I have used my off-time from audits in the past months to write more about security. Especially in a nascent ecosystem like Ethereum still is, the most considerable impact can be delivered by educating people. Education has to happen in different modes of complexity, depending on the target audience:
- Developers must be educated on how previous hacks happened and how to avoid making similar mistakes in the code they produce.
- Business leads must be educated about the general (in-)securities of smart contracts and what can and cannot be expected of them.
- General users must be educated on spotting and avoiding scams while repeatedly preached to not invest any money they can’t afford to lose. Ever.
My own contribution to the above is the Ethereum Smart Contract Best Practices. When I joined ConsenSys Diligence, the repository already existed, and people enjoyed the content. In the rollercoaster of auditing smart contracts as the main business, little time was left to properly maintain code samples, keep best practices up to date, and polish the overall site. I intend to change that.
This is a note for everyone who enjoys my technical posts to follow along as I develop the best practices. Occasionally, I also tweet about the sections I have revised previously. Contact me if you have suggestions on attacks, best practices, or helpful tooling to add.
After all, this is about educating a community so it can make educated decisions!