Ethereum Smart Contract Security Best Practices
Complete guide to Ethereum smart contract security. Learn reentrancy prevention, access control, integer overflow protection, and professional audit techniques.
Smart contract security is paramount in the Web3 ecosystem. Unlike traditional software, once deployed on Ethereum, smart contracts are immutable and manage real financial assets. A single vulnerability can lead to millions of dollars in losses. This comprehensive guide covers the most critical security best practices every Solidity developer must know.
Why Smart Contract Security Matters
The history of Ethereum is filled with costly exploits:
- The DAO Hack (2016): $60M stolen via reentrancy, leading to Ethereum’s hard fork
- Parity Multisig Bug (2017): $150M+ frozen due to a library self-destruct
- Poly Network Exploit (2021): $611M stolen through cross-chain bridge vulnerability
- Ronin Bridge Hack (2022): $625M lost to compromised validator keys
These incidents underscore a harsh reality: in blockchain, code is law. There’s no “undo” button.
Ethereum smart contract security architecture and common vulnerabilities
Smart contract vulnerabilities can lead to irreversible financial losses. Always conduct thorough audits before mainnet deployment.
Common Vulnerabilities and How to Prevent Them
1. Reentrancy Attacks
Reentrancy occurs when an external contract calls back into the vulnerable contract before the first invocation completes, allowing recursive exploitation.
Vulnerable Code:
mapping(address => uint256) public balances;
function withdraw() public {
uint256 amount = balances[msg.sender];
require(amount > 0, "Insufficient balance");
// DANGEROUS: External call before state update
(bool sent, ) = msg.sender.call{value: amount}("");
require(sent, "Transfer failed");
balances[msg.sender] = 0;
}
Attack Scenario:
// Attacker contract
receive() external payable {
if (address(victim).balance >= 1 ether) {
victim.withdraw(); // Recursive call!
}
}
Secure Implementation:
function withdraw() public {
uint256 amount = balances[msg.sender];
require(amount > 0, "Insufficient balance");
// Update state BEFORE external call (Checks-Effects-Interactions pattern)
balances[msg.sender] = 0;
(bool sent, ) = msg.sender.call{value: amount}("");
require(sent, "Transfer failed");
}
Always update state variables before making external calls to prevent reentrancy attacks. This is the Checks-Effects-Interactions pattern.
Best Practice: Always follow the Checks-Effects-Interactions pattern:
- Checks: Validate conditions (
requirestatements) - Effects: Update contract state
- Interactions: Make external calls
Alternatively, use OpenZeppelin’s ReentrancyGuard:
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
contract SecureVault is ReentrancyGuard {
function withdraw() public nonReentrant {
// Safe from reentrancy
}
}
2. Integer Overflow and Underflow
Before Solidity 0.8.0, arithmetic operations could silently overflow/underflow.
Vulnerable Code (Solidity <0.8.0):
uint8 public count = 255;
function increment() public {
count++; // Overflows to 0!
}
function decrement() public {
count--; // If count is 0, underflows to 255!
}
Solutions:
- Upgrade to Solidity 0.8.0+ (built-in overflow checks)
- Use SafeMath library (for older versions):
import "@openzeppelin/contracts/utils/math/SafeMath.sol";
using SafeMath for uint256;
function add(uint256 a, uint256 b) public pure returns (uint256) {
return a.add(b); // Reverts on overflow
}
- Use
uncheckedblock when overflow is intentional (Solidity 0.8.0+):
function efficientLoop() public {
uint256 sum = 0;
unchecked {
for (uint256 i = 0; i < 1000; i++) {
sum += i; // No overflow checks = gas savings
}
}
}
3. Access Control Vulnerabilities
Improper access control allows unauthorized users to execute privileged functions.
Vulnerable Code:
address public owner;
function withdraw() public {
// Anyone can drain the contract!
payable(owner).transfer(address(this).balance);
}
Never leave privileged functions without access control modifiers. Use OpenZeppelin’s Ownable or AccessControl contracts.
