Migration script

Hi, is it necessary to have the migration scripts for our contracts deployed to mainnet uploaded to Github and/or audited?

Not necessary, but you can do it if you want more people to test and fork your contract

are there any potential security risks with the migration? what should be tested?

No risk bro, People can test your smart contract business logic

There is no risk in publishing the migration, I think this is what @YummyDao was saying. But there can definitely be risk in a buggy migration...

The migration is your deployment process. You need to deploy your contract correctly for it to be secure. For example, you need to set up permissions securely.

Exactly bro
That's right :+1::+1::+1:

Hi thanks. My question is whether there is risk in “not” publishing the migration files?

No risk bro in not publishing

The risks in not publishing the migration are:

  • Difficulty to reproduce a deployment
  • Difficulty to review/audit the deployment process

You should publish your migration, just like you publish your smart contract source code.

Yes, that's what I meant by testing by other users.... Since is gonna be open source