Question 1

How to implement Solcurity checks in my development workflow?

Accepted Answer

Integrate it manually by reviewing the checklist during code reviews or audits, and complement it with tools like Slither for automated analysis. Start with the general review approach outlined in the README to systematically apply checks.

Question 2

Solcurity vs OpenZeppelin Contracts: which is better for security?

Accepted Answer

Solcurity is a manual audit standard, while OpenZeppelin provides pre-audited library code; use Solcurity to review custom contracts and OpenZeppelin for reusable components. They serve different purposes—combining both can enhance overall security.

Question 3

What are the top vulnerabilities Solcurity helps prevent?

Accepted Answer

It covers common issues like reentrancy (SWC-107), integer overflows (SWC-101), and front-running (SWC-114), with specific checks such as F6 and C1 referencing SWC entries for targeted mitigation.

Question 4

Can Solcurity be used with fuzzing tools like Echidna?

Accepted Answer

Yes, Solcurity encourages fuzzing (P3) and provides checks like C49 for tightening inputs, but it doesn't include tool integration—you'll need to set up Echidna separately and apply the standard manually.

Question 5

Is Solcurity updated for Solidity 0.8.x features?

Accepted Answer

It includes checks for modern syntax like using unchecked blocks (C44) and avoiding old patterns, but as a static repository, verify updates on GitHub for compatibility with the latest Solidity versions.

Question 6

How does Solcurity handle NFT contract security?

Accepted Answer

While not NFT-specific, its general checks on variables, functions, and external calls apply, but you may need to supplement with NFT-focused best practices for token standards like ERC-721.

The Solcurity Standard

What is The Solcurity Standard?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions