_per_file]
    This MAY also be done by including a statement in natural language identifying the license. The project MAY also include a stable URL pointing to the license text, or the full license text. Note that the criterion license_location requires the project license be in a standard location. See this SPDX tutorial for more information about SPDX license expressions. Note the relationship with copyright_per_file, whose content would typically precede the license information.

    This is okay because the project's licensing is unambiguous and clearly declared at
    the repository level, even though it is not repeated as a per-file header. The repo
    ships explicit per-zone LICENSE files — AGPL-3.0-or-later (code), CERN-OHL-S-2.0
    (hardware), CC-BY-SA-4.0 (documentation) — plus a NOTICE file that maps each zone to
    its license and lists third-party exceptions, and the licensing strategy is documented
    in docs/08_01. The Solidity contracts already carry a per-file SPDX-License-Identifier
    (required by solc). So there is no licensing uncertainty for any file; the only gap is
    the convenience of an in-file SPDX header in the Ruby/C/Python sources, which is a
    deferred, scriptable enhancement rather than a licensing ambiguity. This gold-level
    item is in any case gated by the project's single-maintainer bus factor.
    https://github.com/Alexey-Lukin/silken_net/blob/main/NOTICE


 Change Control 3/4

  • Public version-controlled source repository


    The project's source repository MUST use a common distributed version control software (e.g., git or mercurial). [repo_distributed]
    Git is not specifically required and projects can use centralized version control software (such as subversion) with justification.

    Repository on GitHub, which uses git. git is distributed.



    The project MUST clearly identify small tasks that can be performed by new or casual contributors. (URL required) [small_tasks]
    This identification is typically done by marking selected issues in an issue tracker with one or more tags the project uses for the purpose, e.g., up-for-grabs, first-timers-only, "Small fix", microtask, or IdealFirstBug. These new tasks need not involve adding functionality; they can be improving documentation, adding test cases, or anything else that aids the project and helps the contributor understand more about the project.

    This is okay because the project is currently a single-maintainer effort with no
    active external-contributor pipeline yet, so there is no backlog of newcomer-tagged
    small tasks; the internal roadmap (docs/00_07) tracks domain-expert work rather than
    casual-contributor microtasks, and there are essentially no open issues. The project
    is nonetheless open to contribution — CONTRIBUTING.md documents the fork → branch → PR
    flow and the per-domain checks — so a newcomer can contribute; specific "good first
    issue"-tagged tasks simply have not been curated. The maintainer intends to label
    good-first-issues as the contributor base grows (the same single-maintainer reality
    behind bus_factor, which independently gates this gold level).
    https://github.com/Alexey-Lukin/silken_net/blob/main/CONTRIBUTING.md



    The project MUST require two-factor authentication (2FA) for developers for changing a central repository or accessing sensitive data (such as private vulnerability reports). This 2FA mechanism MAY use mechanisms without cryptographic mechanisms such as SMS, though that is not recommended. [require_2FA]

    Changes to the central repository require the maintainer's GitHub account, which has two-factor authentication enabled. GitHub has also mandated 2FA for all code contributors since its March 2023 rollout (accounts without it are restricted). As a personal (non-organization) repository, 2FA is enforced at the GitHub-account level rather than via an org-wide policy. (OSPS AC-01.01)



    The project's two-factor authentication (2FA) SHOULD use cryptographic mechanisms to prevent impersonation. Short Message Service (SMS) based 2FA, by itself, does NOT meet this criterion, since it is not encrypted. [secure_2FA]
    A 2FA mechanism that meets this criterion would be a Time-based One-Time Password (TOTP) application that automatically generates an authentication code that changes after a certain period of time. Note that GitHub supports TOTP.

    The maintainer's GitHub two-factor authentication uses a Time-based One-Time Password (TOTP) authenticator app, a cryptographic mechanism — not SMS. GitHub supports TOTP and WebAuthn security keys / passkeys for 2FA. (OSPS AC-01.02)


 Quality 6/7

  • Coding standards


    The project MUST document its code review requirements, including how code review is conducted, what must be checked, and what is required to be acceptable. (URL required) [code_review_standards]
    See also two_person_review and contribution_requirements.

