Chapter 14. Security considerations
This chapter covers
- Understanding Solidity weak spots and risks associated with external calls
- Performing safe external calls
- Avoiding known security attacks
- General security guidelines
In the previous chapter, I gave you some advice on areas you should look at before deploying your Dapp on the production network. I believe security is such an important topic that it should be presented separately, so I’ve decided to dedicate this entire chapter to it.
I’ll start by reminding you of some limitations in the Solidity language that, if you overlook them, can become security vulnerabilities. Among these limitations, I’ll particularly focus on external calls and explain various risks you might face when executing them, but I’ll also try to give you some tips for avoiding or minimizing such risks. Finally, I’ll present classic attacks that might be launched against Ethereum Dapps so that you can avoid costly mistakes, especially when Ether is at stake.
You should pay attention to certain limitations in the Solidity language because they’re generally exploited as the first line of attack by malicious participants against unaware developers: