Ethereum Smart Contract Security Best Practices¶
This document provides a baseline knowledge of security considerations for intermediate Solidity programmers. It is maintained by ConsenSys Diligence, and the broader Ethereum community.
Where to start?¶
- General Philosopy describes the smart contract security mindset
- Solidity Recommendations contains examples of good code patterns
- Known Attacks describes the different classes of vulnerabilities to avoid
- Software Engineering outlines some architectural and design approaches for risk mitigation
- Documentation and Procedures outlines best practices for documenting your system for other developers and auditors
- Security Tools lists tools for improving code quality, and detecting vulnerabilities
- Security Notifications lists sources of information for staying up to date
Contributions are welcome!¶
Feel free to submit a pull request, with anything from small fixes, to full new sections. If you are writing new content, please reference the contributing page for guidance on style.
See the issues for topics that need to be covered or updated. If you have an idea you'd like to discuss, please chat with us in Gitter.
If you've written an article or blog post, please add it to the bibliography.