Smart Contract Do's & Don'ts

June 30, 2020

Smart contracts can be intimidating. Whether you're just getting into the world of blockchain or you're a seasoned blockchain app developer, these 5 principles cover some basic Do's and Don'ts of smart contract development.

1. Add Circuit Breakers

Do ‒ Add a circuit breaker to your smart contract

Smart contracts can't be changed after deployment. Always include a circuit breaker in your contract to reduce unnecessary (and expensive) bugs.

Don't ‒ Let contracts run without oversight

Allowing contracts to run without oversight is high-risk because contracts are irreversible and immutable (and discovering a vulnerability after deployment can be risky and expensive).

2. Encrypt Data

Do ‒ Encrypt all sensitive data in contract storage

Data on public blockchains can be read by anybody, so encrypting sensitive data is an absolute must to preserve security and privacy.

Don't ‒ Assume private variables will hide your data (they won’t)

Private variables within a smart contract are not actually private. "Private" means within the execution scope of the contract, but the data is public and can be read by anyone.

3. Add Limits

Do ‒ Enforce per transaction and rate limits

Smart contracts are immutable and bugs or errors can have significant unintended consequences. Enforcing rate limits helps mitigate risk.

Don't ‒ Permit uncontrolled loops, transfers and rates

Uncontrolled loops, transfers, and rates increase risk and potential for damage, including unintentionally depleting funds.

4. Check Inputs

Do ‒ Check all inputs before using them in code

Because smart contracts are immutable, fixing errors is incredibly expensive and checking inputs before using them in code mitigates errors. “Fail Fast” is a good tenet for your code.

Don't ‒ Make any assumptions about input values

Making assumptions can leave room for errors and cause smart contracts to execute code in a way that was not initially intended.

5. Minimize On-chain Data

Do ‒ Keep smart contracts small and modular

Every line of code in a smart contract costs money to execute and storing data is incredibly expensive.

Don't ‒ Store unnecessary data on-chain

A best practice is to store a pointer to data in a smart contract, rather than storing the data itself. For example, data can be stored using decentralized data storage providers such as Sia or IPFS.

Smart contract development can be confusing, using great tools can make it easier. These best practices (and more!) are built into DappStarter, our full-stack blockchain application generator.