Skip to content

Instantly share code, notes, and snippets.

Last active Nov 17, 2020
What would you like to do?
Composability Gotchas

Ethereum Composability Security Guidelines

The following is an informal compendium of ways you can screw up when mixing and matching smart contracts:



  • These tokens have the same interface as ERC20, but they enable reentrancy. Use a mutex, or strictly adhere to checks effects interactions.

Automated market makers

  • Watch out for rounding errors

Commit reveal schemes

  • Watch out for replay attacks

Signature validation

  • calls to EOAs return true!


  • Push over pull


  • Selector colissions

Meta Transactions

  • Watch out for Gas grieffing attacks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment