Search…
ICON2
What is ICON?
Getting Started
How to run a local network
How to run a Validator node
How to run an API Endpoint
How to create an ICON account
How to write a smart contract
How to use the JSON-RPC API
Concepts
Economics
Governance
Network
Computational utilities
ICON Stack
Intro to the stack
ICON execution environments
Smart contracts
Smart contract languages
Smart contract anatomy
Smart contract libraries
Building smart contracts
Testing smart contracts
Deploying smart contracts
Composability
Smart contract security
ICON networks
Client APIs
Storage
IDEs
Projects
BTP & ICON Bridge
Decentralized applications (dApps)
ICON Improvement Proposals (IIPs)
Support
Support
Security
Advanced topics
Release notes
2022-04-11
2021-12-23
2021-12-20
2021-12-10
2021-12-07
2021-10-22
2021-10-12
2021-03-20
2021-03-04
2021-02-17
2020-09-03
2020-08-27
2020-08-23
2020-08-10
2020-04-08
2020-01-28
2019-12-19
Powered By GitBook
Smart contract security

How to write more secure smart contract code

As a programmer, it is extremely important to understand of the security of your code. For developments on the ICON Mainnet, your code will be available for public use. This means that businesses and users will depend on your code to execute in the intended way. Some common concerns are described here.

Limitations of an audit

Many developers may be tempted to write some code, test it a little bit, then give it to an auditor with the hope that they will magically be able to identify and solve all of your security issues. While the process of auditing code is successful to discover common software weaknesses and exploits, it does not protect against everything and is highly dependent on both the auditor to find everything and the developer to correctly fix all of the discovered problems.

Smart contract development process

There are many different ways to successfully and securely develop code. Some of the common techniques are listed below so that you have the highest chances of success:
  • Use a version control system, such as git, to store your code
  • Use Pull Requests when you want to modify code
  • Make sure that all of your code modifications are reviewed by at least one other person. If you are developing by yourself, look for someone else to trade reviews with
  • Use a reliable development environment with simple commands
  • Use a code analysis tool before submitting a Pull Request
  • Make sure that your compiler does not emit any warnings
  • Document your code!!!

Attacks and vulnerabilities

Here are some common attacks and vulnerabilities:
  • Re-entrancy
  • Front-running
  • Integer overflow/underflow

Further reading

Previous
Composability
Next - ICON Stack
ICON networks
Last modified 1mo ago
Copy link
Contents
How to write more secure smart contract code
Limitations of an audit
Smart contract development process
Attacks and vulnerabilities
Further reading