<aside> ℹ️ Following these steps ensures we are able to quickly complete a comprehensive and effective review of your fixes and issue the final report.
</aside>
[ ] Create a separate branch in the repo for your fixes. You will push each fix to this branch.
<aside>
‼️ Whenever possible, only commit code to this branch that specifically addresses issues listed in the Issue Tracker. This makes it much simpler for us to carefully and systematically review your fixes, ensuring they did not introduce any new issues. Please notify Macro of any changes in the fixes branch that were not in response to an issue we reported in the preliminary report.
</aside>
[ ] Track each fix in the Issue Tracker document that will be shared with you in the preliminary report.
[ ] Update your test suite as you address each issue to ensure complete test coverage.
<aside> 📌 We know. Tests aren’t the funnest thing in the world to write, but this is an important step to protect the security of your project. Wherever possible, we expect at least one test case per issue we find; be sure to reference the guidance in Create a High-Quality Test Suite. Let us know if you’re having a hard time writing a test for something— we’d be happy to offer advice or brainstorm ideas!
</aside>
[ ] Contain each issue fix in a single commit and reference the issue number in the commit message.
[ ] Add the fix commit hash to the issue tracker.
[ ] Add comments to the issue tracker for the issues that won’t be fixed, such as:
[ ] Notify the audit team when you are done with the fixes
What we need to deliver an estimate
How to get the best estimate and audit
General Security Best Practices