Will come back to do a proper review of this, but initial thoughts are:
I think there's lots of ways to validate inputs on-chain which are commonly recommended, i.e. check that we aren't passing address(0) or a 0 amount when not expected
Should external input validation be included in this repo?
I think if so then we should include it as a secondary consideration, i.e. "Here's how and why to validate inputs on-chain" and then supplementary, "Here's how and why to validate inputs off-chain"
Maybe we can also talk about patterns like two-step ownership transfers which do a really good job for extra sensitive inputs
Added lack-of-input-validation as a response to issue 48