Aptos Move Security Vault Co-Building Initiative: Building Trustworthy Infrastructure Standards for Developers

Background: on-chain security calls for new standards

The issues we see: module duplication, lack of standards

After several recent on-chain security incidents in the cryptocurrency industry, the entire Web3 community has once again focused its direct attention on the old topic of "infrastructure security." Although technology is constantly advancing, we cannot escape a reality: without unified standards and auditing mechanisms, any "reinventing the wheel" foundational module could become a potential source of risk.

Move is a language born for resources and security, and Aptos has always provided developers with an excellent on-chain experience through parallel execution and native upgrade capabilities. However, during our collaboration with numerous Aptos projects, we repeatedly discovered a key shortcoming: the ecosystem lacks a reliable, reusable, and auditable public foundational module library. Many teams implement and maintain their own solutions for permission control, upgrade systems, basic utility functions, etc., which is not only inefficient but also undermines the overall security of on-chain applications.

We decided to take action: Movemaker and alcove jointly initiated.

To address this underlying shortcoming, the Aptos official Chinese community Movemaker has joined forces with alcove, Asia's first Move ecosystem developer organization, to jointly launch a structured open-source initiative – the Aptos Move Secure & General Purpose Base Library initiative.

The initiative aims to provide a set of rigorously audited, secure, reliable, modular, and easy-to-use standard components for Aptos smart contract development, thereby accelerating the development and maturity of the Aptos ecosystem. Movemaker has long served the Aptos Chinese developer community and understands the actual needs of local developers; while alcove gathers a group of technical members with experience in Move underlying development, auditing, and toolchain construction, which can lay a solid foundation for the research and governance of this basic library.

📌 The proposal has been launched on GitHub and is now open for all Aptos developers to co-build. Click to view details and submit a PR:

Next, we will introduce the goals, mechanisms, and participation methods of this initiative—hoping that you are not just a reader, but also a collaborator.

We have re-designed based on the innovation of Aptos.

This initiative is a long-term, systematic open-source project aimed at the entire Aptos development ecosystem. We are gathering resources, standardizing processes, and building mechanisms, with the sole purpose of creating a "gold standard library" for Aptos that is widely adopted, trusted, and audited, similar to how OpenZeppelin functions for EVM.

In the EVM ecosystem, OpenZeppelin Contracts have been verified to effectively enhance security, accelerate development efficiency, and lower the threshold. However, we are well aware that Move and Aptos are not mirrors of EVM; they have fundamental differences in language paradigms, account models, state management, upgrade mechanisms, and execution architectures. Because of this, the resource-oriented model of Move, bytecode verifier, support for formal verification, and Aptos's parallel execution and native package upgrade mechanisms provide us with an excellent opportunity to build a foundational library with higher security and stronger performance.

The following is the complete proposal content for this plan. We invite every Builder who is building on Aptos to participate deeply, and we also welcome you to spread this infrastructure concept.

What we have prepared: from funds, organization to mechanisms.

Initial funding: Movemaker provides a first round of $200,000 in funding for:

Development and maintenance of core modules.

Professional security audit fees.

Developer Incentives and Bounty Program.

Documentation writing and community operation support.

Necessary toolchain and infrastructure construction.

Development Organization: alcove coordinates community development resources as the project lead, responsible for managing processes, providing technical support, conducting security audits, etc.;

Multi-party resource support: Various project parties, independent developers, and security audit companies will participate in the research, testing, and review of the basic modules in stages.

Governance mechanism: PR review, testing verification, Move Prover verification, pre-audit, bounty incentives, fully transparent execution throughout the process.

What we want to build: The infrastructure base of the Move ecosystem

Build a core infrastructure library: Develop a set of Move modules that cover core functions such as access control, upgrade management tools, DeFi modules, and general tools.

Enhancing ecological security: Utilizing the inherent security features of the Move language (such as reentrancy prevention and strong typing) combined with rigorous testing, formal verification, and independent security audits to ensure the highest security of the library.

Promote developer adoption: By providing high-quality, easy-to-understand documentation, tutorials, and examples, lower the learning curve of the Move language to attract more developers into the Aptos ecosystem.

