Solidity Security

1---2name: solidity-security3description: Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.4---5 6# Solidity Security7 8Master smart contract security best practices, vulnerability prevention, and secure Solidity development patterns.9 10## When to Use This Skill11 12- Writing secure smart contracts13- Auditing existing contracts for vulnerabilities14- Implementing secure DeFi protocols15- Preventing reentrancy, overflow, and access control issues16- Optimizing gas usage while maintaining security17- Preparing contracts for professional audits18- Understanding common attack vectors19 20## Critical Vulnerabilities21 22### 1. Reentrancy23 24Attacker calls back into your contract before state is updated.25 26**Vulnerable Code:**27 28```solidity29// VULNERABLE TO REENTRANCY30contract VulnerableBank {31    mapping(address => uint256) public balances;32 33    function withdraw() public {34        uint256 amount = balances[msg.sender];35 36        // DANGER: External call before state update37        (bool success, ) = msg.sender.call{value: amount}("");38        require(success);39 40        balances[msg.sender] = 0;  // Too late!41    }42}43```44 45**Secure Pattern (Checks-Effects-Interactions):**46 47```solidity48contract SecureBank {49    mapping(address => uint256) public balances;50 51    function withdraw() public {52        uint256 amount = balances[msg.sender];53        require(amount > 0, "Insufficient balance");54 55        // EFFECTS: Update state BEFORE external call56        balances[msg.sender] = 0;57 58        // INTERACTIONS: External call last59        (bool success, ) = msg.sender.call{value: amount}("");60        require(success, "Transfer failed");61    }62}63```64 65**Alternative: ReentrancyGuard**66 67```solidity68import "@openzeppelin/contracts/security/ReentrancyGuard.sol";69 70contract SecureBank is ReentrancyGuard {71    mapping(address => uint256) public balances;72 73    function withdraw() public nonReentrant {74        uint256 amount = balances[msg.sender];75        require(amount > 0, "Insufficient balance");76 77        balances[msg.sender] = 0;78 79        (bool success, ) = msg.sender.call{value: amount}("");80        require(success, "Transfer failed");81    }82}83```84 85### 2. Integer Overflow/Underflow86 87**Vulnerable Code (Solidity < 0.8.0):**88 89```solidity90// VULNERABLE91contract VulnerableToken {92    mapping(address => uint256) public balances;93 94    function transfer(address to, uint256 amount) public {95        // No overflow check - can wrap around96        balances[msg.sender] -= amount;  // Can underflow!97        balances[to] += amount;          // Can overflow!98    }99}100```101 102**Secure Pattern (Solidity >= 0.8.0):**103 104```solidity105// Solidity 0.8+ has built-in overflow/underflow checks106contract SecureToken {107    mapping(address => uint256) public balances;108 109    function transfer(address to, uint256 amount) public {110        // Automatically reverts on overflow/underflow111        balances[msg.sender] -= amount;112        balances[to] += amount;113    }114}115```116 117**For Solidity < 0.8.0, use SafeMath:**118 119```solidity120import "@openzeppelin/contracts/utils/math/SafeMath.sol";121 122contract SecureToken {123    using SafeMath for uint256;124    mapping(address => uint256) public balances;125 126    function transfer(address to, uint256 amount) public {127        balances[msg.sender] = balances[msg.sender].sub(amount);128        balances[to] = balances[to].add(amount);129    }130}131```132 133### 3. Access Control134 135**Vulnerable Code:**136 137```solidity138// VULNERABLE: Anyone can call critical functions139contract VulnerableContract {140    address public owner;141 142    function withdraw(uint256 amount) public {143        // No access control!144        payable(msg.sender).transfer(amount);145    }146}147```148 149**Secure Pattern:**150 151```solidity152import "@openzeppelin/contracts/access/Ownable.sol";153 154contract SecureContract is Ownable {155    function withdraw(uint256 amount) public onlyOwner {156        payable(owner()).transfer(amount);157    }158}159 160// Or implement custom role-based access161contract RoleBasedContract {162    mapping(address => bool) public admins;163 164    modifier onlyAdmin() {165        require(admins[msg.sender], "Not an admin");166        _;167    }168 169    function criticalFunction() public onlyAdmin {170        // Protected function171    }172}173```174 175### 4. Front-Running176 177**Vulnerable:**178 179```solidity180// VULNERABLE TO FRONT-RUNNING181contract