Best Practices for EOS Smart Contract development

Security issues

1. Possible errors

Smart Contract termination
Limit transfer Limit rate
Effective ways to fix and improve bugs

2. Careful release of smart contracts

Thoroughly test the smart contracts and stop any new attack tactics when they are discovered
Bounty Programs and audit contracts

3. Introduction to the contract
Make Smart contract Logic simple
Ensure the modularity of contracts and functions

4. Keep up to date
Fix before any newly discovered vulnerabilities
Take advantage of the latest technology

5. Potential features
Functions with the same name may be called

Loopholes
Overflow vulnerability

typedef struct ACNTS {
Account_name NAME0;
Account_name name1;
Account_name name2;
Account_name Name3;
} account_names;

void transfer (Symbol_name symbol, account_name from, Account_names to, uint64_t balance)
{
Require_auth (from);
Account Fromaccount;

require_recipient(from);require_recipient(to.name0);require_recipient(to.name1);require_recipient(to.name2);require_recipient(to.name3);eosio_assert(is_balance_within_range(balance), "invalid balance");eosio_assert(balance > 0, "must transfer positive balance");uint64_t amount = balance * 4; //乘法溢出int itr = db_find_i64(_self, symbol, N(table), from);eosio_assert(itr >= 0, "Sub-- wrong name");db_get_i64(itr, &fromaccount, (account));eosio_assert(fromaccount.balance >= amount, "overdrawn balance");sub_balance(symbol, from, amount);add_balance(symbol, to.name0, balance);add_balance(symbol, to.name1, balance);add_balance(symbol, to.name2, balance);add_balance(symbol, to.name3, balance);

}
Prompt to use Assert to check instead of putting balance into operation

Permission check
Strictly determine whether the entry function and the actual call make the same

void Token::transfer (account_name from,
Account_name to,
Asset Quantity,
String memo)
{
Eosio_assert (from! = To, "Cannot transfer to self");
Eosio_assert (Is_account), "to account does not exist");
Auto sym = Quantity.symbol.name ();
Stats statstable (_self, sym);
Const auto& st = Statstable.get (sym);

require_recipient( from );require_recipient( to );eosio_assert( quantity.is_valid(), "invalid quantity" );eosio_assert( quantity.amount > 0, "must transfer positive quantity" );eosio_assert( quantity.symbol == st.supply.symbol, "symbol precision mismatch" );eosio_assert( memo.size() <= 256, "memo has more than 256 bytes" );auto payer = has_auth( to ) ? to : from;sub_balance( from, quantity );add_balance( to, quantity, payer );

}
Tip: Verify that the asset transfer account is consistent with the calling account

Ensure that each action and code satisfies the associated requirements
Extend from Eosio_abi

Define EOSIO_ABI_EX (TYPE, members) extern "C" {void apply (uint64_t receiver, uint64_t code, uint64_t action) {Auto S Elf = receiver; if (action = = N (onerror)) {/* onerror is only valid if it's for the "Eosio" code account and authorized by "Eosio" ' s "ac tive permission /eosio_assert (Code = = N (Eosio), "onerror action" is only valid from the "Eosio" System Account ");} if (code = = Self | | code = = N (eosio.token) | | action = n (onerror)) {TYPE thiscontract (self); switch (action) {Eosio _api (TYPE, members)}/Does not allow destructor of Thiscontract to Run:eosio_exit (0); */ } } }

EOSIO_ABI_EX (eosio::charity, (HI) (transfer))

Tip: Key Checks

Related articles:
Analysis of Eosbet stolen event contract

Stolen contract is under attack code

Problematic contract Code

Extend from Eosio_abi, because we need to listen to incoming Eosio.token transfers

Define EOSIO_ABI_EX (TYPE, members) extern "C" {void apply (uint64_t receiver, uint64_t code, uint64_t action) {Auto S Elf = receiver; if (action = = N (onerror)) {/* onerror is only valid if it's for the "Eosio" code account and authorized by "Eosio" ' s "ac tive permission /eosio_assert (Code = = N (Eosio), "onerror action" is only valid from the "Eosio" System Account ");} if (code = = Self | | code = = N (eosio.token) | | action = n (onerror)) {TYPE thiscontract (self); switch (action) {Eosio _api (TYPE, members)}/Does not allow destructor of Thiscontract to Run:eosio_exit (0); */ } } }

Cause of the problem:

Because the ABI forwarder allows betting without transferring EOS to the contract.

Modification measures:
1. Get rid of false judgments
2. Filtering incoming operations only passes the Eosio.token behavior into the contract

Remind:
More powerful code testing
At least two audits
Fund monitoring

Best Practices for EOS Smart Contract development