Smart contract best practice 1

This blog provides a baseline knowledge of security considerations for Smart Contract developer in Ethereum Blockchain.

Change your mindset

Smart contract programming requires a different engineering mindset than you may be used to. It is therefore not enough to defend against known vulnerabilities. Instead, you will need to learn a new philosophy of development.

General Philosophy

Ethereum is new highly experimental. Therefore, you should expect constant changes in the security landscape, as new bugs and security risks are discovered, and new best practices are developed.

Prepare for failure

Any contract can have error in it, your code must be able response to bugs and vulnerabilities gracefully.

• Pause the contract when things are going wrong.
• Manage the amount of money at risk.
• Have an effective upgrade path for bugfixes and improvements.
• Figure out effective ways to fix bugs and improve functionality.

Keep contracts simple

Complexity increases the likelihood of errors.

• Ensure the contract logic is very simple.
• Use already-written tools or code where possible.
• Modular, reuses code instead of duplicating it, and supports upgradeable components.
• Clarity is more important than performance when allows.

Be aware of blockchain properties

• Be extremely careful about external contract calls, which may execute malicious code and change control flow.
• Understand that public functions are public, and may be called maliciously. Private data is also viewable by anyone.

Keep updated

Ensure access to the latest security developments by disclosing resources

• Check your smart contract when any new vulnerabilities are discovered.
• Update the library or tool as quickly as possible when possible.
• Use the latest security technologies.
• Get clear understanding of blockchain features.

Thank you for your reading and keep update with me