I’m about to deploy Smart contract Token for a project tokenomic.
After few reads and understanding of the few historic exploit that happened on various projects,
Can we conclude that the best way to avoid “exploit” & “hack” is to write the simpliest smart contract, with only mandatory function like send / receive / read and avoid to add any extra function.
No burn, no mint, no transferowner, nothing
Handle the lock/unlock manualy from seed wallet and ensure the seedpassphrase of this wallet is never compromised by anyone else who isn’t in charge of this wallet.
You’re asking a very controversial and philosophical question.
You should do your best to follow best security practices no matter how simple or how complex a project is. The solution is not “make a simple product” because that philosophy generally makes lackluster products that does not appeal to customers. Great products and security can coexist. If you’re pushing for security, just don’t be the block that stops innovation.
@Yoshiko raises important considerations. That being said, it’s true that reducing code complexity can result in a system easier to understand and to implement, less prone to bugs or confusion. Reduced functionality also results in reduced attack surface.
Nevertheless, there is no direct relationship between code size and security. Sometimes you need to add code to fix something, sometimes you need to remove it ¯\(ツ)/¯