Modern, gas-efficient security primitives for Solidity
Minimal. Modular. Rebuilt from first principles.
💡 Millions of dollars worth of ETH are permanently lost to contracts every year due to preventable mistakes. BuildsWithKing-Security helps developers protect their users from day one.
This repository has not undergone a formal audit.
Use at your own risk.
Always conduct a security review before deploying to production.
📦 This repo contains contracts only — optimised for lightweight importing.
Full test suite (unit tests, fuzz tests, mock contracts) lives here: buildswithking-kingsecurity
BuildsWithKing-Security provides a collection of lightweight, developer-friendly modules designed to help you build secure smart contracts without unnecessary complexity.
Unlike large frameworks, these modules are:
- Rebuilt from scratch — no copy-pasting OpenZeppelin
- Readable and transparent
- Gas-optimized
- Focused on core security primitives
Inspired by the reliability of OpenZeppelin, but intentionally simpler and more modular for learning, auditing, and extending.
- Security First — Every module is designed around defensive programming and modern Solidity best practices.
- Gas Efficiency — No bloated inheritance chains; minimal storage writes; optimized modifiers.
- Fully Tested — Unit tests, fuzz tests and mock contracts via Foundry. View test suite →
- Educational — Includes attack simulation contracts so developers understand why each protection matters.
Every day, users and developers accidentally send ETH to contract addresses. Without a recovery mechanism, those funds are permanently lost. No admin can help. No support ticket fixes it. The money simply disappears.
KingClaimMistakenETH solves this by allowing anyone who accidentally sends ETH to a contract to claim it back themselves — no owner, no admin, no middleman required.
Features:
- Self-service recovery — no admin or owner required
- Reentrancy protected via
KingReentrancyGuard - Supports alternate address claiming via
claimMistakenETHTo() - Tracks total mistaken ETH balance and historical deposits
Usage:
import {KingClaimMistakenETH} from "@buildswithking-security/access/guards/KingClaimMistakenETH.sol";
contract MyContract is KingClaimMistakenETH {
// Users can now recover accidentally sent ETH themselves
// No admin needed. No funds lost forever.
}Prevents attackers from draining contracts through recursive calls — one of the most common and costly vulnerabilities in DeFi.
Features:
- Lightweight
nonReentrantmodifier - Gas-optimized lock mechanism
- Compatible with all contract types
Usage:
import {KingReentrancyGuard} from "@buildswithking-security/access/security/KingReentrancyGuard.sol";
contract MyContract is KingReentrancyGuard {
function withdraw() external nonReentrant {
// Protected from reentrancy attacks
}
}The library also includes
KingReentrancyAttackerandKingVulnerableContract— educational contracts that demonstrate exactly how reentrancy attacks are constructed and why the CEI pattern and guards are non-negotiable.
KingReentrancyGuard— Prevents reentrant callsKingClaimMistakenETH— Self-service recovery for accidentally sent ETHKingRejectETH— Rejects direct ETH transfers for safety hardening
Kingable— Single owner access controlKingAccessControlLite— Lightweight role-based accessKingImmutable— Immutable owner patternKingableContracts— Contract-only access restrictionKingableEOAs— EOA-only access restrictionKingablePausable— Hybrid ownership and pausing
KingPausable— Pause and activate contracts
KingCheckAddressLib— Address validation libraryKingReentrancyAttacker— Attack simulation for testingKingVulnerableContract— Vulnerable contract for educational use
KingERC20— Gas-clean core ERC20 token- Extensions:
KingERC20Burnable,KingERC20Mintable,KingERC20Capped,KingERC20Pausable - Interfaces:
IERC20,IERC20Metadata - Errors:
KingERC20Errors
contracts
├── access
│ ├── core
│ │ ├── KingAccessControlLite.sol
│ │ ├── KingImmutable.sol
│ │ └── Kingable.sol
│ ├── extensions
│ │ ├── KingPausable.sol
│ │ ├── KingableContracts.sol
│ │ ├── KingableEOAs.sol
│ │ └── KingablePausable.sol
│ ├── guards
│ │ ├── KingClaimMistakenETH.sol
│ │ └── KingRejectETH.sol
│ ├── security
│ │ └── KingReentrancyGuard.sol
│ └── utils
│ ├── KingCheckAddressLib.sol
│ ├── KingReentrancyAttacker.sol
│ └── KingVulnerableContract.sol
└── tokens
├── ERC20
│ ├── KingERC20.sol
│ ├── extensions
│ │ ├── KingERC20Burnable.sol
│ │ ├── KingERC20Capped.sol
│ │ ├── KingERC20Mintable.sol
│ │ └── KingERC20Pausable.sol
│ └── interfaces
│ ├── IERC20.sol
│ └── IERC20Metadata.sol
└── errors
└── KingERC20Errors.sol
forge install BuildsWithKing/buildswithking-securitySpecific version:
forge install BuildsWithKing/buildswithking-security@v1.5.0Add this to your foundry.toml:
remappings = [
"@buildswithking-security/=lib/buildswithking-security/contracts/"
]Usage Example:
import {Kingable} from "@buildswithking-security/access/core/Kingable.sol";
import {KingReentrancyGuard} from "@buildswithking-security/access/security/KingReentrancyGuard.sol";
import {KingClaimMistakenETH} from "@buildswithking-security/access/guards/KingClaimMistakenETH.sol";
contract MyContract is Kingable, KingReentrancyGuard, KingClaimMistakenETH {
// Your secure logic here
}git clone --branch v1.5.0 https://github.com/BuildsWithKing/buildswithking-security.git lib/buildswithking-securityThen configure your foundry.toml the same way as above.
Pin to a specific commit hash for safety:
import "https://github.com/BuildsWithKing/buildswithking-security/blob/<commit-hash>/contracts/access/security/KingReentrancyGuard.sol";Pull requests are welcome!
If you'd like to add new security modules or improve existing ones, fork the repo and open a PR.
All contributions will be reviewed for security soundness and code quality before merging.
Built and maintained by Michealking (@BuildsWithKing)
Solidity Smart Contract Developer | Web3 Security Builder | Foundry
-000000.svg?style=for-the-badge&logo=twitter&logoColor=white){kind=icon}
This project is licensed under the MIT License.
Current stable release: v1.6.0