    Met. The project documents its code-review / acceptance requirements in CONTRIBUTING.md
    and the pull-request template:

    • How review is conducted: changes go through a fork → branch → pull-request flow; CI
      must be green and a CODEOWNERS maintainer reviews the PR before it is merged
      (CONTRIBUTING.md, "Contribution process").
    • What must be checked / what is acceptable: CONTRIBUTING.md "Requirements for acceptable
      contributions" lists the per-domain checks a change must pass (RuboCop + RSpec +
      Brakeman + bundler-audit for Ruby; Ruff for Python; -Wall -Wextra -Wpedantic + cppcheck
      for firmware C; forge build/test for Solidity), the enforced style guides, the
      "add/update automated tests for new functionality" policy, and the SSOT doc-update
      requirement; the PR template repeats this as a per-PR checklist (conventional-commit
      title, CI passed + Docs passed green, SSOT updated). Solidity test conventions are
      documented in CLAUDE.md §8.
      https://github.com/Alexey-Lukin/silken_net/blob/main/CONTRIBUTING.md#requirements-for-acceptable-contributions
      https://github.com/Alexey-Lukin/silken_net/blob/main/.github/pull_request_template.md


    The project MUST have at least 50% of all proposed modifications reviewed before release by a person other than the author, to determine if it is a worthwhile modification and free of known issues which would argue against its inclusion [two_person_review]

    Unmet — the project currently has a single maintainer, so proposed modifications are
    not reviewed before release by a person other than the author; the author and the only
    available reviewer are the same person. This is the same single-maintainer reality as
    bus_factor. It is mitigated by strong automated gates that every change must pass before
    it lands: CI (RuboCop, RSpec with a 99%-line/95%-branch coverage gate, Brakeman,
    bundler-audit, Ruff, the firmware host suite under AddressSanitizer + UndefinedBehavior-
    Sanitizer, Foundry contract tests, Slither, and CodeQL) plus the SSOT documentation gate
    — which catch many of the issue classes a second human reviewer would look for. The
    maintainer intends to require independent second-person review once co-maintainers join.
    https://github.com/Alexey-Lukin/silken_net/blob/main/CONTRIBUTING.md


  • Working build system


    The project MUST have a reproducible build. If no building occurs (e.g., scripting languages where the source code is used directly instead of being compiled), select "not applicable" (N/A). (URL required) [build_reproducible]
    A reproducible build means that multiple parties can independently redo the process of generating information from source files and get exactly the same bit-for-bit result. In some cases, this can be resolved by forcing some sort order. JavaScript developers may consider using npm shrinkwrap and webpack OccurrenceOrderPlugin. GCC and clang users may find the -frandom-seed option useful. The build environment (including the toolset) can often be defined for external parties by specifying the cryptographic hash of a specific container or virtual machine that they can use for rebuilding. The reproducible builds project has documentation on how to do this.

    Met. The project's compiled, security-critical artifact — the Solidity smart-contract
    bytecode — has a reproducible build: contracts/foundry.toml pins the toolchain
    (solc_version 0.8.35, evm_version cancun, optimizer on / 200 runs) and solc is
    deterministic, so any party that runs forge build against the committed source +
    foundry.toml gets the same bytecode bit-for-bit. This is independently verifiable and is
    exactly what lets anyone confirm the deployed on-chain bytecode matches the source.

    Build inputs across the rest of the stack are fully pinned (the prerequisite for
    reproducible packaging): the Docker base image is pinned by digest
    (ruby:4.0.5-slim@sha256:…) and dependencies are locked (Gemfile.lock,
    contracts/package-lock.json, tools/in_silico/conda-lock.yml); the released container also
    carries a Sigstore SLSA build-provenance attestation recording how it was produced (see
    SECURITY.md). The Ruby (Rails) and Python tiers are interpreted — source used directly,
    not compiled — the criterion's N/A case for those tiers.
    https://github.com/Alexey-Lukin/silken_net/blob/main/contracts/foundry.toml
    https://github.com/Alexey-Lukin/silken_net/blob/main/Dockerfile


  • Automated test suite


    A test suite MUST be invocable in a standard way for that language. (URL required) [test_invocation]
    For example, "make check", "mvn test", or "rake test" (Ruby).

    Met. The test suites are invocable the standard way for each language, as documented
    in CONTRIBUTING.md ("Requirements for acceptable contributions"):



    The project MUST implement continuous integration, where new or changed code is frequently integrated into a central code repository and automated tests are run on the result. (URL required) [test_continuous_integration]
    In most cases this means that each developer who works full-time on the project integrates at least daily.

