> For the complete documentation index, see [llms.txt](https://shepherd-1.gitbook.io/shepherd/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://shepherd-1.gitbook.io/shepherd/additional-info/best-practices-and-tips.md).

# Best Practices & Tips

### Writing Effective Hypotheses

**Be specific about:**

* Exact vulnerability types (reentrancy, overflow, access control)
* Function names and contract interactions
* Attacker capabilities and constraints
* Expected exploitation outcomes

**Include context:**

* Initial state and balances
* Timing and ordering assumptions
* External dependencies or oracles

**Iterate and refine:**

* Start broad, then narrow based on findings
* Use results from one test to inform the next
* Test edge cases and boundary conditions

***

### Selecting Contracts and Functions

**Prioritize high-risk areas:**

* Functions that transfer value or tokens
* Access control and authorization logic
* External calls and cross-contract interactions
* State-changing operations

**Test systematically:**

* Begin with critical entry points
* Work through related function chains
* Test cross-contract scenarios
* Cover edge cases last

***

### Optimizing Performance

**Zip file organization:**

* Keep files well-organized in logical directories
* Include only necessary contracts and artifacts
* Remove test files and mock contracts unless needed

**Hypothesis scope:**

* Focus each hypothesis on one vulnerability class
* Break complex scenarios into multiple tests
* Use multiple contract chunks for cross-contract exploits
