- Use hardhat to develop your contracts
- NatSpec is a must, this way it's easier when it comes to audit and to people that want to understand the code
- Tests must be implemented and cover at least 90% of the code. Solidity Coverage is an excellent tool that will help you to check exactly which lines are missing
- Use linter (Prettier and Solhint) - Note that solhint gives you lint and security validations
- Good documentation. Beside of natspec and the tests, good markdown files explaining what the Smart Contracts are trying to achieve is really important; this way, the developer can give an overview of how the contracts works, hence, making it easier for - auditors/other developers to collaborate and/or review
- Use libraries in order to implement standards whenever possible, especially Open Zeppelin
- If you are using a solidity version lower than
0.8
, make sure you useSafeMath
in order to avoid under/overflows - Attack vectors to be aware of: https://github.com/crytic/building-secure-contracts
- This should be every SC dev's bible: https://consensys.github.io/smart-contract-best-practices/
Important dOrg Policy:
ALL smart contracts need to be audited before going into production