Secure Implementation:
import "@openzeppelin/contracts/access/Ownable.sol";
contract SecureContract is Ownable {
function withdraw() public onlyOwner {
payable(owner()).transfer(address(this).balance);
}
}
Advanced Access Control with Roles:
import "@openzeppelin/contracts/access/AccessControl.sol";
contract MultiRoleContract is AccessControl {
bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE");
bytes32 public constant BURNER_ROLE = keccak256("BURNER_ROLE");
constructor() {
_setupRole(DEFAULT_ADMIN_ROLE, msg.sender);
}
function mint(address to, uint256 amount) public onlyRole(MINTER_ROLE) {
// Only accounts with MINTER_ROLE can call this
}
function burn(uint256 amount) public onlyRole(BURNER_ROLE) {
// Only accounts with BURNER_ROLE can call this
}
}
4. Unchecked External Calls
External calls can fail silently if not properly checked.
Vulnerable Code:
function sendPayment(address recipient) public {
// ❌ If call fails, execution continues!
recipient.call{value: 1 ether}("");
}
Secure Implementation:
function sendPayment(address recipient) public {
(bool success, ) = recipient.call{value: 1 ether}("");
require(success, "Payment failed");
}
Using transfer() and send():
// transfer() automatically reverts on failure (safe but uses 2300 gas)
payable(recipient).transfer(1 ether);
// send() returns bool (requires manual check)
bool sent = payable(recipient).send(1 ether);
require(sent, "Send failed");
⚠️ Caution: transfer() and send() are limited to 2300 gas, which may fail with smart contract recipients. Prefer call() with proper checks.
5. Front-Running and Transaction Ordering
Miners/validators can manipulate transaction order for profit (MEV - Maximal Extractable Value).
Example: A user submits a profitable trade on a DEX. An attacker observes the mempool and:
- Submits a front-running transaction (higher gas fee)
- Executes the trade first
- Profits from the user’s slippage
Mitigation Strategies:
// Implement commit-reveal scheme
mapping(bytes32 => uint256) public commits;
function commitTrade(bytes32 hashedTrade) public {
commits[hashedTrade] = block.number;
}
function revealTrade(
uint256 amount,
uint256 nonce
) public {
bytes32 hash = keccak256(abi.encodePacked(msg.sender, amount, nonce));
require(commits[hash] > 0, "No commit found");
require(block.number > commits[hash] + 1, "Reveal too early");
// Execute trade
}
- Use Flashbots for private transactions
- Implement slippage protection
- Add deadline parameters to time-sensitive functions
6. Denial of Service (DoS) Attacks
Gas Limit DoS:
// ❌ Vulnerable: Unbounded loop
address[] public investors;
function distribute() public {
for (uint256 i = 0; i < investors.length; i++) {
payable(investors[i]).transfer(1 ether);
}
}
If investors array grows too large, the function becomes uncallable due to gas limits.
Unbounded loops can cause gas limit DoS attacks. Always use the pull payment pattern for distributing funds to multiple addresses.
Secure Pattern (Pull over Push):
mapping(address => uint256) public balances;
function withdraw() public {
uint256 amount = balances[msg.sender];
require(amount > 0);
balances[msg.sender] = 0;
payable(msg.sender).transfer(amount);
}
7. Delegatecall to Untrusted Contracts
delegatecall executes code in the context of the calling contract, allowing storage manipulation.
Vulnerable Code:
function execute(address target, bytes memory data) public {
// ❌ Attacker can modify contract storage!
target.delegatecall(data);
}
Mitigation:
- Only use
delegatecallwith trusted libraries - Use proxy patterns properly (e.g., OpenZeppelin’s TransparentUpgradeableProxy)
8. Timestamp Dependence
Miners can manipulate block.timestamp by ~15 seconds.
Vulnerable Code:
function randomWinner() public {
// ❌ Predictable randomness!
uint256 winner = uint256(keccak256(abi.encodePacked(block.timestamp))) % players.length;
}
Secure Alternatives:
- Use Chainlink VRF for randomness
- Avoid time-based logic for critical functions
- Use
block.numberinstead ofblock.timestampwhere possible
Security Best Practices Checklist
Development Phase
- Use Latest Solidity Version: Benefit from compiler security improvements
- Import Audited Libraries: OpenZeppelin, Solmate, etc.
