Table of Contents
What is a Smart Contract?
A Smart Contract is a set of rules and terms that executes itself automatically when the terms and conditions of this are met. So, there is no need to search for a person who can prepare it for us; two parties can do it on their own. A Smart Contract (S.C.) eliminates the need for a third party to act as an intermediary for the two parties entering into the virtual agreement.
Understanding in Detail
Let us understand it this way: Each one of us would probably have entered into some sort of agreement with some other person, organization, or business at some or other point in time. Our lawyers prepare it with certain terms and conditions in it and both parties (two people or businesses entering into an agreement). Both sides sign the agreement and we are good to go. But the world of “Smart Contracts” is different altogether.
Like in a physical agreement, the terms and conditions of an S.C. are pre-defined in a code and as soon as these conditions are met, it gets executed on its own. It being “smart” and its piece of code being executed on blockchain saves a lot of time and money for the peers.
Consider an example, one can create a S.C. to keep a real estate property mortgaged on blockchain and when the mortgagee pays off the entire loan amount, his/her property is released. This eliminates the need to go through a tedious amount of paperwork and get involved with a third party or bank.
As S.C. is on the blockchain, it is executed in minutes and is more secure; it makes so many aspects of our lives easier and safer. Whether it is an exchange of digital tokens or stocks or anything we can think about, these can play a crucial role in smooth execution in a trustless environment. They serve to automate workflows that get triggered when predefined conditions are met.
How do Smart Contracts Work?
These are pieces of code that we have written on the blockchain. These lines of code contain all the information that is required to trigger them. Since code is the king here, it controls its execution. With this, the buying and selling or any other sort of transactions can be tracked in real-time while making these transactions irreversible. The code contains parameters laid down by the participants and if these parameters are met, the code triggers the rules.
Role of External Transaction in Execution: Before the lines of the code can get triggered and the compiled code be executed on a distributed ledger like blockchain, an external transaction must be made to account for the transaction fee. This fee (gas) is required to be paid before a contract can be executed. On the Ethereum blockchain, one needs to send a transaction in form of “ethers”. As far as the Bitcoin blockchain is concerned, the code is not “Turing-complete”, thus making the execution of an S.C. a bit difficult.
What are the Major Platforms?
It is quintessential to have platforms that can run them by providing ease of programming, high transaction speed, security, and deployment. These platforms are the stages that take input parameters provided by the participant, enable code execution, and provide the required output. For example, if the terms of a state that a user must provide proof of his age before s/he can be awarded crypto tokens, then these platforms facilitate this process by taking the proof of age from the user as input, running the code and providing tokens to the user.
There are a number of these platforms that are popular among developers these days. Let’s have a look at some of them:
- Ethereum: Handling almost 80% of the Defi apps, Ethereum is one of the most popular platforms for the development. Currently running 20-40 Transactions per second (TPS), after ETH2.0 merge, it carries the potential to take this number to a much higher level. It was the first one to initiate an S.C. and supports Solidity language. Earlier, Ethereum was working on a Proof of Work mechanism, but since it adopted Proof of Staking, the security issues have been reduced to a great extent.
- Hyperledger Fabric: HF is a permissioned platform that has been the talk of the town these days. It supports JavaScript and Go languages and boasts a TPS of about 20,000.
- Solana: It is a platform that provides TPS of the highest of them all: about 60,000. At present, Solana lets develop dapps quickly. It is based on Proof of History according to which transactions are time-stamped and it, in turn, increases the transaction speed. The time taken to mine a block of Solana is about 400 milliseconds.
- Polkadot: It runs several parachains that run parallel to the main blockchain. This increases scalability and performance. Polkadot supports the interoperability of several blockchains.
- Avalanche: This platform supports several programming languages including Go, Python, JavaScript, and TypeScript. The main feature of Avalanche is its ability to withstand 51% of attacks. It provides a TPS of 4500.
- Algorand: It provides a minimal transaction cost of $0.0003 (which is approximately similar to $0.00025 of Solana but higher than $0.000006 of Avalanche). It supports a language called Clarity which is known to be a turning-incomplete language.
How to Create Smart Contract?
It can be created on the Ethereum Network in just a few steps. Here, we shall learn to create such a S.C. on one of the test networks of Ethereum (and not on the Mainnet).
- Install Metamask Wallet by downloading its Chrome Extension.
- Connect your MetaMask Wallet to the Ethereum Network.
- Select a test network where your code would be deployed. There are several test networks available for Ethereum: Goerli, Rinkeby, Robsten, and Kovan. Select one of these networks to test your S.C.
- For this to execute, you would need some Testnet Eth in your wallet. To do that, under test Faucet, click Buy, and then click Get Ether. On Goerli Faucet (if Goerli is your Testnet), add your Metamask Account Address, complete the captcha and click “Request 0.5 Goerli”.
5. Write your code in Remix Browser IDE. Remix allows writing a code in Solidity.
6. Click the “+” icon to create a .sol (Solidity extension) file and write your code.
7. Once done, run the compiler on Remix Ethereum IDE.
8. Deploy your code. Deploying involves a Testnet Eth transaction. Once this transaction is complete, you will be able to see the address on Remix Ethereum IDE. You would learn more about deploying on a Hardhat Node in the upcoming sections of this article.
