Smart Contract Auditing: What I Look For as an Engineer Who Writes Them

Reentrancy, integer overflow, and access control are the classic vulnerabilities. The underappreciated ones — oracle manipulation and front-running — are harder to test for.

Overview

This note is part of the field-notes archive generated for this site. The summary below is the published excerpt; you can expand the full write-up anytime in the CMS.

Related notes

• Security Tradeoffs Engineering Roadmap
• Cryptography Embedded Engineers Essentials

Tags

• smart-contracts
• auditing
• security
• solidity
• blockchain