Smart contracts are a huge innovation that could be only enabled by blockchain. Yet still, they should be taken with extra care by both users and developers. Here’s a word of advice for both of them.
Smart contracts equip the developers with a wide array of tools, allowing them to create exciting new products. However, the same properties that ensure that a blockchain is democratic and censorship-free, also make it possible for absolutely everyone to deploy their products easily, including developers without sufficient experience and bad actors.
With the advice below, our aim is to make users aware of some of the factors that contribute to a project’s trustworthiness. You will also find tips for developers on how to avoid surprises when deploying on the Aleph Zero chain.
Let’s get down to it.
Advice for smart contract users
Users should be aware of two key things when interacting with smart contracts:
- Make sure you are able to see the code of the contract you’re interacting with: if the creators haven’t published their repository, it is natural to question the quality of the code (and, by extension, the security of your coins). It would be unreasonable to expect everyone to be able to verify the code’s correctness, but you should be able to at least verify that the code is published. If it’s not–it’s a big red flag. Think of interacting with such smart contracts as signing a document you’re not able to view. Sounds unreasonable, to say the least.
- Make sure the contract you’re interacting with has been audited. Smart contracts are critical pieces of code that potentially handle users’ tokens–any amount can be significant to the user. As such, they should be written and audited with extreme care and diligence. Make sure that the contract has the stamp of approval of a respectable audit firm and that the results of the audit are available for you to view. This is the best way for you to verify that the developers do everything to ensure that the code is secure
You can also ask yourself:
- Do you trust the team behind the product? If you can’t verify who is behind the product and what’s their track record, your investment is inherently more risky. We are aware that some developers and blockchain users value their anonymity above all else, so this one is to decide at your own discretion.
- Do you see the value/utility of the product? It can be easy to fall prey to a good marketing strategy and promises of quick returns. However, ideally, when you invest or lock your assets in any smart contract, it is because you believe in the product’s mission statement and can see how it is useful.
Of course, the above is just a very rough framework designed to help you make your decision and shouldn’t be regarded as an ultimate decision process. Do your own research and think critically.
Advice for smart contract developers
Make sure you know the language
This one is imperative and not exclusive to smart contract development. As with any software product, writing smart contracts requires you to be proficient in the language of your choice. On the Aleph Zero blockchain that language is Ink! and we encourage you to follow our guides and the official Ink! guides. You can find links to both in the Aleph Zero Developer portal: https://alephzero.org/developers
Test your contracts locally
Ink! comes with tooling that allows you to write two kinds of tests locally:
- Unit tests: good for testing the fine-grained functionality of your contract. While they won’t tell you if your contract runs well as a whole, they are incredibly useful for catching small errors. Ensuring your contract has a good unit test coverage will make your code more robust and the development process more efficient.
- End-to-end tests: a new feature in Ink! 4.0 allows you to test the whole functionality of your application before deploying it to the Testnet. Make sure your local testing pipeline includes end-to-end tests as well as unit tests.
You can also use ink-wrapper to perform end-to-end tests on Aleph Zero.
Test your contracts on the Testnet
The Aleph Zero Testnet is built from the same codebase as the Mainnet and the configuration is identical. For obvious reasons, the Mainnet is ‘behind’ on all updates to make sure they have been properly tested (usually this testing period is one month) but you can be sure that what you’re seeing on the Testnet will be on the Mainnet as well.
As such, the best way of ensuring a smooth Mainnet deployment is thoroughly testing your smart contract code on Testnet. Good testing practices include testing for corner cases:
- What happens if a large number of users interact with the contract?
- What happens when very large numbers/strings are input?
- What if someone tries to interact with the contract in an unexpected way?
These are just a few examples of what the tests should cover, and we encourage you to expand your testing practices way beyond these basics.
Don’t overoptimize from the get-go
Premature optimization is the root of all evil
The above quote is true for all software development but especially so for smart contracts on Aleph Zero. While you might be used to spending vast amounts of time optimizing gas usage by doing very advanced hacks, we encourage you to focus on security and correctness first.
Of course, this doesn’t mean that you can be careless when creating your algorithms and designing storage, but as long as you are reasonable in these areas, you should be able to focus on your actual logic instead of saving on gas fees. We will stress this once again: security and correctness should come first.
Additionally, if you follow good testing practices, you’ll be able to fine-tune your gas usage only after getting your logic correct. The combination of unit tests, end-to-end tests, and manual testing on Testnet should allow you to do changes without worrying about regressions.