The EEA EthTrust Security Levels Working Group specifies "EEA EthTrust Security Levels", a set of requirements for security audits of Ethereum smart contracts to ensure an industry-wide level of quality for security audits. This provides three levels of certification that give progressively stronger reassurance about the security properties of a smart contract or set of contracts intended to be deployed on an Ethereum blockchain.
The specification provides minimum standards that security audits should meet. Security auditors will generally offer review and additional services beyond the common base required for EthTrust Security Levels.
EEA has published version 1 of the specification as an EEA specification, and the Working Group is now working on a revised version to be published probably in 2023 or early 2024, as well as relevant supporting materials.
EthTrust Security Levels Specification
EEA EthTrust Security Levels Specification Version 1
EEA Specification. Edited by Chaals Nevile. URL: https://entethalliance.org/specs/ethtrust-sl/v1/. Published 22 August 2022.
Latest Editors' Draft
EEA EthTrust Security Levels Specification v-after-1. Work in Progress. Edited by Michael Theriault, Chaals Nevile. URL: https://entethalliance.github.io/eta-registry/security-levels-spec.html. Updated as the group agrees to changes (typically every two weeks).
The Editors' draft is a publicly available snapshot of the group's latest thinking. However, it is subject to change and should only be referenced as Work in Progress.
How to Contribute
For information on how to join the group, see "Contact Us" below:
Specifications & Guidelines Development
The working group collaborates to develop the specification for EthTrust certification. You can contribute by joining EEA and getting involved in our weekly calls and by writing, reviewing and providing feedback on the draft specification.
To participate in test development, including writing conformance tests, developing proof of concept for existing or new proposals, please join the EEA Client Interoperability Testing WG.