    GitHub Actions CI runs the test + lint suites on every push and pull request: RSpec, Brakeman, RuboCop, Ruff, firmware host tests, and forge tests.
    https://github.com/Alexey-Lukin/silken_net/blob/main/.github/workflows/ci.yml



    The project MUST have FLOSS automated test suite(s) that provide at least 90% statement coverage if there is at least one FLOSS tool that can measure this criterion in the selected language. [test_statement_coverage90]

    Met. The Ruby/Rails backend — the bulk of the codebase — is measured by SimpleCov (FLOSS,
    with branch coverage enabled), and the full CI suite enforces a hard gate of
    minimum_coverage line: 99, branch: 95 (spec/spec_helper.rb): the build fails below 99%
    statement coverage, comfortably above the 90% gold bar. A per-group tripwire additionally
    floors Services/Workers/Models at ~99% line so no single area can erode while the global
    average holds. The other languages are measured with FLOSS coverage tools too: the
    firmware C host suite via gcov/lcov (make -C firmware/test coverage) and the Solidity
    contracts via forge coverage --report lcov (→ Codecov). Coverage policy: docs/04_06 §B.
    https://github.com/Alexey-Lukin/silken_net/blob/main/spec/spec_helper.rb



    The project MUST have FLOSS automated test suite(s) that provide at least 80% branch coverage if there is at least one FLOSS tool that can measure this criterion in the selected language. [test_branch_coverage80]

    Met. SimpleCov (FLOSS) runs with branch coverage enabled (enable_coverage :branch), and
    the full CI suite enforces a hard gate of minimum_coverage line: 99, branch: 95
    (spec/spec_helper.rb): the build fails below 95% branch coverage, comfortably above the
    80% bar. Per-group branch floors additionally hold Services ≥97%, Workers ≥96%, Models
    ≥99%, so no single area can erode while the global average holds (branch is the tighter
    signal; line is ~99.9% everywhere).
    https://github.com/Alexey-Lukin/silken_net/blob/main/spec/spec_helper.rb


 Security 5/5

  • Use basic good cryptographic practices

    Note that some software does not need to use cryptographic mechanisms. If your project produces software that (1) includes, activates, or enables encryption functionality, and (2) might be released from the United States (US) to outside the US or to a non-US-citizen, you may be legally required to take a few extra steps. Typically this just involves sending an email. For more information, see the encryption section of Understanding Open Source Technology & US Export Controls.

    The software produced by the project MUST support secure protocols for all of its network communications, such as SSHv2 or later, TLS1.2 or later (HTTPS), IPsec, SFTP, and SNMPv3. Insecure protocols such as FTP, HTTP, telnet, SSLv3 or earlier, and SSHv1 MUST be disabled by default, and only enabled if the user specifically configures it. If the software produced by the project does not support network communications, select "not applicable" (N/A). [crypto_used_network]

    Met (SHOULD). All IP/web network communications use TLS by default and no insecure
    protocol is enabled:

    • The web app and API enforce HTTPS in production (config.force_ssl = true) with
      HSTS (1 year, includeSubdomains, preload) and assume_ssl behind the TLS-terminating
      Kamal proxy (Let's Encrypt, TLS 1.2/1.3). HTTP is redirected to HTTPS.
    • All outbound calls use HTTPS — chain RPC (Alchemy/Infura), Chainlink Functions,
      IoTeX and peaq endpoints — with default certificate verification (no VERIFY_NONE).
    • A scan of the code finds no FTP, telnet, SSLv3/earlier, SSHv1, or plain-HTTP
      endpoints.
      For the constrained IoT radio link (Soldier->Queen LoRa, Queen->Rails CoAP) TLS/DTLS
      is not feasible on a tens-of-bytes LoRa frame, so confidentiality and integrity are
      provided at the application layer with AES: AES-128-CCM (authenticated; the
      LoRaWAN/Zigbee/Thread/BLE golden standard for constrained IoT) on the LoRa link and
      AES-256-CBC with a per-message random IV on the CoAP backhaul. This design — and why
      heavier schemes such as Kyber do not fit the radio MTU — is documented in docs/03_05.
      The transitional AES-128-ECB LoRa mode is documented and is migrating to AES-128-CCM.
      https://github.com/Alexey-Lukin/silken_net/blob/main/config/environments/production.rb
      https://github.com/Alexey-Lukin/silken_net/blob/main/docs/03_05_Hardware_Symmetric_Crypto_and_Security.md


    The software produced by the project MUST, if it supports or uses TLS, support at least TLS version 1.2. Note that the predecessor of TLS was called SSL. If the software does not use TLS, select "not applicable" (N/A). [crypto_tls12]

    Met (SHOULD). The project uses TLS and supports TLS 1.2+ everywhere; nothing is
    configured to allow TLS 1.1 or earlier:

