A compilation of patterns and best practices for the smart contract programming language Solidity
Home Page: https://fravoll.github.io/solidity-patterns/
License: MIT License
Since the merge, the Ethereum network has replaced block difficulty with the random number that determined which validator gets to validate a block.
It's used by OpenSea's SeaDrop when trying to shift all token IDs by some random number to ensure a fairer distribution:
More about it here: https://soliditydeveloper.com/prevrandao
Fine,..$999.() of coin)* :in; wallets .,
This is a great resource. ๐
One thing I'd suggest is a brief warning somewhere attached to each pattern to indicate that the code hasn't been audited, and you're making no promises about correctness or safety (unless you have/are). This would be similar to the safe/unsafe patters in our best practices
It's really important in our space to build a culture of security, and this is a small example of how that manifests.
Hey, one concern I had about the contract sample in your article is the state variable bytes32 sealedSeed; is stored in the first slot of the contract storage. Isn't this easily accessed by web3.eth.getStorageAt(contractAddr, 0) function? A malicious attacker can read the seed and make a sure bet.
Well, maybe it's not that essential, but last 5 links in your documentation (site version) leads to Not found (but works fine if manually change to html version and without dot, in the beginning, you know). Everything else is great, by the way.
"Another example is the EtherRouter contract of Colony" in upgrade รร .md has a broken link in it.
Within solidity-patterns/Oracle/oracle.sol:
The oraclize import should be changed to "github.com/oraclize/ethereum-api/oraclizeAPI_0.4.sol" to maintain compatibility (the other option being updating the compiler version to 0.5.0).
Also, the api.fixer.io endpoint is now deprecated, and the new endpoint requires an API key to use. To fix this, the "https://api.exchangeratesapi.io/latest?symbols=USD" endpoint can be used as a drop-in replacement to the fixer endpoint.
Thanks!
I suggest adding an entry about diamonds from EIP-2535 Diamond Standard: https://eips.ethereum.org/EIPS/eip-2535
It is an important new Solidity pattern getting adopted by new projects. More info here: https://dev.to/mudgen
Not sure if there is error, or just change in compiler, but in your code you've got strings, a b compared with return keccak256(a)==keccak256(b) which doesn't compile, needs `keccak256(bytes(a))==keccak256(bytes(b));
Hello,
When trying to run the sample at https://fravoll.github.io/solidity-patterns/oracle.html
In Remix.Ethereum.Org
I have the following error :
contracts/oracle.sol:19:39: TypeError: Data location must be "memory" for parameter in function, but none was given.
function __callback(bytes32 myid, string result) public {
^-----------^
It would be helpful if there's explicit license name on each objects in this repository.
(e.g, MIT, GPLv3, etc)
We are planning to make Smart Contract Design Pattern repository with code executable environment, and wondering if we could include your patterns or not.
Will a PR have a chance to be merged if we do all the work? I was thinking of updating your oracles and randomness section.
"Therefore, guaranteeing that the function call can only be successful after at least four months have passed since the last change."?
Is this suppose to read "at least four weeks" instead of four months?
Ref: https://github.com/fravoll/solidity-patterns/blob/master/docs/access_restriction.md
We have scanned your project on https://scanmycode.io for Web2 & Web 3 and Infractructure Cloudnative issues. Including: PHP, Java, Scala, Python, Ruby, Javascript, Typescript, GO, Solidity, DeFi Security, Infrastructure as a Code Best Practice and Security (Docker, Kubernetes (k8s), Terraform AWS, GCP, Azure), Secret Scanning, Dependency Confusion, Trojan Source, Open Source and Proprietary Checks. Feel free to go to https://www.scanmycode.io/defiscan/fravoll/solidity-patterns/ to check your report. If you have any questions or need support on the report please contact us directly. Thank you!
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.