✅ Checklist
Once you finished developing your smart contract please go through the following list in order to ensure everything is safe for the end user.
info
Check our security articles to understand how to improve the security of your contract.
Anatomy
- All private methods are decorated as private.
Environment
- predecessorand- signerare used correctly through the entire contract.
Storage
- Each time the state grows it is ensured that there is enough balance to cover it
- All collections (i.e. Vector, Map, Tree, etc) have an unique id
- Check for underflow and overflow!. In rust, you can do this by simply adding the overflow-checks = trueflag in yourCargo.toml.
Actions
- When sending money, you leave enough in the contract to cover the storage cost
- If you are tracking user's fund, you deduct them before sending them back to the user.
Callbacks
- All private callbacks are marked as private
- All cross-contract calls have a callback
- All callbacks check for errors and roll back the state if necessary
- All callbacks return money to the predecessorif necessary
- Callbacks are free of panic!
- All the callbacks are given enough GAS to execute entirely
- The contract is not left in an exploitable state between a cross-contract call and its callback