Establish a community co-construction model: Create an open and collaborative development process that encourages project teams, independent developers, and security audit firms to participate together, ensuring the quality, relevance, and sustainability of the library.

Accelerate ecosystem development: Provide a reliable foundation for Aptos dApp developers, accelerate innovation, reduce the cost of reinventing the wheel, thereby promoting the prosperity of the Aptos ecosystem.

How to participate in co-construction? Every developer can become a promoter.

We believe that a truly trustworthy and reusable smart contract foundational library must be built collectively by the ecosystem. Therefore, this initiative is open to all Aptos developers, whether you come from a team project or are an independent creator, you can participate in the co-construction in an appropriate way:

How the project party can participate: If you are a developer team of an existing project on Aptos, you can participate in the development, testing, and integration of core modules. By transforming the pitfalls you have encountered and the best practices you have used in actual business into reusable standard components for the entire ecosystem, you can not only enhance the security of your project but also contribute to the entire ecosystem.

Independent developers also have a stage: If you are a Move enthusiast or an independent developer, we will continuously recruit module contributors through code challenges, bounty programs, and public task pools. Alcove will provide complete contribution guidelines, development documentation, and technical support to help you join from 0 to 1.

The participation method is simple and clear: all module development will be conducted publicly on GitHub, using the Pull Request (PR) mechanism. All code must pass automated testing and Move Prover verification, and will be merged after review by core contributors. The auditing and version management mechanisms will also be executed simultaneously to ensure that every line of code stands up to scrutiny.

What tools and resources will we provide?

In order to lower the participation threshold and improve development efficiency, we will also build a complete set of ecological tools and support systems.

Core module library: includes reusable components such as access control, module upgrades, DeFi basic logic, security tools, etc.

Multi-language SDK: Supports TypeScript, Python, Rust, Go and other languages, simplifying on-chain operations;

Standardized API: Provides application developers with easier access to on-chain data query and interaction interfaces;

Developer tools support: including VS Code plugins, CLI extensions, debugging tools, etc., to enhance the coding experience;

Project templates and sample code: ready-to-use sample projects that allow you to quickly get started building your own applications.

Whether you are a beginner or an experienced developer, as long as you care about the technical future of Aptos, this set of foundational libraries and tools will be an indispensable starting point for you.

Conclusion: The starting point of an ecosystem-level infrastructure

Building an OpenZeppelin-inspired Move open-source library on Aptos is a project with long-term strategic value for the entire ecosystem. We will make full use of the advantages of the Move language in terms of resource security and strong typing, combined with the parallel execution and native upgrade capabilities of the Aptos platform, to create a more secure, efficient and friendly smart contract development environment for developers.

By combining the security rigor of OpenZeppelin with the technical innovation of Move/Aptos, this foundational library is expected to become a cornerstone for Aptos dApp development, reducing redundant development costs, accelerating product iteration pace, and driving the ecosystem towards a more professional and robust evolution.

The success of this open-source initiative relies on the collective efforts of all Builders. We sincerely invite the Aptos project team, independent developers, and security experts to join us in building together, to refine a set of truly trustworthy, reusable, and auditable underlying standards. If you are building the future on Aptos, then this foundational library will also belong to you.

About Movemaker

Movemaker is an official community organization authorized by the Aptos Foundation and jointly initiated by Ankaa and BlockBooster, focusing on promoting the construction and development of the Aptos ecosystem in the Chinese-speaking region. As the official representative of Aptos in the Chinese-speaking region, Movemaker has received million-dollar funding and resource support from the Aptos Foundation and is committed to building a diverse, open, and prosperous Aptos ecosystem by connecting developers, users, capital, and numerous ecological partners.

From DeFi, AI to payments, stablecoins, and RWA, Movemaker is committed to supporting innovative projects in their application and promoting the connection between Aptos technology and the real world. As an important bridge for Aptos in Asia, Movemaker is inspiring more developers to join the Aptos ecosystem with localized narratives and a global vision.

About alcove

alcove is the first Move Chinese developer community in Asia co-built by Aptos, dedicated to supporting developers in using the Move language to build the next generation of Web3 applications. The community brings together a large number of developers with capabilities in Move underlying development, contract security, and toolchain construction, and has contributed practical experience to multiple Aptos projects.