The Most Typical Mistakes in Smart Contracts – Based on 4soft Solidity Audits

CornerRight 2 min


Icons/Position/Pos. No. 5

Technical


Icons/Technology/Tech No.1

AI

When doing Solidity audits at 4soft we oftentimes find the same bugs and issues. Here’s a short list of the most common mistakes we encounter. We hope you can learn from them and take advantage when writing your own smart contract.

Use safe math

Arithmetic operations on integers may overflow, silently causing bugs. You need to double check the math in your smart contract and consider all the possible scenarios.

To avoid these issues, we recommend using SafeMath library for Solidity integers.

Use ready and well-tested libraries

There’s a variety of open-source libraries available for creating tokens, crowdfunding processes and many others. They’re tested, verified by the companies and audited by the community.

Instead of reinventing the wheel, you can reuse them in your own project. For simple projects, consider reusing a standard ERC20 token implementation as a base for your project.

Separate code for the crowdfunding phase

When you create your Initial Coin Offering and publish your code, you need to make sure it is clean and easy to understand.

Consider separating the code that is executed only during the funding phase from the rest of the smart contract. This will help your investors to better understand how your token works.

Use up-to-date Solidity version

Every time we review a Solidity contract it uses an outdated version of Solidity.

Always try to use the most up to date version – those updates are important due to its performance and security.

Use Transfer event for minted tokens

In the ERC20 spec, it is recommended to emit a Transfer event with the source (_from) set to 0x0 when minting new tokens.

This enhances user experience by allowing applications such as Etherscan to find the new token holders. In this case, this is only relevant for the constructor where the initial balance is assigned to the distribution contract.

Nonetheless, consider emitting the corresponding event:
Transfer(0x0, msg.sender, _initialAmount)

Similar blog posts

10 Common Software Architecture Patterns: Expert Guide

8 min

Did you know that before starting a software development project, an architect needs to pick the software architecture for it? This is a common best practice in the tech industry that allows teams to make the most out of the software and create a better experience for users.

Wed/Mar/2022
see details

12 Interesting Blogs on Blockchain & Cryptocurrencies

3 min

It’s not easy to find a reliable and friendly source of information on blockchain technology. To help you reach some of the best, we’ve aggregated the top blogs related to the topic, which can extend your view on blockchain & cryptocurrencies.

Thu/Jun/2018
see details

4soft Use Cases: Blockchain In E-Commerce

4 min

E-Commerce thrives. Online sales steadily grow by about 20% every year. To sustain this growth, online shops leverage every possible technology that helps them to be more efficient and get ahead of the competition to sell more, faster and at better prices.

Tue/Feb/2020
see details

4soft Use Cases: Blockchain in Finance

4 min

For most people, first Blockchain appliance that comes to their mind is Bitcoin – the cryptocurrency, a digital coin that allows for transferring value between the users over the internet.

Mon/Sep/2010
see details