    • Inbound HTTPS is terminated by the Kamal proxy with automatic Let's Encrypt
      certificates (config/deploy.yml, proxy ssl: true); the proxy (Go crypto/tls)
      negotiates TLS 1.2/1.3 and does not offer TLS 1.0/1.1. The Rails app enforces it
      with config.force_ssl = true and HSTS (1 year, includeSubdomains, preload) in
      production.rb, so HTTP is redirected to HTTPS.
    • Outbound HTTPS (chain RPC, Chainlink, IoTeX, peaq) is made by Ruby 4.0.5 on
      OpenSSL 3.6.2, which negotiates TLS 1.2/1.3 by default and has TLS 1.0/1.1
      disabled; no client sets a lower ssl_version/min_version.
      No SSLv2/SSLv3 or TLS 1.1-or-earlier is configured or supported anywhere in the stack.
      https://github.com/Alexey-Lukin/silken_net/blob/main/config/environments/production.rb
      https://github.com/Alexey-Lukin/silken_net/blob/main/config/deploy.yml

  • Secured delivery against man-in-the-middle (MITM) attacks


    The project website, repository (if accessible via the web), and download site (if separate) MUST include key hardening headers with nonpermissive values. (URL required) [hardened_site]
    Note that GitHub and GitLab are known to meet this. Sites such as https://securityheaders.com/ can quickly check this. The key hardening headers are: Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), X-Content-Type-Options (as "nosniff"), and X-Frame-Options. Fully static web sites with no ability to log in via the web pages could omit some hardening headers with less risk, but there's no reliable way to detect such sites, so we require these headers even if they are fully static sites.

    Met. The project's web presence is its GitHub repository
    (github.com/Alexey-Lukin/silken_net); GitHub is explicitly noted by this criterion as
    meeting the hardening-header requirement (CSP, HSTS, X-Content-Type-Options: nosniff,
    X-Frame-Options). Releases are distributed via GitHub Releases + GHCR (also GitHub), so
    the download surface is covered too, and there is no separate project website. The
    project's own application is additionally configured to emit all four headers with
    nonpermissive values when deployed: a strict CSP with a per-request nonce
    (config/initializers/content_security_policy.rb), HSTS with preload + config.force_ssl
    (config/environments/production.rb), and X-Content-Type-Options: nosniff +
    X-Frame-Options: DENY (config/initializers/security_headers.rb).
    https://github.com/Alexey-Lukin/silken_net


  • Other security issues


    The project MUST have performed a security review within the last 5 years. This review MUST consider the security requirements and security boundary. [security_review]
    This MAY be done by the project members and/or an independent evaluation. This evaluation MAY be supported by static and dynamic analysis tools, but there also must be human review to identify problems (particularly in design) that tools cannot detect.

    Met. A security review was performed and is documented in
    docs/SECURITY_ASSURANCE_CASE.md (2026-06-25). It is a human-authored structured review
    that explicitly considers the security requirements (the top-level security claims and
    the OWASP Top 10 countermeasure analysis) and the security boundary (an enumeration of
    every trust boundary across the Soldier→Queen→Rails→chain pipeline and the guard
    enforcing each), plus a threat model (assets, actors, attack surfaces) and an honest
    residual-risk section. It is supported by static and dynamic tooling (Brakeman, Slither,
    CodeQL, cppcheck, ASan/UBSan) but goes beyond them with human design analysis (the
    trust-boundary and minting/slashing-gate reasoning that tools cannot detect). It is
    complemented by the ongoing SEC.* hardening audits tracked in docs/00_07.
    https://github.com/Alexey-Lukin/silken_net/blob/main/docs/SECURITY_ASSURANCE_CASE.md



    Hardening mechanisms MUST be used in the software produced by the project so that software defects are less likely to result in security vulnerabilities. (URL required) [hardening]
    Hardening mechanisms may include HTTP headers like Content Security Policy (CSP), compiler flags to mitigate attacks (such as -fstack-protector), or compiler flags to eliminate undefined behavior. For our purposes least privilege is not considered a hardening mechanism (least privilege is important, but separate).

    Met (SHOULD). Hardening mechanisms are applied on both the web and firmware sides.

