Skip to content
/ evm-payment-patterns Public

Security-first ETH settlement implementation. Demonstrates reentrancy-safe native value transfers using low-level calls and strict fallback segregation patterns.

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ismael6499/evm-payment-patterns

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

9 Commits
contracts
contracts
ย 
ย 
.gitignore
.gitignore
ย 
ย 
.prettierrc.json
.prettierrc.json
ย 
ย 
LICENSE
LICENSE
ย 
ย 
README.md
README.md
ย 
ย 

Repository files navigation

๐Ÿ’ธ Secure Settlement Core: EVM Payment Patterns

Solidity Security License

A robust reference implementation for handling native Ether (ETH) settlements on the EVM. This project establishes secure patterns for receiving, holding, and distributing value, addressing the obsolescence of legacy transfer methods.

Unlike deprecated .transfer() or .send() methodsโ€”which impose a hard 2300 gas limit incompatible with modern Smart Contract Wallets (Account Abstraction/Gnosis Safe)โ€”this architecture utilizes low-level call opcodes wrapped in defensive logic to ensure interoperability and safety.

๐Ÿ— Architecture & Design Decisions

1. Settlement Security (The .call Standard)

  • Forward-Compatible Transfers:
    • Implemented (bool success, ) = recipient.call{value: amount}("") to execute payouts.
    • Why: This prevents "Out of Gas" DoS attacks when interacting with complex receiver contracts (e.g., Multisigs or DAOs) that require more than 2300 gas to trigger their own receipts (receive functions).
  • Return Value Validation: Strict enforcement of the boolean success flag to prevent silent failures during value transfer.

2. Calldata Hygiene (Receive vs. Fallback)

  • Explicit Separation:
    • receive() external payable: Strictly handles empty-calldata ETH transfers (standard wallet sends).
    • fallback() external payable: Handles calls with data payload that do not match a function signature.
    • Benefit: clearly distinguishing intent allows the contract to reject erroneous interactions or implement distinct logic for pure funding vs. arbitrary execution attempts.

3. Checks-Effects-Interactions (CEI)

  • Reentrancy Mitigation:
    • State changes (balances updates) occur strictly before the external .call to the recipient. This architectural discipline neutralizes reentrancy vectors without necessarily relying on heavy ReentrancyGuard modifiers for simple transfer logic.

๐Ÿ›  Tech Stack

  • Core: Solidity ^0.8.24
  • Patterns: CEI (Checks-Effects-Interactions), Low-level Call
  • Standards: Solidity 0.6.x+ Payment Splitter conventions
  • License: GNU GPL v3

๐Ÿ“ Contract Interface

The implementation exposes a secured payout interface compatible with EOAs and Contract Wallets:

// Secure pattern for withdrawals
function withdraw() external {
    uint256 amount = address(this).balance;
    (bool success, ) = owner.call{value: amount}("");
    if (!success) revert TransferFailed();
}

About

Security-first ETH settlement implementation. Demonstrates reentrancy-safe native value transfers using low-level calls and strict fallback segregation patterns.

Topics

smart-contracts solidity payment-gateway security-patterns evm-settlement financial-primitives

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages