Skip to main content
Once you finished developing your smart contract please go through the following list in order to ensure everything is safe for the end user.
Check our security articles to understand how to improve the security of your contract.

Anatomy

  1. All private methods are decorated as private.

Environment

  1. predecessor and signer are used correctly through the entire contract.

Storage

  1. Each time the state grows it is ensured that there is enough balance to cover it
  2. All collections (i.e. Vector, Map, Tree, etc) have a unique id
  3. Check for underflow and overflow!. In rust, you can do this by simply adding the overflow-checks = true flag in your Cargo.toml.

Actions

  1. When sending money, you leave enough in the contract to cover the storage cost
  2. If you are tracking user’s fund, you deduct them before sending them back to the user.

Callbacks

  1. All private callbacks are marked as private
  2. All cross-contract calls have a callback
  3. All callbacks check for errors and roll back the state if necessary
  4. All callbacks return money to the predecessor if necessary
  5. Callbacks are free of panic!
  6. All the callbacks are given enough GAS to execute entirely
  7. The contract is not left in an exploitable state between a cross-contract call and its callback