As you may know, the Ethereum and more widely blockchain community suffered from a lot of hacks. These major hacks involved million of dollars stolen by exploiting security vulnerability in smart contracts developed by companies. Even the most talented programmers can easily make a mistake with code and when something involves money: a lot of people are here to exploit any vulnerabilities.
Here are two smart contract hacking that happened:
Always remember that it happens and you should always think about security when writing smart contracts or any code that involves manipulating money, or sensitive data.
Here are few advices:
- Always check the input data.
- Keep your contracts as simple and small as possible.
- Keep control and always have a simple and secure way to stop your contract and recover it’s holdings.
- Use as much as possible modules to keep codebase tiny and built around simple modules as we covered with our inheritance tutorial.
- Be extremely careful about external contract calls, which may execute malicious code and change control flow.
- Understand that your public functions are public, and may be called maliciously. Your private data is also viewable by anyone.
They are many possible flows in a smart contract such as integers overflow and underflow. Always keep up to date and learn about how your code could be exploited.
Please go and read the smart contracts best practices guide on Github. Also, always stay updated by reading news and following suggested peoples on Twitter.