Security checklists for Ethereum smart contract development: patterns and best practices

Context: Smart contracts and DApps are becoming increasingly important and widespread. DApps are often business-critical, and strong security guarantees must be ensured. However, developing safe and reliable smart contracts remains a challenging task. Despite growing literature, simple and actionable tools to address security issues are still lacking. Objective: This study identifies design patterns and best practices for DApp security. We categorize them into twelve critical areas based on their security goals and map them to the architecture of decentralized applications. For each item, we define concrete actions to support secure implementation. These are further structured into three security assurance checklists. Method: We analyze existing literature and manually review 224 security items, consolidating duplicates and harmonizing terminology. This process results in 84 unique items, divided into 36 design patterns and 48 best practices, further grouped into 12 categories. We also map the items into three checklists based on the development phase of DApp lifecycle. Finally, for each pattern and practice, we derive 374 actionable security tasks to guide secure development. Results: To the best of our knowledge, this is the most comprehensive and structured collection of DApp security items to date. The proposed framework and checklists help developers ensure the consistent and complete application of secure design principles. Conclusion: Focusing on Ethereum and Solidity, we present a comprehensive framework for improving DApp security. Our work supports ongoing efforts to reduce vulnerabilities in decentralized applications and provides developers with practical tools to build safer, more reliable systems.