June 30, 2020
Smart contracts can be intimidating. Whether you're just getting into the world of blockchain or you're a seasoned blockchain app developer, these 5 principles cover some basic Do's and Don'ts of smart contract development.
Do ‒ Add a circuit breaker to your smart contract
Smart contracts can't be changed after deployment. Always include a circuit breaker in your contract to reduce unnecessary (and expensive) bugs.
Don't ‒ Let contracts run without oversight
Allowing contracts to run without oversight is high-risk because contracts are irreversible and immutable (and discovering a vulnerability after deployment can be risky and expensive).
Do ‒ Encrypt all sensitive data in contract storage
Data on public blockchains can be read by anybody, so encrypting sensitive data is an absolute must to preserve security and privacy.
Don't ‒ Assume private variables will hide your data (they won’t)
Private variables within a smart contract are not actually private. "Private" means within the execution scope of the contract, but the data is public and can be read by anyone.
Do ‒ Enforce per transaction and rate limits
Smart contracts are immutable and bugs or errors can have significant unintended consequences. Enforcing rate limits helps mitigate risk.
Don't ‒ Permit uncontrolled loops, transfers and rates
Uncontrolled loops, transfers, and rates increase risk and potential for damage, including unintentionally depleting funds.
Do ‒ Check all inputs before using them in code
Because smart contracts are immutable, fixing errors is incredibly expensive and checking inputs before using them in code mitigates errors. “Fail Fast” is a good tenet for your code.
Don't ‒ Make any assumptions about input values
Making assumptions can leave room for errors and cause smart contracts to execute code in a way that was not initially intended.
Do ‒ Keep smart contracts small and modular
Every line of code in a smart contract costs money to execute and storing data is incredibly expensive.
Don't ‒ Store unnecessary data on-chain
A best practice is to store a pointer to data in a smart contract, rather than storing the data itself. For example, data can be stored using decentralized data storage providers such as Sia or IPFS.
Smart contract development can be confusing, using great tools can make it easier. These best practices (and more!) are built into DappStarter, our full-stack blockchain application generator.