• Include chainlink VRF somewhere

(Think about competitor analysis)

NFT Requirements

• Which slot the component fills (Paint, Move, Attack, Gadget, Face)
• Which particular part it is (ex. knife or laser?)
• Ability to be minted (to be further honed)

Starts on main menu with button which leads to fighting scene, and one which leads to customization scene

• Research token and NFT contracts, and how they can interact
• Using MVP description, find what contracts need to be written to achieve minimum functionality

https://trello.com/b/UKhTe9cP/devbots-roadmap

• Title Screen
• Menu with Battle, Customize, Exit
• Customize: Component Menu which displays several buttons for Move and Attack Components
• Customize: Selected option (1 for each) edits actual bot object
• Battle: HP Cleanup
• Battle: Attack & Death Animations
• Battle: When bot dies show victory or loss screen, prompt player to restart or return to menu
• Battle: Bot actions are tied to selected components on player

• One screen with two bots
• Bot object with HP, Sprite
• Attack( ) which creates hurtbox in bot "Facing" direction, depletes HP if bot is hit
• Move( ) which pushes bot in "Facing" direction
• Automated battling based on timer, calling Attack( ) and Move( )
• When HP is 0, reset

Secure development workflow

Here's a high-level process we recommend following while you write your smart contracts.

Check for known security issues:

• Review your contracts with Slither. It has more than 70 built-in detectors for common vulnerabilities. Run it on every check-in with new code and ensure it gets a clean report (or use triage mode to silence certain issues).

Consider special features of your contract:

• Are your contracts upgradeable? Review your upgradeability code for flaws with slither-check-upgradeability or Crytic. We've documented 17 ways upgrades can go sideways.
• Do your contracts purport to conform to ERCs? Check them with slither-check-erc. This tool instantly identifies deviations from six common specs.
• Do you have unit tests in Truffle? Enrich them with slither-prop. It automatically generates a robust suite of security properties for features of ERC20 based on your specific code.
• Do you integrate with 3rd party tokens? Review our token integration checklist before relying on external contracts.

Visually inspect critical security features of your code:

• Review Slither's inheritance-graph printer. Avoid inadvertent shadowing and C3 linearization issues.
• Review Slither's function-summary printer. It reports function visibility and access controls.
• Review Slither's vars-and-auth printer. It reports access controls on state variables.

Document critical security properties and use automated test generators to evaluate them:

• Learn to document security properties for your code. It's tough as first, but it's the single most important activity for achieving a good outcome. It's also a prerequisite for using any of the advanced techniques in this tutorial.
• Define security properties in Solidity, for use with Echidna and Manticore. Focus on your state machine, access controls, arithmetic operations, external interactions, and standards conformance.
• Define security properties with Slither's Python API. Focus on inheritance, variable dependencies, access controls, and other structural issues.
• Run your property tests on every commit with Crytic. Crytic can consume and evaluate security property tests so everyone on your team can easily see that they pass on GitHub. Failing tests can block commits.

Finally, be mindful of issues that automated tools cannot easily find:

• Lack of privacy: everyone else can see your transactions while they're queued in the pool
• Front running transactions
• Cryptographic operations
• Risky interactions with external DeFi components

Ask for help

Ethereum office hours run every Tuesday afternoon. These 1-hour, 1-on-1 sessions are an opportunity to ask us any questions you have about security, troubleshoot using our tools, and get feedback from experts about your current approach. We will help you work through this guide.

Join our Slack: Empire Hacking. We're always available in the #crytic and #ethereum channels if you have any questions.

Security is about more than just smart contracts

Review our quick tips for general application and corporate security. It's most important that your code on-chain is secure, but lapses in off-chain security may be just as severe, especially where owner keys are concerned.