# Security Mechanisms

Security is critical in a decentralized marketplace. This contract implements **several security checks** to prevent unauthorized access and manipulation.

#### **2.1 Ownership Checks**

* Only **the original offer owner** can **cancel a sell or buy order**.
* **Sellers must own the NFTs** before listing them for sale.

#### **2.2 Trade Validations**

* **Preventing invalid amounts:**
  * Offers with `0` price or NFTs are **rejected**.
  * Users **cannot overbuy or oversell** assets.
* **Currency Type Checks:**
  * Buyers and sellers **must use the correct token** (`CURRENCY`).
  * Trade Ledgers only accept transactions in **registered currencies**.

#### **2.3 Preventing Overflows**

To prevent integer overflows, all calculations use **safe arithmetic**:

```move
moveCopyEditfun safe_add(a: u64, b: u64): u64 {
    assert!(a <= MAX_U64 - b, E_OVERFLOW);
    a + b
}
```

This ensures that **large trades** don’t cause **unexpected errors**.

#### **2.4 Deny List Enforcement**

* If a collection enables **deny lists**, **restricted users** cannot trade.
* The deny list is managed **by the collection owner**.

***

### **3. Best Practices for Integration**

To ensure smooth integration with this contract, follow these **best practices**:

#### **3.1 Listening for Events**

Marketplace applications should **subscribe** to blockchain events for real-time updates.

* **Example:** Track new orders using `OfferCreated` events.
* **Example:** Remove orders when `OfferAccepted` or `OfferCancelled` events are detected.

#### **3.2 Validating User Inputs**

Before calling contract functions:

* Ensure that **users own the NFTs** they want to sell.
* Verify that **buyers have enough funds** before accepting offers.
* Handle **error codes** gracefully in the frontend.

#### **3.3 Batch Transactions for Efficiency**

* **Encourage batch processing** of multiple buy/sell offers to **reduce gas fees**.
* **Example:** A buyer can purchase **10 NFTs in a single transaction** using `batch_accept_offers`.

#### **3.4 Price Indexing**

* Use `get_price_levels()` to fetch **sorted price levels**.
* Enable **efficient price discovery** by listing NFTs **based on indexed prices**.

#### **3.5 Handling Partial Fills**

* Orders may **partially fill**, so the UI should **update the order status dynamically**.
* Example:
  * If a sell order is **partially filled**, update the remaining quantity.
  * If a buy order is **partially accepted**, adjust the **requested asset count**.

#### **3.6 Preventing Front-Running**

* Users should **refresh their data** before confirming trades.
* Frontend applications can **pre-check availability** before calling `accept_offer`.