solhint

Best Practise Rules

Rule Id Error Recommended
code-complexity Function has cyclomatic complexity “current” but allowed no more than maxcompl.  
function-max-lines Function body contains “count” lines but allowed no more than maxlines.  
max-line-length Line length must be no more than maxlen.  
max-states-count Contract has “some count” states declarations but allowed no more than maxstates. ✔️
no-empty-blocks Code contains empty block. ✔️
no-unused-vars Variable “name” is unused. ✔️
payable-fallback When fallback is not payable you will not be able to receive ethers. ✔️
reason-string Require or revert statement must have a reason string and check that each reason string is at most N characters long. ✔️
constructor-syntax Constructors should use the new constructor keyword.  

Miscellaneous

Rule Id Error Recommended
comprehensive-interface Check that all public or external functions are override. This is iseful to make sure that the whole API is extracted in an interface.  

Style Guide Rules

Rule Id Error Recommended
quotes Use double quotes for string literals. Values must be ‘single’ or ‘double’. ✔️
const-name-snakecase Constant name must be in capitalized SNAKE_CASE. ✔️
contract-name-camelcase Contract name must be in CamelCase. ✔️
event-name-camelcase Event name must be in CamelCase. ✔️
func-name-mixedcase Function name must be in camelCase. ✔️
func-param-name-mixedcase Function param name must be in mixedCase  
modifier-name-mixedcase Modifier name must be in mixedCase.  
private-vars-leading-underscore Private and internal names must start with a single underscore.  
use-forbidden-name Avoid to use letters ‘I’, ‘l’, ‘O’ as identifiers. ✔️
var-name-mixedcase Variable name must be in mixedCase. ✔️
func-order Function order is incorrect.  
imports-on-top Import statements must be on top. ✔️
ordering Check order of elements in file and inside each contract, according to the style guide  
visibility-modifier-order Visibility modifier must be first in list of modifiers. ✔️

Security Rules

Rule Id Error Recommended
avoid-call-value Avoid to use “.call.value()()”. ✔️
avoid-low-level-calls Avoid to use low level calls. ✔️
avoid-sha3 Use “keccak256” instead of deprecated “sha3”. ✔️
avoid-suicide Use “selfdestruct” instead of deprecated “suicide”. ✔️
avoid-throw “throw” is deprecated, avoid to use it. ✔️
avoid-tx-origin Avoid to use tx.origin. ✔️
check-send-result Check result of “send” call. ✔️
compiler-version Compiler version must satisfy a semver requirement. ✔️
func-visibility Explicitly mark visibility in function. ✔️
mark-callable-contracts Explicitly mark all external contracts as trusted or untrusted.  
multiple-sends Avoid multiple calls of “send” method in single transaction. ✔️
no-complex-fallback Fallback function must be simple. ✔️
no-inline-assembly Avoid to use inline assembly. It is acceptable only in rare cases. ✔️
not-rely-on-block-hash Do not rely on “block.blockhash”. Miners can influence its value. ✔️
not-rely-on-time Avoid to make time-based decisions in your business logic. ✔️
reentrancy Possible reentrancy vulnerabilities. Avoid state changes after transfer. ✔️
state-visibility Explicitly mark visibility of state. ✔️

References