At a minimum:

• All code stored in a version control system, such as git
• All code modifications made via Pull Requests
• All Pull Requests have at least one reviewer. If you are a solo project, consider finding another solo author and trade code reviews!
• A single command compiles, deploys, and runs a suite of tests against your code using a development Ethereum environment (See: Truffle)
• You have run your code through basic code analysis tools such as Mythril and Slither, ideally before each pull request is merged, comparing differences in output
• Solidity does not emit ANY compiler warnings
• Your code is well-documented

Verified source code

• Upload the source code for all smart contracts to a reliable platform (for example, Etherscan).
• Add the code to an easily shareable repository, such as on GitHub, especially if it is not yet deployed.
• If the token is upgradable, use distinct releases to communicate the state of the token at each upgrade.

Industry-standard library use

• Use popular and well-vetted standards whenever possible, such as OpenZeppelin’s vast repository of smart contracts.

• If implementing a special feature, such as off-chain signing or transaction hooks, use EIPs as guidance.

• Limited scope for privileged roles

• Do not allow any roles to freeze, burn, or otherwise modify user funds without permission.