Smart Contracts are an easy target for hackers because of its immutability and public nature, once you deploy them, anybody can access them and you cannot change their logic, if your contract has a terrible bug it might be over for you, you can be sure that at some point someone will find it and (worst case scenario) exploit it.
Spending as much time, effort and money as possible preventing bugs is paramount in the web3 industry, but you should always assume that no matter how many resources you spent preventing them, some will always manage to escape from your checks.
Below you will find a list of common best practices/safeguards that will not help you prevent bugs but will help you detect them as soon as possible, minimize their impact and fix them. For prevention, I already wrote a blog that you can find here (solidity vulnerabilities).
This list is by no means fully complete, but I believe it is a good start for beginners.
- Use events
- Use asserts
- Mirroring dApp logic off-chain
MINIMIZING THE IMPACT
- Pausable pattern
- Speed Bump pattern
- Rate limit pattern
- Automatic deprecation pattern
- Admin rights
FIXING THE BUGS
- Upgrade patterns
- Contract migration procedures
After weeks or months of testing, you finally deploy in Mainnet, now the very first thing you must do is monitor your contracts as closely as possible to find out any abnormal behavior that could be the result of a bug.
Events are to Ethereum smart contracts what logs are to web2 applications. You should implement your code so that every critical operation (or even any state change operation) emits an event with all the data involved in the operation. Do not hesitate to use indexed arguments in your event, even if they make the emission more expensive, they will be very helpful if you need to filter them off-chain.
#Smart #Contracts #Safeguards #Smart #Contracts #easy #target #Alberto #Molina #Coinmonks