// the find
ConsenSysDiligence/smart-contract-best-practices
A guide to smart contract security best practices
A community-maintained reference guide for Solidity smart contract security, covering attack patterns (reentrancy, integer overflow, front-running), development patterns, and general Ethereum gotchas. Backed by ConsenSys Diligence, who actually do smart contract audits for a living. Aimed at Solidity developers who need a structured checklist before shipping contracts that hold real money.
The attack pattern catalog is genuinely useful — reentrancy, tx.origin auth mistakes, and timestamp dependence are explained with concrete Solidity examples, not just abstract warnings. The "known attacks" section traces real exploits (TheDAO, Parity) so you understand why the patterns exist, not just what they are. It's organized as a reference, not a tutorial, so you can jump straight to the section relevant to a current code review. The Chinese and Vietnamese translations signal real adoption outside English-speaking circles.
Last meaningful content update appears to have lagged behind Solidity's evolution — several sections still reflect pre-0.8 assumptions about integer overflow even though 0.8+ added checked arithmetic by default, which could mislead someone on a modern project. It's a static HTML/MkDocs site with no tooling integration, so there's nothing connecting the documented patterns to automated detection in Hardhat, Foundry, or slither. The directory tree is dominated by bundled FontAwesome SVGs, which is a sign of poor dependency management for a documentation project. No coverage of Layer 2 / rollup-specific pitfalls, which are increasingly where real money lives.