Kleros Moderate
  • Introduction to Kleros
  • Kleros FAQ
  • Governance
  • PNK Token
  • They talk about Kleros
  • Products
    • Court
      • Kleros Juror Tutorial
      • Famous Kleros Cases
      • What happens during a dispute?
      • Kleros & Credible Neutrality
    • Proof of Humanity
      • Proof of Humanity Tutorial (Register & Vouch)
      • Proof Humanity Tutorial (Remove & Challenge)
      • Proof of Humanity FAQ
    • Tokens
      • Kleros Tokens Tutorial
    • Curate
      • Kleros Curate Tutorial
    • Oracle
    • Governor
    • Escrow
      • Kleros Escrow Tutorial
      • Kleros Escrow Specifications
    • Linguo
      • Kleros Linguo Tutorial
      • Step-by-step Tutorial
        • Requesting translations
        • Working as a translator
        • Reviewing translations
      • F.A.Q
      • High-level Overview
    • Moderate
      • Susie
        • Getting Started
          • Add Susie
          • Start Susie
        • Basics
          • Welcome
          • Language
          • Notifications
        • Rules
        • Reports
        • Evidence
        • Federations
  • INTEGRATIONS
    • Overview
    • Types of Integrations
      • 1. Dispute resolution integration plan
        • Smart contract integration with Kleros Court (Arbitrator)
        • Use Cases
          • DeFi Insurance
          • Gaming
        • Channel partners
          • How to use Reality.eth + Kleros as an oracle
          • Safe Zodiac integration
        • Integration Tools
          • Escrow React
          • Escrow SDK
          • Centralized Arbitrator
      • 2. Curated-data integration plan
        • Interact with Arbitrable apps built on top of Kleros Court
    • Policy writing guide
    • Live & Upcoming Integrations
    • Kleros Analytics
    • Scalability & Cross-chain
      • Using Kleros arbitration for Dapps on xDai/Gnosis
    • Integrations FAQ
  • Developers
    • Arbitration Development
      • ERC-792: Arbitration Standard
      • ERC 1497: Evidence Standard
    • Arbitration by Example
      • ArbitrableDeposit.sol
      • TwoPartyArbitrable.sol
      • Rental.sol
      • ArbitrableTransaction.sol
      • MultipleArbitrableTransaction.sol
      • MultipleArbitrableTokenTransaction.sol
    • Archon: Ethereum Arbitration Standard Interaction Library
    • Deployment Addresses
    • Curate Classic: Integration for Devs
    • Light Curate: Integration for Devs
    • Guide for Preparing Transactions
  • Contribution Guidelines
    • Overview
    • General Dev. Workflow
      • Task Tracking & Lifecycle
      • Releases
    • Smart Contract Workflow
      • Task Tracking & Lifecycle
      • RAB - Review, Audit, Bounty
      • RABd (+ Deploy)
      • Reporting Vulnerabilities
    • Code Style and Guidelines
      • Git
      • Solidity
      • Web Languages
    • License & Code of Conduct
      • License
      • Code of Conduct
  • Additional Resources
    • Discord
    • Telegram
    • Governance Forum
    • Twitter
    • Blog
    • Reddit
    • Github
    • Slack
Powered by GitBook
On this page
  • `contract` Smart Contract Workflow `is` General Workflow {...}
  • Lite Pull Requests Reviews
  1. Contribution Guidelines
  2. Smart Contract Workflow

Task Tracking & Lifecycle

Smart contract development poses unique challenges and experience has taught us that not all the rules of traditional software apply.

PreviousSmart Contract WorkflowNextRAB - Review, Audit, Bounty

Last updated 2 years ago

`contract` Smart Contract Workflow `is` General Workflow {...}

Most of the guidelines of in the general workflow apply, with one key difference.

There is no automatic branch deployment, because we do not think you should rely on package managers for production smart contract development and deployment, more on that later. Because of this, it doesn't make sense to have staging or production environments, so all pull requests are made to master.

Do not rely on package managers for production smart contract development and deployment.

Lite Pull Requests Reviews

In smart contract repos, pull requests are not expected to be full contract vulnerability reviews. Instead, review style, dependency changes, tests, etc and perform a very brief contract review to see if you catch anything obvious. This means that just because a contract is in master does not mean it is ready for production.

Review style, dependency changes, tests, etc and perform a very brief contract review to see if you catch anything obvious.

This creates an optimal environment for hackers and external contributors to find vulnerabilities the team might not have found. We have noticed that having branches categorized by review rigorousness creates an unfavorable environment where people don't look at less rigorous branches because they don't feel as if them finding a vulnerability in there is as important as finding one in a production branch, and they don't look at the more rigorous branches because there are less contracts there and they think they are less likely to find something worth their time.

Task Tracking & Lifecycle