Why We Changed Our Audit Repository to Private
Moving to a more secure and transparent solution for our smart contract audit reports...
At Team.Finance, security is at the core of everything we do.
As part of our continued efforts to protect our token management service and our users, we made the decision to change our "Audit" GitHub repository from public to private.
Additionally, we moved our SWAP Token Audit document to a dedicated Security page on docs.team.finance. This will be the new home of all our smart contract audits.
As we make this transition, our team are reviewing all smart contract audits and security related docs, before uploading any other relevant files to the new location.
Why did we move away from GitHub?
1. Enhanced Security and Control
By making the GitHub repository private, we limit access to our document storage to authorized personnel with the necessary security keys and approvals. Only individuals meeting our strict criteria can view or modify audit files, ensuring their integrity before finalization.
This controlled access minimizes risks during development and review, aligning with our commitment to secure our platform and users. No longer can potential attackers view the history of staff or contributors to a repository and consider them targets for exploitation.
2. Professionalism and Branding
Moving the PDFs to a dedicated security page reinforces our commitment to security and transparency while presenting information in a controlled and polished environment.
This means that we can easily reference the documents from other pages and create matched branded environments - so you always know it's Team.finance or TrustSwap official documents.
3. Centralizing Security Information
By consolidating all security-related materials on a single, dedicated page, we provide a more streamlined and user-friendly experience. We can quite literally send users and web3 projects looking to use our services to a singular landing page, with all the information in one place.
4. Risk Mitigation Against Commit Histories
Limiting the visibility of audit findings and technical details to only the most current documentation, reduces the risk of malicious entities identifying and exploiting potential vulnerabilities from older copies found in our previous Github commits.
By presenting only the final, verified audits, we ensure that attackers have no access to earlier, non-relevant information from historical commits in GitHub.
Conclusion
We are committed to protecting our platform and users through proactive and strategic security measures.
By making our audit repository private and centralizing audit documentation on our dedicated security page, we not only hope to enhance the security and integrity of our information but also provide a more transparent and professional user experience.