Secure Design Patterns for Solidity Smart Contracts

By Anastasia K.4 min readMarch 21, 2026

Importance of Secure Design Patterns

Secure design patterns are reusable solutions to common problems in software design, specifically tailored for Solidity smart contracts. By following these patterns, developers can create robust contracts that withstand various attack vectors, ensuring the integrity and reliability of decentralized applications (dApps).

Common Secure Design Patterns

1. Checks-Effects-Interactions Pattern

The Checks-Effects-Interactions pattern is a fundamental design principle that helps prevent reentrancy attacks. This pattern ensures that all checks are performed before any state changes and external calls are made.

Implementation Example:

pragma solidity ^0.8.0;

contract SecureContract {
    mapping(address => uint256) public balances;

    function withdraw(uint256 amount) public {
        require(balances[msg.sender] >= amount, "Insufficient balance");

        // Effects: Update state before external call
        balances[msg.sender] -= amount;

        // Interactions: Call external contract
        payable(msg.sender).transfer(amount);
    }
}

In this example, the contract checks the user's balance before reducing it, ensuring that the state is updated before any external call is made.

2. Pull Over Push Payment Pattern

The Pull Over Push Payment pattern is an effective way to handle payments in a secure manner. Instead of pushing payments to users, which can lead to unexpected behaviors, this pattern allows users to withdraw funds themselves.

Implementation Example:

pragma solidity ^0.8.0;

contract PaymentContract {
    mapping(address => uint256) public pendingWithdrawals;

    function deposit() public payable {
        pendingWithdrawals[msg.sender] += msg.value;
    }

    function withdraw() public {
        uint256 amount = pendingWithdrawals[msg.sender];
        require(amount > 0, "No funds to withdraw");

        // Effects: Clear the withdrawal amount before making the transfer
        pendingWithdrawals[msg.sender] = 0;

        // Interactions: Transfer funds to the user
        payable(msg.sender).transfer(amount);
    }
}

This pattern minimizes the risk of reentrancy attacks by allowing users to pull their payments rather than the contract pushing them.

3. Circuit Breaker Pattern

The Circuit Breaker pattern provides a mechanism to pause contract operations in case of emergencies, such as discovering a vulnerability. This allows developers to halt contract functionality until the issue is resolved.

Implementation Example:

pragma solidity ^0.8.0;

contract CircuitBreaker {
    bool public stopped;

    modifier stopInEmergency {
        require(!stopped, "Contract is paused");
        _;
    }

    function toggleContractActive() public {
        stopped = !stopped;
    }

    function withdraw(uint256 amount) public stopInEmergency {
        // Withdrawal logic here
    }
}

By using the stopInEmergency modifier, critical functions can be halted, providing a safety net against potential attacks.

4. Ownership and Role-Based Access Control

Implementing ownership and role-based access control is crucial for managing permissions within a smart contract. The OpenZeppelin library provides a robust implementation of these patterns.

Implementation Example:

pragma solidity ^0.8.0;

import "@openzeppelin/contracts/access/Ownable.sol";

contract RoleBasedAccess is Ownable {
    mapping(address => bool) public admins;

    modifier onlyAdmin() {
        require(admins[msg.sender], "Caller is not an admin");
        _;
    }

    function addAdmin(address admin) public onlyOwner {
        admins[admin] = true;
    }

    function removeAdmin(address admin) public onlyOwner {
        admins[admin] = false;
    }

    function restrictedFunction() public onlyAdmin {
        // Restricted logic here
    }
}

This pattern ensures that only authorized users can execute certain functions, enhancing contract security.

5. Time Lock Pattern

The Time Lock pattern introduces a delay mechanism for critical operations, providing a buffer period during which stakeholders can react to potentially malicious actions.

Implementation Example:

pragma solidity ^0.8.0;

contract TimeLock {
    mapping(address => uint256) public lastActionTime;
    uint256 public timeLockDuration = 1 days;

    function performAction() public {
        require(block.timestamp >= lastActionTime[msg.sender] + timeLockDuration, "Action is time-locked");

        // Perform the action
        lastActionTime[msg.sender] = block.timestamp;
    }
}

By implementing a time lock, this pattern helps prevent rapid execution of critical functions, allowing for community oversight.

Summary of Secure Design Patterns

Design Pattern	Description
Checks-Effects-Interactions	Prevents reentrancy by ensuring checks before state changes.
Pull Over Push Payment	Allows users to withdraw funds, reducing reentrancy risk.
Circuit Breaker	Enables pausing contract operations in emergencies.
Ownership and Role-Based Access	Manages permissions effectively using ownership models.
Time Lock	Introduces a delay for critical actions to prevent abuse.

Conclusion

Implementing secure design patterns in Solidity smart contracts is crucial for safeguarding against vulnerabilities and ensuring the integrity of decentralized applications. By adopting these patterns, developers can create resilient contracts that withstand various attack vectors, ultimately fostering trust in the blockchain ecosystem.

Learn more with useful resources: