Git Product home page Git Product logo

solidity-best-practices's Introduction

SOME SOLIDITY COMMON BEST PRACTICES

This is a non-exhaustive list of some common best practices when implementing smart contracts in Solidity, dealing with Multicall, Security, Upgradability and Oracles.

This list is adapted from the Udacity Blockchain developer nanodegree and serves as a personal reference and checklist when implementing smart contracts. It will be updated

FILE 1-Operational-Multicall.sol

Features: pausable contract, multicall

This show the implementation of a pausable contract, by implementing a state variable, that can be changed if a certain threshold of administrators vote for changing the contract status

FILE 2-Payments.sol

Features: Safemath, Re-entrancy attack prevention, Rate Limiting, Authorize EAO only

Implementation of

  • SafeMath implementation to prevent overflow/underflow risks
  • Ensures a caller is an Externally Owned Account (EOA) and not a Smart Contract
  • Re-entrancy attack prevention, with implementation of the CHECK - EFFECTS - INTERACTION pattern, and a safeguard feature avoiding possibility to recursively call a payout
  • Rate Limiting, introducing a cooldown period between 2 function calls

FILE 3-Data.sol and FILE 3-App.sol

Feature: Upgradability

Separation of Data and Logic into 2 smart contracts. The Data contract stores state variables and is intented to be permanent. The App contract implements the business logic and can be potentially replaced in the future, in case of bug correction or changes in the business logic.

The App contract is created by passing the address of the Data Contract,and is able to call methods from the Data Contract. The Data contract maintains a list of App Contracts addresses that are authorized to access the Data Contract, and enforces it with a modifier that restrict access of Data Cotnract function from authorized contracts only

FILE 4-Oracles.sol

Feature: implementation of Oracles

This implements some recommended practices when dealing with untrusted Oracles and minimizing attack risks like sybil or cartel attacks, where an Oracle would make a mistake (intentional or not) when submitting an answer:

  • implement many Oracles, avoiding to rely on a too small set of sources
  • ask pseudo-randomly a subset of Oracles to answer a request
  • only accept an answer as valid if it has been confirmed by a sufficient number of Oracles

solidity-best-practices's People

Contributors

sebastienbielecki avatar

Stargazers

avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.