1---
2name: solidity-security
3description: Master smart contract security best practices to prevent common vulnerabilities and implement secure Solidity patterns. Use when writing smart contracts, auditing existing contracts, or implementing security measures for blockchain applications.
4---
5 
6# Solidity Security
7 
8Master smart contract security best practices, vulnerability prevention, and secure Solidity development patterns.
9 
10## When to Use This Skill
11 
12- Writing secure smart contracts
13- Auditing existing contracts for vulnerabilities
14- Implementing secure DeFi protocols
15- Preventing reentrancy, overflow, and access control issues
16- Optimizing gas usage while maintaining security
17- Preparing contracts for professional audits
18- Understanding common attack vectors
19 
20## Detailed patterns and worked examples
21 
22Detailed pattern documentation lives in `references/details.md`. Read that file when the navigation tier above is insufficient.
23 
24## Testing for Security
25 
26```javascript
27// Hardhat test example
28const { expect } = require("chai");
29const { ethers } = require("hardhat");
30 
31describe("Security Tests", function () {
32  it("Should prevent reentrancy attack", async function () {
33    const [attacker] = await ethers.getSigners();
34 
35    const VictimBank = await ethers.getContractFactory("SecureBank");
36    const bank = await VictimBank.deploy();
37 
38    const Attacker = await ethers.getContractFactory("ReentrancyAttacker");
39    const attackerContract = await Attacker.deploy(bank.address);
40 
41    // Deposit funds
42    await bank.deposit({ value: ethers.utils.parseEther("10") });
43 
44    // Attempt reentrancy attack
45    await expect(
46      attackerContract.attack({ value: ethers.utils.parseEther("1") }),
47    ).to.be.revertedWith("ReentrancyGuard: reentrant call");
48  });
49 
50  it("Should prevent integer overflow", async function () {
51    const Token = await ethers.getContractFactory("SecureToken");
52    const token = await Token.deploy();
53 
54    // Attempt overflow
55    await expect(token.transfer(attacker.address, ethers.constants.MaxUint256))
56      .to.be.reverted;
57  });
58 
59  it("Should enforce access control", async function () {
60    const [owner, attacker] = await ethers.getSigners();
61 
62    const Contract = await ethers.getContractFactory("SecureContract");
63    const contract = await Contract.deploy();
64 
65    // Attempt unauthorized withdrawal
66    await expect(contract.connect(attacker).withdraw(100)).to.be.revertedWith(
67      "Ownable: caller is not the owner",
68    );
69  });
70});
71```
72 
73## Audit Preparation
74 
75```solidity
76contract WellDocumentedContract {
77    /**
78     * @title Well Documented Contract
79     * @dev Example of proper documentation for audits
80     * @notice This contract handles user deposits and withdrawals
81     */
82 
83    /// @notice Mapping of user balances
84    mapping(address => uint256) public balances;
85 
86    /**
87     * @dev Deposits ETH into the contract
88     * @notice Anyone can deposit funds
89     */
90    function deposit() public payable {
91        require(msg.value > 0, "Must send ETH");
92        balances[msg.sender] += msg.value;
93    }
94 
95    /**
96     * @dev Withdraws user's balance
97     * @notice Follows CEI pattern to prevent reentrancy
98     * @param amount Amount to withdraw in wei
99     */
100    function withdraw(uint256 amount) public {
101        // CHECKS
102        require(amount <= balances[msg.sender], "Insufficient balance");
103 
104        // EFFECTS
105        balances[msg.sender] -= amount;
106 
107        // INTERACTIONS
108        (bool success, ) = msg.sender.call{value: amount}("");
109        require(success, "Transfer failed");
110    }
111}
112```
113