Best Practise Rules

Rule Id Error Recommended Deprecated
code-complexity Function has cyclomatic complexity “current” but allowed no more than maxcompl.    
explicit-types Forbid or enforce explicit types (like uint256) that have an alias (like uint). $~~~~~~~~$✔️  
function-max-lines Function body contains “count” lines but allowed no more than maxlines.    
max-line-length Line length must be no more than maxlen.    
max-states-count Contract has “some count” states declarations but allowed no more than maxstates. $~~~~~~~~$✔️  
no-console No console.log/logInt/logBytesX/logString/etc & No hardhat and forge-std console.sol import statements. $~~~~~~~~$✔️  
no-empty-blocks Code block has zero statements inside. Exceptions apply. $~~~~~~~~$✔️  
no-global-import Import statement includes an entire file instead of selected symbols. $~~~~~~~~$✔️  
no-unused-import Imported object name is not being used by the contract. $~~~~~~~~$✔️  
no-unused-vars Variable “name” is unused. $~~~~~~~~$✔️  
one-contract-per-file Enforces the use of ONE Contract per file see here $~~~~~~~~$✔️  
payable-fallback When fallback is not payable and there is no receive function you will not be able to receive currency. $~~~~~~~~$✔️  
reason-string Require or revert statement must have a reason string and check that each reason string is at most N characters long. $~~~~~~~~$✔️  
constructor-syntax Constructors should use the new constructor keyword.    

Style Guide Rules

Rule Id Error Recommended Deprecated
interface-starts-with-i Solidity Interfaces names should start with an I    
const-name-snakecase Constant name must be in capitalized SNAKE_CASE. (Does not check IMMUTABLES, use immutable-vars-naming) $~~~~~~~~$✔️  
contract-name-camelcase Contract, Structs and Enums should be in CamelCase. $~~~~~~~~$✔️  
event-name-camelcase Event name must be in CamelCase. $~~~~~~~~$✔️  
foundry-test-functions Enforce naming convention on functions for Foundry test cases    
func-name-mixedcase Function name must be in mixedCase. $~~~~~~~~$✔️  
func-named-parameters Enforce named parameters for function calls with 4 or more arguments. This rule may have some false positives    
func-param-name-mixedcase Function param name must be in mixedCase.    
immutable-vars-naming Check Immutable variables. Capitalized SNAKE_CASE or mixedCase depending on configuration. $~~~~~~~~$✔️  
modifier-name-mixedcase Modifier name must be in mixedCase.    
named-parameters-mapping Solidity v0.8.18 introduced named parameters on the mappings definition.    
private-vars-leading-underscore Non-external functions and state variables should start with a single underscore. Others, shouldn’t    
use-forbidden-name Avoid to use letters ‘I’, ‘l’, ‘O’ as identifiers. $~~~~~~~~$✔️  
var-name-mixedcase Variable name must be in mixedCase. (Does not check IMMUTABLES, use immutable-vars-naming) $~~~~~~~~$✔️  
func-order Function order is incorrect.   $~~~~~~~$✔️
imports-on-top Import statements must be on top. $~~~~~~~~$✔️  
ordering Check order of elements in file and inside each contract, according to the style guide.    
visibility-modifier-order Visibility modifier must be first in list of modifiers. $~~~~~~~~$✔️  

Gas Consumption Rules

Rule Id Error Recommended Deprecated
gas-calldata-parameters Suggest calldata keyword on function arguments when read only    
gas-custom-errors Enforces the use of Custom Errors over Require and Revert statements $~~~~~~~~$✔️  
gas-increment-by-one Suggest incrementation by one like this ++i instead of other type    
gas-indexed-events Suggest indexed arguments on events for uint, bool and address    
gas-length-in-loops Suggest replacing object.length in a loop condition to avoid calculation on each lap    
gas-multitoken1155 ERC1155 is a cheaper non-fungible token than ERC721    
gas-named-return-values Enforce the return values of a function to be named    
gas-small-strings Keep strings smaller than 32 bytes    
gas-strict-inequalities Suggest Strict Inequalities over non Strict ones    
gas-struct-packing Suggest to re-arrange struct packing order when it is inefficient    


Rule Id Error Recommended Deprecated
comprehensive-interface Check that all public or external functions are override. This is iseful to make sure that the whole API is extracted in an interface.    
quotes Enforces the use of double or simple quotes as configured for string literals. Values must be ‘single’ or ‘double’. $~~~~~~~~$✔️  

Security Rules

Rule Id Error Recommended Deprecated
avoid-call-value Avoid to use “.call.value()()”. $~~~~~~~~$✔️  
avoid-low-level-calls Avoid to use low level calls. $~~~~~~~~$✔️  
avoid-sha3 Use “keccak256” instead of deprecated “sha3”. $~~~~~~~~$✔️  
avoid-suicide Use “selfdestruct” instead of deprecated “suicide”. $~~~~~~~~$✔️  
avoid-throw “throw” is deprecated, avoid to use it. $~~~~~~~~$✔️  
avoid-tx-origin Avoid to use tx.origin. $~~~~~~~~$✔️  
check-send-result Check result of “send” call. $~~~~~~~~$✔️  
compiler-version Compiler version must satisfy a semver requirement. $~~~~~~~~$✔️  
func-visibility Explicitly mark visibility in function. $~~~~~~~~$✔️  
mark-callable-contracts Explicitly mark all external contracts as trusted or untrusted.   $~~~~~~~$✔️
multiple-sends Avoid multiple calls of “send” method in single transaction. $~~~~~~~~$✔️  
no-complex-fallback Fallback function must be simple. $~~~~~~~~$✔️  
no-inline-assembly Avoid to use inline assembly. It is acceptable only in rare cases. $~~~~~~~~$✔️  
not-rely-on-block-hash Do not rely on “block.blockhash”. Miners can influence its value. $~~~~~~~~$✔️  
not-rely-on-time Avoid making time-based decisions in your business logic.    
reentrancy Possible reentrancy vulnerabilities. Avoid state changes after transfer. $~~~~~~~~$✔️  
state-visibility Explicitly mark visibility of state. $~~~~~~~~$✔️