Lesson 20 of 34
In Progress

Best Practices for Writing Secure Smart Contracts

Writing secure smart contracts is essential for ensuring the integrity and reliability of the Ethereum network and the applications built on it. In this article, we will discuss best practices for writing secure smart contracts in Solidity, the programming language used to write smart contracts on Ethereum.

Use Established Libraries and Frameworks

One of the best ways to ensure the security of your smart contracts is to use established libraries and frameworks that have been thoroughly tested and reviewed by the community. Some examples of popular libraries and frameworks include:

  • OpenZeppelin: a collection of Solidity contracts and libraries for secure smart contract development.
  • Truffle: a development framework for Ethereum that includes a library of tested contracts and a testing environment.
  • Mythril: a security analysis tool that helps developers identify vulnerabilities in their smart contracts.

Follow the Principle of Least Privilege

The principle of least privilege states that a user or process should only have the minimum permissions necessary to perform its intended tasks. This is especially important in the context of smart contracts, as giving a contract too much access can make it vulnerable to attack.

To follow the principle of least privilege in your smart contracts, consider the following best practices:

  • Use “view” functions whenever possible to allow external users to read data from the contract without modifying it.
  • Use “onlyOwner” or similar modifiers to restrict the ability to modify contract state or execute certain functions to the contract owner or a specific group of users.
  • Avoid using the “unrestricted” or “public” visibility specifiers unless absolutely necessary.

Test Thoroughly

Testing is crucial for ensuring the reliability and security of your smart contracts. It is important to test your contracts at every stage of development, from writing unit tests to testing on a test network before deploying to the main network.

Some best practices for testing smart contracts include:

  • Write unit tests to test individual functions and contract behavior in isolation.
  • Use a test network like Rinkeby or Ropsten to test your contracts in a simulated environment before deploying to the main network.
  • Use a tool like Mythril to perform security analysis on your contracts and identify potential vulnerabilities.

Write Secure Code

Finally, it is important to follow best practices for writing secure code in general when writing smart contracts. This includes things like:

  • Using the “SafeMath” library to prevent integer overflow and underflow.
  • Avoiding reentrancy vulnerabilities by using the “lock” or “check-effects-interactions” patterns.
  • Checking the return value of the “send” function to ensure that value transfers are successful.


By following these best practices, developers can write secure and reliable smart contracts that are resistant to vulnerabilities and attacks. It is important to keep in mind that security is an ongoing process, and it is important to continuously review and test your contracts to ensure that they are as secure as possible.


To review these concepts, we will go through a series of exercises designed to test your understanding and apply what you have learned.

Write a contract that has a public integer variable “counter” and a function “incrementCounter” that increments the counter by 1. Use the “lock” pattern to prevent reentrancy.

pragma solidity ^0.5.0;

contract Counter {
  bool public lock;
  uint public counter;

  function incrementCounter() public {
    require(!lock, "Contract is currently locked");
    lock = true;
    lock = false;

Write a contract that has a public mapping of integers to strings and a function “setValue” that sets the value of a given key in the mapping. Use the “check-effects-interactions” pattern to prevent reentrancy.

pragma solidity ^0.5.0;

contract Mapping {
  mapping(uint => string) public values;

  function setValue(uint key, string value) public {
    require(values[key] == "", "Key already has a value");
    values[key] = value;

Write a contract that has a public variable “balance” and a function “transfer” that transfers value from the contract to another contract or external address. Use the “require” function to check the return value of the “send” function and ensure that it was successful.

pragma solidity ^0.5.0;

contract Transfer {
  uint public balance;

  function transfer(address recipient, uint amount) public {
    require(balance >= amount, "Insufficient balance");
    require(recipient.send(amount), "Transfer failed");
    balance -= amount;

Write a function that takes two integers as arguments and adds them together, using the “SafeMath” library to prevent integer overflow.

function add(uint x, uint y) public {
  require(x + y >= x, "Integer overflow detected");
  result = x + y;

Write a function that takes an integer as an argument and checks if it is within the range of 0 to 100.

function checkRange(uint x) public {
  require(x >= 0 && x <= 100, "Integer not within range");