DevCon2: Smart Contract Security Best Practices
First, developers need to prepare for failure. Developers and alpha users should also be ready for the “unknown unknowns.” Knowing all the possible outcomes of a contract is simply not possible in some cases.
Second, developers should prepare a roll out of their product carefully. A good production system requires time to be ready and engineers should not feel pressure from monetary considerations when pushing out products. The strongest contracts require a significant amount of time to be made before the launch, including:
- the deployment on testnets
- a beta on the mainnet
Third, developers should aim to keep contracts simple. Not only was this more cost efficient for gas usage but could also lead to new surprising results as simplicity breeds creativity.
Finally, staying up to date on the most recent findings and developments was absolutely crucial in this industry. Specifically, ConsenSys maintains the Smart Contract Best Practices guide of the community’s suggestions for building secure contracts. The Smart Contract Best Practices document is a community collaboration, so if you have suggestions, pull requests are welcome!
This series was a collaborative research project written by Bill Gleim, Simon de la Rouviere, Paul Kohlhaas, and Niran Babalola. It was crowdfunded by the Ethereum Movement, a decentralized nonprofit built on Benefactory.
