Skip to content

Latest commit

 

History

History
100 lines (100 loc) · 11.9 KB

5. Pitfalls and Best Practices 201.md

File metadata and controls

100 lines (100 loc) · 11.9 KB
Raw
  1. ERC20 transfer and transferFrom
  2. ERC20 name, decimals, and symbol functions
  3. ERC20 decimals returns a uint8
  4. ERC20 approve race-condition
  5. ERC777 hooks
  6. Token Deflation via fees
  7. Token Inflation via interest
  8. Token contract avoids unneeded complexity
  9. Token contract has only a few non–token-related functions
  10. Token only has one address
  11. Token is not upgradeable
  12. Token owner has limited minting capabilities
  13. Token is not pausable
  14. Token owner cannot blacklist the contract
  15. Token development team is known and can be held responsible for abuse
  16. No token user owns most of the supply
  17. Token total supply is sufficient
  18. Tokens are located in more than a few exchanges
  19. Token balance and Flash loans
  20. Token does not allow flash minting
  21. ERC1400 permissioned addresses
  22. ERC1400 forced transfers
  23. ERC1644 forced transfers
  24. ERC621 control of totalSupply
  25. ERC884 cancel and reissue
  26. ERC884 whitelisting
  27. Guarded launch via asset limits
  28. Guarded launch via asset types
  29. Guarded launch via user limits
  30. Guarded launch via usage limits
  31. Guarded launch via composability limits
  32. Guarded launch via escrows
  33. Guarded launch via circuit breakers
  34. Guarded launch via emergency shutdown
  35. System specification
  36. System documentation
  37. Function parameters
  38. Function arguments
  39. Function visibility
  40. Function modifiers
  41. Function return values
  42. Function invocation timeliness
  43. Function invocation repetitiveness
  44. Function invocation order
  45. Function invocation arguments
  46. Conditionals
  47. Access control specification
  48. Access control implementation
  49. Missing modifiers
  50. Incorrectly implemented modifiers
  51. Incorrectly used modifiers
  52. Access control changes
  53. Comments
  54. Tests
  55. Unused constructs
  56. Redundant constructs
  57. ETH Handling
  58. Token Handling
  59. Trusted actors
  60. Privileged roles and EOAs
  61. Two-step change of privileged roles
  62. Time-delayed change of critical parameters
  63. Explicit over Implicit
  64. Configuration issues
  65. Initialization issues
  66. Cleanup issues
  67. Data processing issues
  68. Data validation issues
  69. Numerical issues
  70. Accounting issues
  71. Access control issues
  72. Auditing-logging issues
  73. Cryptography issues
  74. Error-reporting issues
  75. Denial-of-Service (DoS) issues
  76. Timing issues
  77. Ordering issues
  78. Undefined behavior issues
  79. External interaction issues
  80. Trust issues
  81. Gas issues
  82. Dependency issues
  83. Constant issues
  84. Freshness issues
  85. Scarcity issues
  86. Incentive issues
  87. Clarity issues
  88. Privacy issues
  89. Cloning issues
  90. Business logic issues
  91. Principle of Least Privilege
  92. Principle of Separation of Privilege
  93. Principle of Least Common Mechanism
  94. Principle of Fail-safe Defaults
  95. Principle of Complete Mediation
  96. Principle of Economy of Mechanism
  97. Principle of Open Design
  98. Principle of Psychological Acceptability
  99. Principle of Work Factor
  100. Principle of Compromise Recording