8.1 Solidity Idioms Flashcards
Solidity Idioms
§ Programming idioms are language-specific …
§ Idioms are on a lower abstraction level than design patterns which are … engineering problems.
§ OpenZeppelin is a library that automates operations and delivers reusable, secure, tested and community-audited code. Most of the critical building blocks that are needed for a contract are already pre-programmed in it, so users should utilize the existing library instead of writing their own code. In this section, we will go through the most prevalent idioms of Solidity smart contract programming using the OpenZeppelin library.
§ SafeMath is library that validates if a…. § Until Solidity version 0.8, it had to be manually included and utilized by the smart contract developer § Since version 0.8, it is implemented on the language level.
A Solidity idiom is a …
patterns for recurring programming problems.
template solutions for recurring software
arithmetic operation would cause an integer overflow/underflow
practice-proven code pattern for a recurring coding problem.
Access Restriction Idiom
Description
§ Each contract deployed on the main network is publicly accessible.
§ Since all external and public functions can be called by anyone, third parties might …
§ Misconfigured access restrictions led to the largest Ethereum thefts so far.
Participants
§ An entity that … § A smart contract which is …
Applicability
§ To …. § Examples for such functions: selfdestruct(), mint()
Solution
…to execute functions and to modify the state of a contract. In Solidity, access restriction can be achieved by implementing proper function modifiers that …. To make the contract code more maintainable, the authorization logic is usually put in ….
Check slides for code (important to be able to reproduce it)
execute a function on a contract they should not be allowed to;
calls a publicly accessible function in a smart contract;
called by a transaction or a message.
protect contract functions from unauthorized calls;
Restrict access of other accounts; check if the caller is allowed to execute the actual function logic; a separate contract
Secure Ether Transfer Idiom
Description
…requires the sending account to issue a transaction or message to the receiver. However, if the receiver is a contract account, it is possible to…. For instance, when the fallback function of the receiving contract throws an exception.
This behavior is usually not intended when sending Ether as it can result in…
Participants
An entity that wants to receive Ether by …. and A smart contract that…
Applicability
Scenarios where Ether needs to be transferred by a smart contract. The idiom …
Solution: Pull over Push
To prevent malicious contracts from halting other contracts through Ether transfers, …. A common pattern is to have a ….
- Keep track of individual account balances
- Implement an …
Look at slides for example. Try to reproduce it.
Sending Ether to another account in Ethereum ; let the transaction intentionally fail; disabling the sending contract.
actively issuing a withdraw transaction; keeps track of all account balances.
mitigates the risk associated with Ether transfers.
functions which send Ether should be isolated;
separate, isolated function which needs to be actively called by the sender (pull);
isolated withdraw() function
Tight Variable Packing
Description
Gas is used to …. This idiom aims to reduce the quantity of gas utilized when deploying and interacting with a contract. The tight packing idiom is simple to use and …
Participants
In this idiom, the sole player is the …. The modifications only affect …, no other entities dealing with the contract are affected.
Applicability
§ Using the lowest data type feasible while yet …
§ Group all data types that should belong together into a single 32-byte slot and declare them one by one in your code. It’s critical to group data types together since the …
Look at slides for examples
deploy a contract and utilize its capabilities; has no effect on the contract logic.
contract that implements it; how data is kept
ensuring accurate code execution.; EVM stores variables in the order they are provided.
