The unique security environment of Ethereum smart contracts and its component Solidity code demands a special set of best practices. One of these best practices is known as the CEI pattern, standing for Checks, Effects, and Interactions. This allows us to structure the order of our Solidity logic in a sensible and consistent way, and to minimize exploits and security risks. Firstly all checks and validations are performed. If any check fails, the function should revert at that point using one of Solidity's modifiers and errors. Next, effects are computed. This refers to updating any internal state in the contract and changing variables. This is done after the checks to insure that variables are only effected in valid ways. Lastly are the interactions. This is where funds are transferred and external contracts are called. By placing the interactions last it forces us to consider the potential impact on the contract's state before interacting with external entities, reducing the risk of reentrancy attacks and enhancing security.
No comments:
Post a Comment