Ethereum Smart Contract Security Best Practices

Tip

Thank you for visiting the Smart Contract Security Best Practices. Please note that this resource is no longer actively maintained. Instead, we recommend visiting the Smart Contract Security Field Guide. The Smart Contract Security Field Guide is regularly updated and curated by the same security engineer who previously contributed to the Best Practices guide.

This document provides a baseline knowledge of security considerations for intermediate Solidity programmers. It is maintained by ConsenSys Diligence, with contributions from our friends in the broader Ethereum community.

Our amazing community has also provided translations in Chinese and Vietnamese.

Where to start?

• General Philosophy describes the smart contract security mindset
• Development Recommendations contains examples of good code patterns
• Known Attacks describes the different classes of vulnerabilities to avoid
• Security Tools lists tools for improving code quality, and detecting vulnerabilities
• Bug Bounties List of bug bounties in the ecosystem.

Contributions are welcome!

Feel free to submit a pull request, with anything from small fixes, to full new sections. If you are writing new content, please reference the contributing page for guidance on style.

See the issues for topics that need to be covered or updated.