Smart contracts

  • Use hardhat to develop your contracts
  • NatSpec is a must, this way it's easier when it comes to audit and to people that want to understand the code
  • Tests must be implemented and cover at least 90% of the code. Solidity Coverage is an excellent tool that will help you to check exactly which lines are missing
  • Use linter (Prettier and Solhint) - Note that solhint gives you lint and security validations
  • Good documentation. Beside of natspec and the tests, good markdown files explaining what the Smart Contracts are trying to achieve is really important; this way, the developer can give an overview of how the contracts works, hence, making it easier for - auditors/other developers to collaborate and/or review
  • Use libraries in order to implement standards whenever possible, especially Open Zeppelin
  • If you are using a solidity version lower than 0.8, make sure you use SafeMath in order to avoid under/overflows
  • Attack vectors to be aware of: https://github.com/crytic/building-secure-contracts
  • This should be every SC dev's bible: https://consensys.github.io/smart-contract-best-practices/

Important dOrg Policy: ALL smart contracts need to be audited before going into production