VulnerableDEX {182    function swap(uint256 amount, uint256 minOutput) public {183        // Attacker sees this in mempool and front-runs184        uint256 output = calculateOutput(amount);185        require(output >= minOutput, "Slippage too high");186        // Perform swap187    }188}189```190 191**Mitigation:**192 193```solidity194contract SecureDEX {195    mapping(bytes32 => bool) public usedCommitments;196 197    // Step 1: Commit to trade198    function commitTrade(bytes32 commitment) public {199        usedCommitments[commitment] = true;200    }201 202    // Step 2: Reveal trade (next block)203    function revealTrade(204        uint256 amount,205        uint256 minOutput,206        bytes32 secret207    ) public {208        bytes32 commitment = keccak256(abi.encodePacked(209            msg.sender, amount, minOutput, secret210        ));211        require(usedCommitments[commitment], "Invalid commitment");212        // Perform swap213    }214}215```216 217## Security Best Practices218 219### Checks-Effects-Interactions Pattern220 221```solidity222contract SecurePattern {223    mapping(address => uint256) public balances;224 225    function withdraw(uint256 amount) public {226        // 1. CHECKS: Validate conditions227        require(amount <= balances[msg.sender], "Insufficient balance");228        require(amount > 0, "Amount must be positive");229 230        // 2. EFFECTS: Update state231        balances[msg.sender] -= amount;232 233        // 3. INTERACTIONS: External calls last234        (bool success, ) = msg.sender.call{value: amount}("");235        require(success, "Transfer failed");236    }237}238```239 240### Pull Over Push Pattern241 242```solidity243// Prefer this (pull)244contract SecurePayment {245    mapping(address => uint256) public pendingWithdrawals;246 247    function recordPayment(address recipient, uint256 amount) internal {248        pendingWithdrawals[recipient] += amount;249    }250 251    function withdraw() public {252        uint256 amount = pendingWithdrawals[msg.sender];253        require(amount > 0, "Nothing to withdraw");254 255        pendingWithdrawals[msg.sender] = 0;256        payable(msg.sender).transfer(amount);257    }258}259 260// Over this (push)261contract RiskyPayment {262    function distributePayments(address[] memory recipients, uint256[] memory amounts) public {263        for (uint i = 0; i < recipients.length; i++) {264            // If any transfer fails, entire batch fails265            payable(recipients[i]).transfer(amounts[i]);266        }267    }268}269```270 271### Input Validation272 273```solidity274contract SecureContract {275    function transfer(address to, uint256 amount) public {276        // Validate inputs277        require(to != address(0), "Invalid recipient");278        require(to != address(this), "Cannot send to contract");279        require(amount > 0, "Amount must be positive");280        require(amount <= balances[msg.sender], "Insufficient balance");281 282        // Proceed with transfer283        balances[msg.sender] -= amount;284        balances[to] += amount;285    }286}287```288 289### Emergency Stop (Circuit Breaker)290 291```solidity292import "@openzeppelin/contracts/security/Pausable.sol";293 294contract EmergencyStop is Pausable, Ownable {295    function criticalFunction() public whenNotPaused {296        // Function logic297    }298 299    function emergencyStop() public onlyOwner {300        _pause();301    }302 303    function resume() public onlyOwner {304        _unpause();305    }306}307```308 309## Gas Optimization310 311### Use `uint256` Instead of Smaller Types312 313```solidity314// More gas efficient315contract GasEfficient {316    uint256 public value;  // Optimal317 318    function set(uint256 _value) public {319        value = _value;320    }321}322 323// Less efficient324contract GasInefficient {325    uint8 public value;  // Still uses 256-bit slot326 327    function set(uint8 _value) public {328        value = _value;  // Extra gas for type conversion329    }330}331```332 333### Pack Storage Variables334 335```solidity336// Gas efficient (3 variables in 1 slot)337contract PackedStorage {338    uint128 public a;  // Slot 0339    uint64 public b;   // Slot 0340    uint64 public c;   // Slot 0341    uint256 public d;  // Slot 1342}343 344// Gas inefficient (each variable in separate slot)345contract UnpackedStorage {346    uint256 public a;  // Slot 0347    uint256 public b;  // Slot 1348    uint256 public c;  // Slot 2349    uint256 public d;  // Slot 3350}351```352 353### Use `calldata` Instead