blockchains-security-toolkit/vulnerabilities/security_tips.md at c96bf93d06881f1136fe194d66e98d5ca37f0429

bt3gl f82a1c77b4 🍩 rename vulns

2022-09-23 13:42:46 -07:00

🌭 security tips

tx.origin needs to bere placed by msg.sender, otherwise any contract you call can act on your behalf.
inline assembly should be used only in rare cases.
unclear semantics: now is alias for block.timestamp not current time; use of low level call, callcode, delegatecall should be avoided whenever possible; use transfer whenever failure of ether transfer should rollnack the whole transaction.
beware of caller contracts: selfdestruct can block calling contracts unexpectedly.
invocation of local functions via this: never use this to call functions in the same contract, it only consumes more gas than normal call.
transferring Ether in a for/while/do-while loop should be avoid due to the block gas limit.
erc20 decimals should have uint8 as return type.