Need another language? Join translation team

    Table of contents

    • Security Best Practices
    Security Best Practices¶

    Kernel is about being careful, in all the many senses of that word. When it comes to code we write, that means safety first, then teamwork. Below, you will find the best security resources we know of to help you ensure that your contracts follow best practices and abide by the latest industry standards.


    Trail of Bits Toolbox

    One of the most well-established and respected audit firm's very own toolbox for ensuring high security standards.

    H/T Matt Solomon. Check out his article for more.

    Detecting Not So Smart Contracts

    Two useful repos for understanding the vulnerable patterns used by not-so-smart contracts, and for detecting various potential vulnerabilities.


    Another useful Consensys tool that's easy to integrate with frameworks like Truffle especially. Find a useful code, among many other things, here.

    VS Code Solidity Auditor

    A convenient and useful VS Code plugin to audit your smart contracts as you work.


    Where practice and theory meet. This practices, lists, and methods indicated below are not quite tools in the sense of the section above, but they are very, very useful.

    Secureum Checklist

    A clear and concise checklist any serious developer or audit needs for their work. Written by our own Rajeev Gopalakrishna.

    Consensys Best Practices

    A detailed set of instructions for writing safe code.

    H/T Nazzareno Massari

    Mutation Testing

    An introduction to mutation testing from Security Track mentor Joran Honig. You can find a detailed explanation here.


    Security has as much to do with being informed as it does with managing risk. We recommend these publications to help you stay on top of the latest news, developments and insights across the industry (without having to spend all your days trawling CT - though that can have its use too).


    The latest in blockchain and cryptocurrency threat intelligence, vulnerabilities, security tools, and events.


    The best blog to see how not to write smart contracts and learn about all the different ways your code could fall over in production.


    The dark web of DeFi journalism.

    Need another language? Join translation team