Skip to content

Instantly share code, notes, and snippets.

@maurelian
Last active Nov 17, 2020
Embed
What would you like to do?
Composability Gotchas

Ethereum Composability Security Guidelines

The following is an informal compendium of ways you can screw up when mixing and matching smart contracts:

ERC20

ERC777

  • These tokens have the same interface as ERC20, but they enable reentrancy. Use a mutex, or strictly adhere to checks effects interactions.

Automated market makers

  • Watch out for rounding errors

Commit reveal schemes

  • Watch out for replay attacks

Signature validation

  • calls to EOAs return true!

Withdrawals

  • Push over pull

Upgradability

  • Selector colissions

Meta Transactions

  • Watch out for Gas grieffing attacks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment