Chapter 14. Security considerations

 

This chapter covers

  • Understanding Solidity weak spots and risks associated with external calls
  • Performing safe external calls
  • Avoiding known security attacks
  • General security guidelines

In the previous chapter, I gave you some advice on areas you should look at before deploying your Dapp on the production network. I believe security is such an important topic that it should be presented separately, so I’ve decided to dedicate this entire chapter to it.

I’ll start by reminding you of some limitations in the Solidity language that, if you overlook them, can become security vulnerabilities. Among these limitations, I’ll particularly focus on external calls and explain various risks you might face when executing them, but I’ll also try to give you some tips for avoiding or minimizing such risks. Finally, I’ll present classic attacks that might be launched against Ethereum Dapps so that you can avoid costly mistakes, especially when Ether is at stake.

14.1. Understanding general security weak spots

You should pay attention to certain limitations in the Solidity language because they’re generally exploited as the first line of attack by malicious participants against unaware developers:

14.2. Understanding risks associated with external calls

14.3. How to perform external calls more safely

14.4. Avoiding known security attacks

14.5. General security guidelines

Summary

sitemap