Smart contract development has many challenges! One of them is to make sure that no vulnerable code ends up on mainnet, where it might hold (and lose) millions.

Let's have a look at some of the most popular tools and techniques that top developers use to continuously make sure their code is secure!

👀 Code Review

Manual code reviews are resource intensive but also incredibly useful!

Having another pair of eyes on every new pull request remains one of the most effective (security) quality control mechanisms we have. Another human can understand your intention and how your implementation might deviate!

Have at least one human review of every pull request!

✅ Unit Tests

We sometimes underestimate the value of a good test suite!

Unit tests are a handy tool to determine if the code behaves as expected. Furthermore, they ensure that future pull requests don't break existing functionality!

Unit tests are essential! Require a successful run for every pr!

Extra Credit: Aim for 100% code coverage and a good mutation testing score.

✍️ Property Checking

Tests only describe single scenarios, while properties can describe whole behaviours.

Writing properties using a specification language such as Scribble or a framework like dapptools enables extensive analysis (fuzzing, symbolic execution or formal verification). 

Formulate properties for your codebase and run continuous fuzzing campaigns! 

🔎 Security Analysis

Security analysis tools such as MythX or Slither help you catch common vulnerabilities!

Security analysis offers incredible value. The builders of these tools have distilled some of their security experience such that you can easily find vulnerabilities without having to put in too much effort.

Integrate a security analysis tool into CI and resolve issues before merging a PR.

Extra Credit: Use multiple security tools to cover more bases.