of `memory` for Function Arguments354 355```solidity356contract GasOptimized {357    // More gas efficient358    function processData(uint256[] calldata data) public pure returns (uint256) {359        return data[0];360    }361 362    // Less efficient363    function processDataMemory(uint256[] memory data) public pure returns (uint256) {364        return data[0];365    }366}367```368 369### Use Events for Data Storage (When Appropriate)370 371```solidity372contract EventStorage {373    // Emitting events is cheaper than storage374    event DataStored(address indexed user, uint256 indexed id, bytes data);375 376    function storeData(uint256 id, bytes calldata data) public {377        emit DataStored(msg.sender, id, data);378        // Don't store in contract storage unless needed379    }380}381```382 383## Common Vulnerabilities Checklist384 385```solidity386// Security Checklist Contract387contract SecurityChecklist {388    /**389     * [ ] Reentrancy protection (ReentrancyGuard or CEI pattern)390     * [ ] Integer overflow/underflow (Solidity 0.8+ or SafeMath)391     * [ ] Access control (Ownable, roles, modifiers)392     * [ ] Input validation (require statements)393     * [ ] Front-running mitigation (commit-reveal if applicable)394     * [ ] Gas optimization (packed storage, calldata)395     * [ ] Emergency stop mechanism (Pausable)396     * [ ] Pull over push pattern for payments397     * [ ] No delegatecall to untrusted contracts398     * [ ] No tx.origin for authentication (use msg.sender)399     * [ ] Proper event emission400     * [ ] External calls at end of function401     * [ ] Check return values of external calls402     * [ ] No hardcoded addresses403     * [ ] Upgrade mechanism (if proxy pattern)404     */405}406```407 408## Testing for Security409 410```javascript411// Hardhat test example412const { expect } = require("chai");413const { ethers } = require("hardhat");414 415describe("Security Tests", function () {416  it("Should prevent reentrancy attack", async function () {417    const [attacker] = await ethers.getSigners();418 419    const VictimBank = await ethers.getContractFactory("SecureBank");420    const bank = await VictimBank.deploy();421 422    const Attacker = await ethers.getContractFactory("ReentrancyAttacker");423    const attackerContract = await Attacker.deploy(bank.address);424 425    // Deposit funds426    await bank.deposit({ value: ethers.utils.parseEther("10") });427 428    // Attempt reentrancy attack429    await expect(430      attackerContract.attack({ value: ethers.utils.parseEther("1") }),431    ).to.be.revertedWith("ReentrancyGuard: reentrant call");432  });433 434  it("Should prevent integer overflow", async function () {435    const Token = await ethers.getContractFactory("SecureToken");436    const token = await Token.deploy();437 438    // Attempt overflow439    await expect(token.transfer(attacker.address, ethers.constants.MaxUint256))440      .to.be.reverted;441  });442 443  it("Should enforce access control", async function () {444    const [owner, attacker] = await ethers.getSigners();445 446    const Contract = await ethers.getContractFactory("SecureContract");447    const contract = await Contract.deploy();448 449    // Attempt unauthorized withdrawal450    await expect(contract.connect(attacker).withdraw(100)).to.be.revertedWith(451      "Ownable: caller is not the owner",452    );453  });454});455```456 457## Audit Preparation458 459```solidity460contract WellDocumentedContract {461    /**462     * @title Well Documented Contract463     * @dev Example of proper documentation for audits464     * @notice This contract handles user deposits and withdrawals465     */466 467    /// @notice Mapping of user balances468    mapping(address => uint256) public balances;469 470    /**471     * @dev Deposits ETH into the contract472     * @notice Anyone can deposit funds473     */474    function deposit() public payable {475        require(msg.value > 0, "Must send ETH");476        balances[msg.sender] += msg.value;477    }478 479    /**480     * @dev Withdraws user's balance481     * @notice Follows CEI pattern to prevent reentrancy482     * @param amount Amount to withdraw in wei483     */484    function withdraw(uint256 amount) public {485        // CHECKS486        require(amount <= balances[msg.sender], "Insufficient balance");487 488        // EFFECTS489        balances[msg.sender] -= amount;490 491        // INTERACTIONS492        (bool success, ) = msg.sender.call{value: amount}("");493        require(success, "Transfer failed");494    }495}496```