- Follow Checks-Effects-Interactions Pattern
- Implement Access Control: Use
Ownable,AccessControl - Add Reentrancy Guards:
ReentrancyGuardmodifier - Use SafeMath (pre-0.8.0): Prevent overflow/underflow
- Validate Input Parameters:
require()statements everywhere - Emit Events: For critical state changes (aids monitoring)
Testing Phase
- Write Comprehensive Unit Tests: Aim for 100% code coverage
- Fuzz Testing: Use Echidna, Foundry’s fuzzer
- Integration Tests: Test contract interactions
- Gas Optimization Tests: Measure gas usage
Aim for 100% code coverage in your test suite. Critical financial functions should have multiple test scenarios including edge cases.
Pre-Deployment Phase
- External Audit: Hire professional auditors (ConsenSys, Trail of Bits, etc.)
- Bug Bounty Program: Incentivize white-hat hackers
- Static Analysis: Slither, Mythril, MythX
- Symbolic Execution: Manticore, HEVM
- Formal Verification: Certora, Runtime Verification
Never deploy contracts handling significant value without a professional security audit. Audit costs are minimal compared to potential exploit losses.
Post-Deployment Phase
- Monitoring: Track contract activity with The Graph, Tenderly
- Incident Response Plan: Prepare emergency procedures
- Upgradability Strategy: Proxy patterns if needed
- Insurance: Consider coverage from Nexus Mutual, Armor
Essential Security Tools
Static Analysis
- Slither: Fast Solidity analyzer from Trail of Bits
- Mythril: Security analysis tool by ConsenSys
- Securify: Automated security scanner
Testing & Fuzzing
- Foundry: Modern testing framework with built-in fuzzing
- Echidna: Property-based fuzzing tool
- Hardhat: Comprehensive development environment
Formal Verification
- Certora Prover: Mathematical proof of correctness
- K Framework: Formal semantics for EVM
Monitoring
- Tenderly: Real-time monitoring and alerting
- OpenZeppelin Defender: Automated operations platform
- Forta: Threat detection network
Real-World Example: Secure ERC20 Token
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts/access/Ownable.sol";
import "@openzeppelin/contracts/security/Pausable.sol";
contract SecureToken is ERC20, Ownable, Pausable {
uint256 public constant MAX_SUPPLY = 1_000_000 * 10**18;
event EmergencyPause(address indexed by);
event EmergencyUnpause(address indexed by);
constructor() ERC20("SecureToken", "STKN") {
_mint(msg.sender, MAX_SUPPLY);
}
// Emergency pause functionality
function pause() external onlyOwner {
_pause();
emit EmergencyPause(msg.sender);
}
function unpause() external onlyOwner {
_unpause();
emit EmergencyUnpause(msg.sender);
}
// Override transfer to respect pause
function _beforeTokenTransfer(
address from,
address to,
uint256 amount
) internal override whenNotPaused {
super._beforeTokenTransfer(from, to, amount);
}
}
Circuit breaker patterns allow you to pause contracts during security incidents. Essential for high-value DeFi protocols.
Audit Checklist Questions
Before deploying, ask yourself:
- Have I followed Checks-Effects-Interactions pattern?
- Are all external calls properly handled?
- Is there proper access control on privileged functions?
- Could arithmetic overflow/underflow occur?
- Are there any reentrancy vulnerabilities?
- Is randomness secure (not based on block properties)?
- Have I tested edge cases and failure scenarios?
- Is the contract upgradable if needed?
- Are events emitted for state changes?
- Have I tested with maximum gas limits?
Conclusion
Smart contract security is not optional—it’s essential. The immutable nature of blockchain means you get one shot at deployment. By following these best practices, using proper tools, and getting professional audits, you can significantly reduce the risk of vulnerabilities.
Key Takeaways:
- Always use the Checks-Effects-Interactions pattern
- Import battle-tested libraries (OpenZeppelin)
- Write comprehensive tests with high coverage
- Use static analysis tools during development
- Get external audits before mainnet deployment
- Implement monitoring and incident response plans
Remember: In Web3, security is not a feature—it’s a requirement.