Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add several new tips #7

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,8 @@ _Based off work by [BoringCrypto](https://github.com/sushiswap/bentobox/blob/mas
- `F17` - If the function requires the contract be in an uninitialized state, check an explicit `initialized` variable. Do not use `owner == address(0)` or other similar checks as substitutes.
- `F18` - Only use `private` to intentionally prevent child contracts from calling the function, prefer `internal` for flexibility.
- `F19` - Use `virtual` if there are legitimate (and safe) instances where a child contract may wish to override the function's behavior.
- `F20` - Use `calldata` instead of `memory` for function parameters if the function argument is only read in Solidity 0.8.*.
- `F21` - Use short revert strings or custom error messages with solidity 0.8.4.

## Modifiers

Expand Down Expand Up @@ -117,6 +119,8 @@ _Based off work by [BoringCrypto](https://github.com/sushiswap/bentobox/blob/mas
- `C49` - When fuzzing functions that only operate on specific numerical ranges use modulo to tighten the fuzzer's inputs (such as `x = x % 10000 + 1` to restrict from 1 to 10,000).
- `C50` - Use ternary expressions to simplify branching logic wherever possible.
- `C51` - When operating on more than one address, ask yourself what happens if they're the same.
- `C52` - Cache the length in for loops. Explanation [here](https://gist.github.com/hrkrshnn/ee8fabd532058307229d65dcd5836ddc#caching-the-length-in-for-loops)
- `C53` - Consider using atleast Solidity v0.8.9 and up to avoid compiler bugs like Keccak Caching, ABI decoder bug for multi-dimensional memory arrays, signed immutables and user defined value types bug. This has the bonus of the compiler giving you more gas optimizations and safety checks for free.

## External Calls

Expand Down Expand Up @@ -162,8 +166,9 @@ _Based off work by [BoringCrypto](https://github.com/sushiswap/bentobox/blob/mas
- `P1` - Use the right license (you must use GPL if you depend on GPL code, etc).
- `P2` - Unit test everything.
- `P3` - Fuzz test as much as possible.
- `P4` - Use symbolic execution where possible.
- `P5` - Run Slither/Solhint and review all findings.
- `P4` - Use formal verification where needed and as often as possible.
- `P5` - Use symbolic execution where possible.
- `P6` - Run Slither/Solhint and review all findings.

## DeFi

Expand Down