THIS SITE CATERS TO THE PROBLEM OF THE DEFENCES

Reentrancy

Front-Running

Mitigations

Timestamp Dependence

DoS with (Unexpected) revert

Smart Contract Security Best Practices

Military and defense software provide military personnel and military contractors with operational support and administrative tools. This software consists of intelligence gathering and tactical communication tools, and radar technology. Also, IoT management software and military asset tracking, as well as specialized software such as Command Management Information Systems (CMIS).This document provides a baseline knowledge of security considerations for intermediate Solidity programmers. It is maintained by ConsenSys Diligence, with contributions from our friends in the broader Ethereum community.

General Philosophy

Ethereum and complex blockchain programs are new and highly experimental. Therefore, you should expect constant changes in the security landscape, as new bugs and security risks are discovered, and new best practices are developed. Following the security practices in this document is therefore only the beginning of the security work you will need to do as a smart contract developer.
Smart contract programming requires a different engineering mindset than you may be used to. The cost of failure can be high, and change can be difficult, making it in some ways more similar to hardware programming or financial services programming than web or mobile development. It is therefore not enough to defend against known vulnerabilities. Instead, you will need to learn a new philosophy of development:

Prepare for failure

Any non-trivial contract will have errors in it. Your code must, therefore, be able to respond to bugs and vulnerabilities gracefully.

  • Pause the contract when things are going wrong ('circuit breaker')
  • Manage the amount of money at risk (rate limiting, maximum usage)
  • Have an effective upgrade path for bugfixes and improvements

Contributions are welcome!

Feel free to submit a pull request, with anything from small fixes, to full new sections. If you are writing new content, please reference the contributing page for guidance on style. See the issues for topics that need to be covered or updated.

WHERE TO START?

General Philosophy

describes the smart contract security mindset

Smart Contract Recommendations

contains examples of good code patterns

Software Engineering

describes the different classes of vulnerabilities to avoid

Security Tools

outlines some architectural and design approaches for risk mitigation

Tokens

outlines best practices specifically related to Tokens.

Bug Bounties

List of bug bounties in the ecosystem.

About us

"Our military strength is a prerequisite to peace, but let it be clear we maintain this strength in the hope it will never be used.That's how we strategize and work."

Aayushi Das

Founder

"None but an armed nation can dispense with a standing army. To keep ours armed and disciplined is therefore at all times important.Hence,helping the defences with some of the problems they are facing."

Shrey Binduraj

Co-Founder