Category: Best Practice

Token Interaction Checklist

A checklist for developers and security engineers to make use of when working with contracts that interact with many different tokens, especially if they want to support user-inputted tokens.
Shayan Eskandari
November 16, 2020

Questions DeFi users should be asking DeFi Developers

The DeFi space has had a tumultuous couple months, with a number of attacks as well as unexploited vulnerabilities being reported. Bugs are unavoidable, but there are many things that can be done to reduce their frequency, and mitigate their negative effects. As auditors, we want to help, but in order to really get developers to truly prioritize security, users need to start asking tough questions, and putting their money into the protocols that can answer them thoughtfully.
John Mardlin
March 02, 2020

Eliminating Smart Contract Special Cases

Special cases lead to code complexity, which leads to bugs. In this post, I’ll share some examples of eliminating special cases to reduce code complexity and improve maintainability.
Steve Marx
September 23, 2019

Stop Using Solidity's transfer() Now

Solidity’s transfer() method uses a hardcoded gas amount, but gas costs can change. It’s time to stop using this method.
Steve Marx
September 02, 2019

Upgradeability Is a Bug

Smart contracts are useful because they’re trustless. Immutability is a critical feature to achieve trustlessness…
Steve Marx
January 30, 2019