jpropato/ssg-santalucia
Overview
This skill teaches smart contract security best practices for Solidity, focusing on preventing common vulnerabilities and applying secure patterns. It helps developers write, audit, and harden contracts for production-grade blockchain applications. Practical patterns, checklists, and testing guidance are included to prepare contracts for audits and reduce risk.
How this skill works
The skill inspects critical attack surfaces such as reentrancy, integer overflow/underflow, access control, and front-running, and it prescribes secure patterns like Checks-Effects-Interactions, pull-over-push, and role-based access. It also covers gas optimizations that maintain security, testing strategies with Hardhat, and tools for static analysis and fuzzing. Users get concrete code patterns, a vulnerability checklist, and audit preparation tips.
When to use it
- When writing new smart contracts for production
- During security audits or code reviews of existing contracts
- When designing DeFi protocols or payment flows
- To harden contracts against reentrancy, overflow, or access control flaws
- When preparing contracts for third-party professional audits
- When optimizing gas without sacrificing security
Best practices
- Apply Checks-Effects-Interactions and update state before external calls
- Use Solidity 0.8+ or SafeMath to prevent integer overflow/underflow
- Enforce strict access control with Ownable or role-based patterns
- Prefer pull-over-push for payments and use ReentrancyGuard where needed
- Pin Solidity pragma, emit events for state changes, and avoid tx.origin for auth
- Run static analysis (Slither, Mythril) and fuzzing/symbolic tests (Echidna, Manticore)
Example use cases
- Implementing a secure token transfer contract with built-in overflow checks
- Designing a DeFi lending pool resistant to reentrancy and front-running
- Preparing a contract suite for a professional security audit with documentation and tests
- Converting batch payment logic to pull-based withdrawals to avoid failed distribution rollback
- Optimizing storage layout and calldata usage to reduce gas while retaining safety
FAQ
Update user state before external calls (Checks-Effects-Interactions) and/or use OpenZeppelin ReentrancyGuard with nonReentrant modifiers.
Is overflow still a concern in modern Solidity?
Solidity 0.8+ includes built-in overflow/underflow checks. For older versions, use SafeMath and audit math-heavy logic.
2 skills
This skill helps you write secure smart contracts by applying best practices to prevent reentrancy, overflows, and access control issues.
This skill helps outline Santa Lucía delivery system architecture and business rules for tracking miles, ranking, and payments.