A practical security reference for Algorand developers using Algorand TypeScript and Algorand Python. Covers common vulnerabilities with concrete code examples showing both the vulnerable pattern and the secure fix.
Warning
This is a work in progress at an early stage. It is not definitive or complete.
See guide.md for the full guide covering:
- Smart Contracts vs Logic Signatures
- Access Control
- Fee Management
- Transaction & Input Validation
- ASA Configuration Security
- Rekeying & Account Draining
- Group Transaction Security
- State Management & Storage Security
- Arithmetic Safety
- Updatability & Deletability
- Randomness, Secrets & Oracles
- Key Management & Deployment
- Security Tooling & Audit
- Off-Chain & Operational Security
Runnable smart contract examples with tests live in smart-contract-examples/.
- AlgoKit installed
- Node.js >= 22
- AlgoKit LocalNet running (
algokit localnet start)
cd smart-contract-examples/projects/smart-contract-examples
npm install
npm run build
npm test