Reentrancy

• External calls before state updates — attacker can re-enter before state changes
• Checks-Effects-Interactions pattern — validate, update state, THEN external call
• ReentrancyGuard from OpenZeppelin — use nonReentrant modifier on vulnerable functions
• transfer() and send() have 2300 gas limit — but don't rely on this for security

Integer Handling

• Solidity 0.8+ reverts on overflow — but unchecked {} blocks bypass this
• Division truncates toward zero — 5 / 2 = 2, no decimals
• Use fixed-point math for precision — multiply before divide, or use libraries
• type(uint256).max for max value — don't hardcode large numbers

Gas Gotchas

• Unbounded loops can exceed block gas limit — paginate or limit iterations
• Storage writes cost 20k gas — memory/calldata much cheaper
• delete refunds gas but has limits — refund capped, don't rely on it
• Reading storage in loop — cache in memory variable first

Visibility and Access

• State variables default to internal — not private, derived contracts see them
• private doesn't mean hidden — all blockchain data is public, just not accessible from other contracts
• tx.origin is original sender — use msg.sender, tx.origin enables phishing attacks
• external can't be called internally — use public or this.func() (wastes gas)

Ether Handling

• payable required to receive ether — non-payable functions reject ether
• selfdestruct sends ether bypassing fallback — contract can receive ether without receive function
• Check return value of send() — returns false on failure, doesn't revert
• call{value: x}("") preferred over transfer() — forward all gas, check return value

Storage vs Memory

• storage persists, memory is temporary — storage costs gas, memory doesn't persist
• Structs/arrays parameter default to memory — explicit storage to modify state
• calldata for external function inputs — read-only, cheaper than memory
• Storage layout matters for upgrades — never reorder or remove storage variables

Upgradeable Contracts

• Constructors don't run in proxies — use initialize() with initializer modifier
• Storage collision between proxy and impl — use EIP-1967 storage slots
• Never selfdestruct implementation — breaks all proxies pointing to it
• delegatecall uses caller's storage — impl contract storage layout must match proxy

Common Mistakes

• Block timestamp can be manipulated slightly — don't use for randomness or precise timing
• require for user errors, assert for invariants — assert failures indicate bugs
• String comparison with == doesn't work — use keccak256(abi.encodePacked(a)) == keccak256(abi.encodePacked(b))
• Events not indexed — first 3 params can be indexed for efficient filtering