# Designing secure smart contracts ### Takeaways from slides * Security Matters as there are large amounts of money in the smart contracts * Code is unchangeable * Money is stored in Smart Contracts that are controlled by Functions * DAO Hack - hacker stole $150MM+ from 11k addresses = 15% of all Ether back then * Slock.it built the DAO as a custom fundraising tool * The story behind the DAO hack \ Code overview: * Always specify visibility within each function, use audited contracts like OpenZeppelin * Use pull, not push payments for integrations\ Common issues: * reentrancy * unsafe math * too broad function visibility * low-level calls without safety checks * unbounded iteration * badd randomness * lack of mastery of solidity concepts * Understand every dependency you use * Importance of testing: unit tests, integration tests, good test coverage, extreme test scenarios, tests for all dependencies, cl server * The goal of tests - think like an attacker * Realistic goal - resilient smart contracts * General tips: keep contract simple, prep for failure, roll out in stages, leverage community tools, stay up to date Source - Slides: --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://nft-standards.gitbook.io/nft-standards-wiki/nft-security/designing-secure-smart-contracts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.