Chapter 14 Key Takeaways
Core Concepts
-
The gap between working code and production code is measured in patterns, not syntax. Most smart contract exploits target pattern failures — violated invariants, incorrect orderings, missing access checks — not compiler bugs or cryptographic breaks. The patterns in this chapter encode hard-won lessons from billions of dollars in losses.
-
Checks-effects-interactions (CEI) is the single most important Solidity pattern. Always validate conditions first, update state second, and make external calls last. This ordering prevents reentrancy attacks by ensuring state is consistent before execution control passes to potentially malicious code. The 2016 DAO hack ($60M) that split Ethereum exploited exactly this pattern violation.
-
Pull-over-push prevents denial-of-service in multi-recipient transfers. Never push Ether to multiple addresses in a single transaction — if any recipient reverts, the entire transaction fails. Instead, record amounts owed and let recipients withdraw (pull) their own funds.
-
OpenZeppelin is not optional — it is the standard. Ownable, AccessControl, ReentrancyGuard, and Pausable are the building blocks of production contracts. Using audited, battle-tested implementations instead of writing your own is engineering prudence, not laziness. Over 3,000 mainnet projects use OpenZeppelin.
-
Proxy patterns solve the immutability-versus-bugs dilemma. UUPS proxies separate state (in the proxy) from logic (in the implementation) using
delegatecall. When bugs are found, deploy a new implementation and point the proxy to it. State is preserved, the address is unchanged, and the logic is updated. -
Initializers replace constructors in upgradeable contracts — and MUST be locked. Constructors write to the implementation's storage, which is irrelevant when using proxies. Initializer functions write to the proxy's storage via
delegatecall. Always call_disableInitializers()in the implementation's constructor to prevent attackers from initializing the implementation directly. The Wormhole hack ($320M) exploited this exact vulnerability. -
Storage layout must be preserved across upgrades. New state variables can only be appended at the end. Reordering, removing, or changing types of existing variables corrupts data because the EVM maps variables to storage slots by position, not by name.
-
Gas optimization starts with minimizing storage writes.
SSTORE(20,000 gas for zero-to-non-zero) is the most expensive common operation. Pack storage slots, useconstant/immutablefor unchanging values, batch writes, and use events for data only needed off-chain. -
Use
call{value: amount}("")with reentrancy protection, nottransfer(). The 2,300 gas limit oftransfer()is no longer safe after EIP-1884 increasedSLOADcosts.callforwards sufficient gas but requires CEI or ReentrancyGuard to prevent reentrancy. -
Oracles bridge on-chain logic to real-world data, but introduce trust assumptions. Chainlink provides decentralized price feeds, randomness (VRF), and automation, but your contract now depends on oracle operators being honest and data sources being accurate. Always validate oracle responses — check freshness, completeness, and price positivity.
Production Deployment Essentials
- Multi-sig ownership: No single key should control a production contract. Use a 3-of-5 (or similar) multi-sig like Gnosis Safe.
- Timelocks: Require a delay between proposing and executing administrative changes, giving users time to exit if they disagree.
- Pausability: Include an emergency stop mechanism for active exploits.
- Monitoring: Use Forta, OpenZeppelin Defender, or custom monitoring to detect anomalous transactions.
- Bug bounties: Incentivize white-hat hackers via Immunefi to find and report vulnerabilities before attackers exploit them.
- Defense in depth: No single safeguard is sufficient. Layer access control, timelocks, multi-sigs, pausability, monitoring, and bug bounties.
Common Mistakes to Avoid
| Mistake | Consequence | Prevention |
|---|---|---|
| External call before state update | Reentrancy attack | CEI pattern + ReentrancyGuard |
| Push Ether to multiple recipients | DoS if any recipient reverts | Pull-over-push pattern |
| Callable initialize on implementation | Attacker takes ownership | _disableInitializers() |
| Storage variable reordering in upgrade | Data corruption | Append-only new variables |
| Unchecked oracle response | Stale/manipulated price | Validate freshness, completeness, positivity |
| Single-key admin | Key compromise = total loss | Multi-sig wallet |
| No timelock on upgrades | No user exit window | TimelockController |
Using transfer() for Ether |
Breaks on gas cost changes | call{value: ...} + reentrancy guard |
What Comes Next
Chapter 15 shifts from defense to offense. You will learn to think like an attacker — understanding reentrancy exploits in depth, flash loan attacks, front-running, oracle manipulation, and the formal verification techniques that mathematically prove contract correctness. If this chapter taught you to build the fortress, Chapter 15 teaches you to siege-test it.