Skip to content

docs: add security best practices guide #204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
0xbyt4 wants to merge 1 commit into
base: master
Choose a base branch
from
Open

docs: add security best practices guide #204

0xbyt4 wants to merge 1 commit into from

Conversation

@0xbyt4
Copy link

@0xbyt4 0xbyt4 commented Dec 13, 2025

Summary

Addresses #147

This PR adds a comprehensive security documentation file (docs/security.md) covering essential security patterns and best practices for developers building with the Base Account SDK.

What's Included

Transaction Security

  • Safe nonce management with pending nonce retrieval
  • Gas limit estimation with configurable safety buffers
  • Multi-confirmation verification before UI state updates

Smart Contract Interactions

  • Reentrancy protection patterns (contract + client-side)
  • EIP-712 typed data signing for replay attack prevention

General Security Guidelines

  • Input validation patterns
  • Error handling without exposing sensitive data
  • Client-side rate limiting
  • Secure storage recommendations

Additional

  • Security checklist for deployment readiness
  • Links to additional security resources

Code Examples

All sections include practical TypeScript code examples that developers can use directly in their applications.

Test Plan

  • Documentation renders correctly in markdown
  • Code examples are syntactically correct
  • Links to external resources are valid

@0xbyt4
docs: add security best practices guide
0c0070b 
Addresses base#147

This commit adds a comprehensive security documentation file covering:

- Safe nonce management with pending nonce retrieval
- Gas limit estimation with safety buffers
- Multi-confirmation verification patterns
- Reentrancy protection (contract and client-side)
- EIP-712 typed data signing for replay attack prevention
- General security guidelines (input validation, error handling, rate limiting)
- Security checklist for deployment readiness

The guide includes practical TypeScript code examples that developers
can use directly in their applications.
@cb-heimdall
Copy link
Collaborator

cb-heimdall commented Dec 13, 2025

🟡 Heimdall Review Status

Requirement Status More Info
Reviews 🟡 0/1
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 0
Global minimum 0
Max 1
1
1 if commit is unverified 1
Sum 2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@0xbyt4 @cb-heimdall