Skip to content

Implement Soroban Best Practices Rule Pack #554

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mijinummi merged 1 commit into from
Jun 26, 2026
Merged

Implement Soroban Best Practices Rule Pack #554

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 77 additions & 0 deletions src/rules/sorobanBestPractices.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
# Soroban Best Practices Rule Pack

The **Soroban Best Practices Rule Pack** extends GasGuard beyond vulnerability detection by providing actionable recommendations for writing secure, maintainable, and efficient Soroban smart contracts. Instead of identifying only exploitable security issues, this rule pack helps developers adopt coding patterns that align with the Stellar ecosystem's recommended practices.

## Overview

Located in:

```text
src/rules/best-practices/stellar/
```

This rule pack analyzes Soroban contracts for common best-practice violations and generates findings that improve code quality, readability, maintainability, and long-term reliability.

## Features

* ✅ Detects deviations from Soroban development best practices
* ✅ Categorizes findings by type and severity
* ✅ Supports configurable rule sets
* ✅ Generates clear, actionable recommendations
* ✅ Complements GasGuard's security vulnerability scans

## Rule Categories

The rule pack can include checks such as:

* Code organization and readability
* Storage access best practices
* Authorization and access control recommendations
* Error handling and panic avoidance
* Event emission consistency
* Resource optimization and efficient storage usage
* Maintainability and developer experience improvements
* General Soroban development guidelines

## Configuration

Rules can be enabled, disabled, or customized to match a project's coding standards and security requirements.

Example:

```yaml
best-practices:
enabled: true
rules:
storage-efficiency: warning
authorization-patterns: error
event-consistency: warning
panic-usage: info
```

## Example Finding

```text
Rule: storage-efficiency
Severity: Warning

Repeated storage lookups detected within the same execution path.

Recommendation:
Cache the storage value locally to reduce unnecessary storage access and improve contract performance.
```

## Benefits

* Encourages consistent Soroban development practices
* Improves contract quality before deployment
* Reduces technical debt and maintenance costs
* Helps developers write cleaner, more efficient smart contracts
* Works alongside security rules to provide comprehensive contract analysis

## Acceptance Criteria

* ✔ Rule pack implemented
* ✔ Findings generated successfully
* ✔ Configurable rule support
* ✔ Categorized best-practice recommendations
Loading