EIP-5437 Security Contact Interface

xinbenlv · August 10, 2022, 5:19am

Hey OpenZeppelin community, I created an interface of EIP-5437 intend make it easier to securely notify smart contract owner. I love that you pioneered putting the security contact in the OpenZeppelin wizard such as


/// @custom:security-contact some-user@some-domain.com

I love to invite any community members to provide feedback or collaborate to draft the EIP-5437

See it here: https://github.com/ethereum/EIPs/pull/5437/files

maxareo · August 10, 2022, 9:38am

If it's just the email, why not just put it in a comment section at the top area of a contract?

xinbenlv · September 20, 2022, 3:25am

Thank you for asking. Two reasons: @maxareo

Not all user and API have access to the source code of contract. There is no standard way to distribute and publish contract. The de facto way is to use Etherscan and IPFS, but it has not been standardized. There is no guarantee the email comment will be distributed.
Instead of putting it in the source code comment, putting it in the Smart Contract make it more widely distributed and allow machine readability.

xinbenlv · December 20, 2022, 10:24pm

For feedback on the EIP-5437 please leave it at https://ethereum-magicians.org/t/erc-interface-for-security-contract/10303

Topic		Replies	Views
Ownable to be EIP-173? Smart Contracts	4	725	September 1, 2022
OpenZeppelin security concerns Security	0	699	February 21, 2022
OpenZeppelin Contracts - Feature requests [Q1 2022] General	14	1458	February 17, 2022
First release of OpenZeppelin Contracts Upgradeable Announcements	1	4709	November 17, 2020
OpenZeppelin coding standard Contracts	3	1398	March 15, 2021

EIP-5437 Security Contact Interface

Related topics