Designing secure smart contracts

Takeaways from slides

  • Security Matters as there are large amounts of money in the smart contracts

  • Code is unchangeable

  • Money is stored in Smart Contracts that are controlled by Functions

  • DAO Hack - hacker stole $150MM+ from 11k addresses = 15% of all Ether back then

  • Slock.it built the DAO as a custom fundraising tool

  • The story behind the DAO hack

Code overview:

  • Always specify visibility within each function, use audited contracts like OpenZeppelin

  • Use pull, not push payments for integrations Common issues:

  • reentrancy

  • unsafe math

  • too broad function visibility

  • low-level calls without safety checks

  • unbounded iteration

  • badd randomness

  • lack of mastery of solidity concepts

  • Understand every dependency you use

  • Importance of testing: unit tests, integration tests, good test coverage, extreme test scenarios, tests for all dependencies, cl server

  • The goal of tests - think like an attacker

  • Realistic goal - resilient smart contracts

  • General tips: keep contract simple, prep for failure, roll out in stages, leverage community tools, stay up to date

Source - Slides: https://docs.google.com/presentation/d/1nOX__vvVqW5frDs93W9D81U3KEX-kAg8GhGobCOnmZo/edit#slide=id.p20

PreviousEIP2612 Signed token approvalsNextEIP712 Ethereum typed structured data hashing and signing

Last updated