# Using Q-Remix Safely Q-Remix is a free-to-use, zero-setup IDE that welcomes developers of all backgrounds—including those new to blockchain or without formal coding experience. While this openness supports innovation and learning, it also creates opportunities for malicious actors to exploit unsuspecting users. To maintain a safe and secure development environment, follow these key practices when using Q-Remix: #### 1. Avoid Blind Copy-Pasting from Untrusted Sources Copying code from forums, videos, Discord messages, or blogs without verification is a common—and dangerous—mistake. Even seemingly harmless snippets can include hidden logic designed to: * Steal funds or tokens from users * Leak private keys * Inject backdoor access to your contracts **Always:** * Read and understand every line of code you paste * Ask AI assistants or peers for clarification if unsure * Prefer official documentation, vetted libraries (e.g., OpenZeppelin), or code you write yourself #### 2. Double-Check Before Deploying Before deploying any contract to a live network: * Manually inspect **all functions, modifiers, and access controls** * Test thoroughly using a testnet or Remix's built-in VM (virtual machine) * Be cautious of contracts you didn’t write or fully audit **Tip:** Use the Q-Remix terminal to simulate interactions before deployment, and monitor all logs during testing. #### 3. Always Pin Your Imports When importing contracts or libraries (e.g., from GitHub or OpenZeppelin), use **version-pinned imports** to guarantee predictable and secure builds. **Avoid**: ```solidity import "@openzeppelin/contracts/token/ERC20/ERC20.sol"; // version not specified ``` **Use**: ```solidity import "@openzeppelin/contracts@4.7.3/token/ERC20/ERC20.sol"; // version pinned ``` **Why it matters**: * Prevents sudden behavioral changes due to library updates * Ensures that testing and deployment environments are consistent * Helps auditors and collaborators validate your code with certainty #### General Safety Tips * Be skeptical of unsolicited contract templates or advice from anonymous sources. * Use hardware wallets or secure storage methods for private keys during testing. * Enable **Read-Only Mode** if auditing or reviewing unknown contracts. By following these practices, you help protect not just your own development, but the integrity of the broader decentralized ecosystem. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.qremix.org/introduction/using-q-remix-safely.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.