    Web (Rails — the network-facing attack surface):

    • A strict Content-Security-Policy (config/initializers/content_security_policy.rb):
      default_src/base_uri/form_action 'self', frame_ancestors 'none', frame_src 'none',
      object_src 'none', and a per-request nonce for inline scripts (no 'unsafe-inline'
      on script-src).
    • A full security-header set (config/initializers/security_headers.rb): X-Frame-Options
      DENY, X-Content-Type-Options nosniff, Referrer-Policy strict-origin-when-cross-origin,
      Cross-Origin-Opener-Policy / Cross-Origin-Resource-Policy same-origin, a restrictive
      Permissions-Policy, and X-XSS-Protection 0 (disables the legacy exploitable filter).
    • HSTS with preload (1 year, includeSubdomains) + config.force_ssl; session cookies are
      httponly + secure + same_site:lax.

    Firmware C (a memory-unsafe language → compiler hardening):

    • The entire host test suite is compiled and executed under AddressSanitizer +
      UndefinedBehaviorSanitizer (-fsanitize=address,undefined -fno-sanitize-recover=all) on
      every CI run, so undefined behavior, buffer overflows and use-after-free abort the build
      before release — the criterion's "compiler flags to eliminate undefined behavior"
      example. The host build also honors -fstack-protector-strong / -D_FORTIFY_SOURCE / RELRO.

    https://github.com/Alexey-Lukin/silken_net/blob/main/config/initializers/content_security_policy.rb
    https://github.com/Alexey-Lukin/silken_net/blob/main/firmware/test/Makefile


 Analysis 2/2

  • Dynamic code analysis


    The project MUST apply at least one dynamic analysis tool to any proposed major production release of the software produced by the project before its release. [dynamic_analysis]
    A dynamic analysis tool examines the software by executing it with specific inputs. For example, the project MAY use a fuzzing tool (e.g., American Fuzzy Lop) or a web application scanner (e.g., OWASP ZAP or w3af). In some cases the OSS-Fuzz project may be willing to apply fuzz testing to your project. For purposes of this criterion the dynamic analysis tool needs to vary the inputs in some way to look for various kinds of problems or be an automated test suite with at least 80% branch coverage. The Wikipedia page on dynamic analysis and the OWASP page on fuzzing identify some dynamic analysis tools. The analysis tool(s) MAY be focused on looking for security vulnerabilities, but this is not required.

    The smart contracts are dynamically analysed by Foundry property/fuzz testing: 11 testFuzz_ properties (mint, slash, setParameter, permit, storeStateRoot, …), each run with 512 randomized input iterations (foundry.toml [fuzz] runs=512) on every CI run, plus invariant testing. This varies inputs to look for failures, satisfying the criterion. The Ruby backend additionally runs a comprehensive RSpec suite in CI.
    https://github.com/Alexey-Lukin/silken_net/blob/main/.github/workflows/solidity_audit.yml



    The project SHOULD include many run-time assertions in the software it produces and check those assertions during dynamic analysis. [dynamic_analysis_enable_assertions]
    This criterion does not suggest enabling assertions during production; that is entirely up to the project and its users to decide. This criterion's focus is instead to improve fault detection during dynamic analysis before deployment. Enabling assertions in production use is completely different from enabling assertions during dynamic analysis (such as testing). In some cases enabling assertions in production use is extremely unwise (especially in high-integrity components). There are many arguments against enabling assertions in production, e.g., libraries should not crash callers, their presence may cause rejection by app stores, and/or activating an assertion in production may expose private data such as private keys. Beware that in many Linux distributions NDEBUG is not defined, so C/C++ assert() will by default be enabled for production in those environments. It may be important to use a different assertion mechanism or defining NDEBUG for production in those environments.

    Assertions are heavily enabled during dynamic analysis. The firmware host-test build compiles without -DNDEBUG (so C assert() and the 1833 host-test assertions are active), and the Foundry contract suite checks 4 protocol invariants (solvency, supply accounting, total-supply-within-cap, voting-power-matches-supply) plus ~200 assertEq/assertTrue assertions during fuzzing. These assertions are test-only — not compiled into the firmware production binary or the deployed contracts.
    https://github.com/Alexey-Lukin/silken_net/blob/main/firmware/test/Makefile



This data is available under the Community Data License Agreement – Permissive, Version 2.0 (CDLA-Permissive-2.0). This means that a Data Recipient may share the Data, with or without modifications, so long as the Data Recipient makes available the text of this agreement with the shared Data. Please credit Alexey Lukin and the OpenSSF Best Practices badge contributors.

Project badge entry owned by: Alexey Lukin.
Entry created on 2026-06-24 13:17:00 UTC, last updated on 2026-06-25 13:55:07 UTC. Last achieved passing badge on 2026-06-24 17:34:54 UTC.