โ Checklist
Once you finished developing your smart contract please go through the following list in order to ensure everything is safe for the end user.
info
Check our security articles to understand how to improve the security of your contract.
Anatomyโ
- All private methods are decorated as
private
.
Environmentโ
predecessor
andsigner
are used correctly through the entire contract.
Storageโ
- Each time the state grows it is ensured that there is enough balance to cover it
- All collections (i.e. Vector, Map, Tree, etc) have an unique id
- Check for underflow and overflow!. In rust, you can do this by simply adding the
overflow-checks = true
flag in yourCargo.toml
.
Actionsโ
- When sending money, you leave enough in the contract to cover the storage cost
- If you are tracking user's fund, you deduct them before sending them back to the user.
Callbacksโ
- All private callbacks are marked as
private
- All cross-contract calls have a callback
- All callbacks check for errors and roll back the state if necessary
- All callbacks return money to the
predecessor
if necessary - Callbacks are free of
panic!
- All the callbacks are given enough GAS to execute entirely
- The contract is not left in an exploitable state between a cross-contract call and its callback