How to design smart contracts.
The article is inspired by @kazsatamai.
Follow him for more web3 design insights.
A smart contract is a program that is stored on a blockchain.
These programs are digital and will execute automatically when certain set conditions and terms are met.
It’s like a digital vending machine.You select a snack and put the agreed-upon money into the vending machine.The vending machine will dispense the snack.
Only you and the vending machine are involved in this transaction.As it’s automated, it is faster and more trustworthy.
The first step is to define the scope of the agreement & establish the terms of the agreement by all stakeholders.
Next, identify all the parties involved in executing the contract and determine the consensus strategy.
Start by determining the events which have the potential to trigger the implementation of the contract.
Think of any inputs that can impact the execution.
Identify the limitation(s) of the underlying blockchain platform.
Define the data elements.
Set conditions of execution based on the business logic.
A set of codes is developed and tested to represent the expected business contract.
In addition, the secure messaging and authentication protocol is set up between the parties to the contract.
Contract terms dictate the value flow.
Output is stored on a blockchain register which is immutable.
Once the contract gets executed, every ledger node gets updated with the newly acquired state.
Any new upgrades cannot be added.
By its design, a smart contract can go from a simple contract (a simple exchange of numerical value) to a very complex contract (a distributed autonomous organization)
Make sure your contract addresses a single problem.
You can keep the code & functions small by modularizing the code
Analyze and separate application data into on-chain & off-chain data.
Design the state variables so that it is efficient in storing on-chain data, while off-chain data can be handled by high-level applications.
Sensitive information should not be stored in a smart contract.
Every interaction on Ethereum requires users to pay a gas fee.
Look for ways to minimize this during the design so that users and even developers do not consume more gas than necessary.
Your smart contract code should be able to respond to errors and vulnerabilities.
If errors occur:
- Rules/code to interrupt the contract whenever a deviation is observed.
- limiting how much money the contract manages, thereby limiting risk.
- Provisions for updating, troubleshooting, and improvement.
Oracles help the contract improve itself by receiving external streams from trusted sources.
Be cautious as external contract calls may allow malicious code execution.
You should avoid external calls whenever possible.
Try to complete all internal work first before calling the external function.
Use pull-over push for external calls to prevent a denial of service attack.
Especially when it comes to payment, it is recommended that a pull or withdrawal mechanism be established to obtain funds.
Do not depend on the timestamp to execute a smart contract.
Especially risky for smart contracts related to transferring funds.
Do not use them for setting a contract's expiry period.
Conduct a review of the type of data before using it in your smart contract.
While there are 4 visibility modifiers on Solidity, anything that is in a contract can be observed on the blockchain, even with the “private” modifier.
You need closely observe the functions that include any statements.
Data on the blockchain is visible to anyone, so a secure hash must be used to protect its visibility.
Example: Ethereum uses KECCAK-256