After you have tested your S.C. you can finally deploy it on Ethereum Mainnet.
Solidity as a Smart Contract Language
Solidity is a high-level programming language that is used to write codes for Ethereum contracts. It is known for its peculiarity that instead of checking the program at the time of compiling, it does so at the run time. It is a collection of code functions and other data on the blockchain. A sample solidity code can be shown as:
where pragma solidity shows the compatible versions of Solidity, which is, in fact, the declaration of the Solidity compiler’s version that the code would use. This ensures compatibility with future versions.
For more details, click here.
Note: The syntax of Solidity resembles that of JavaScript. An IDE which is very common for creating and running an S.C. is Remix. It is a browser-based IDE that gives the Solidity developer a platform for creating source code and a compiler to create them and finally its deployment to the blockchain. Solidity is the default language of the blockchain networks that are based on EVM such as Ethereum, Polygon, and Avalanche.
How to Deploy?
It is not rocket science to deploy if you have all the code written. Let us see how we can deploy it locally using a Hardhat node. Remember, we stated earlier that to deploy, an external transaction from an Ethereum wallet is needed.
The Hardhat node is a local Ethereum Network node where you can deploy your code. Let us see what are the steps to deploy it:
- Install Hardhat and Node.js on your system.
- If your S.C. is saved in a GitHub repository, clone the repository first, and on your Terminal, change the directory (inside your repository’s root directory) to the one that contains the code. For example, if your directory is named “smartcontract”, on your terminal type:
cd smartcontract
- Run this command:
vim hardhat.config.ts
where hardhat.config.ts is a config file in the folder containing code. This opens the contents of the hardhat.config.ts file in the vim editor. Scroll down the file to the networks section and add the following configuration for hardhat:hardhat: {
chainId: “value of chainid” (default value is 31337)
accounts: [{privateKey: "add here the private key of the Ethereum wallet account from which transaction needs to be sent"}],
} - Save the hardhat.config.ts file by pressing the ‘ESC’ key and then entering “:wq” (which saves the contents of the .ts file and exits the vim editor).
- To run the hardhat node, run this command:
npx hardhat node
This starts a JSON-RPC server and displays the Ethereum account and its private key that you had entered under the networks section. - To deploy it, run this command: n
px hardhat run scripts/deploy.ts
where scripts/deploy.ts is a typescript file in the repository.
What are the Main Types?
There are three broad categories under which an S.C. falls. These are listed below:
1. Decentralized Autonomous Organization (DAO)
A DAO is an open-source community that overcomes the restrictions posed by a physical corporate or organization. Unlike a corporation that is run by bosses and his/her management team, a DAO is run autonomously by communities that are governed by a set of rules. These rules are framed by the community that votes for different proposals set by the community participants.
Every participant needs to abide by the rules set by the community. A Decentralized Autonomous Organization is visible to all (members and non-members). It has a native token and holders of that token can propose changes to the rules or create a new rule and the community can then vote for or against the proposal. A proposal could be to change the code or modify the criteria for voting.
A few examples are Polygon DAO (now called Polygon Village), MakerDAO, and Uniswap. Apart from loads of advantages achieved via its autonomous structure, it is susceptible to cyber attacks as the code is an open source one. Another drawback is that it is still dependent on some kind of human involvement in cases where some transfer of things takes place.
2. Smart Legal Contract
These are the most common types. The counter-parties have contractual obligations and the S.C. is executed as per pre-determined rules, which are, in fact, the terms and conditions between the contracting parties. This way, the two parties have legal responsibility. One of the widely used use cases is real estate where registering land on the blockchain can be one of the examples.
3. Application Logic Contract (ALC)
ALCs are the application codes that allow communication between devices. Coordinating messages using the Internet of Things (IoT) is an example of an Application Logic Contract. ALCs can find their use in healthcare, agricultural supply-chain, and smart devices.
What are its Characteristics?
S.C. is, of course, smart!! It has loads of features that justify its name. They inherit most of the features that a public distributed ledger system has:
- Transparent: Being deployed on the blockchain, it is free to be seen by anyone; even people who have no say in developing it have visibility to it; this makes it highly transparent.
- Immutable: Once the code has been deployed on-chain, there is no turning back. No one can change it.
- Distributed: As we said, being deployed on blockchain makes a S.C. inherit its features. Like blockchain, these contracts are distributed. All the nodes on the chain have a copy of them.
- Autonomous: There is no need for any external party to facilitate the execution. Two peers who agree can set terms and conditions in the code and when these conditions are met, the S.C. comes into action without any external force.
What is a Smart Contract Audit?
Like an audit of any other asset, a smart contract audit is a process that lets you vet vulnerabilities and bugs. It protects your projects from any malicious attacks by vetting the code thus enabling you to protect money as well as your reputation. These days, code exploits have become very frequent. Auditing is a good practice that involves a lot of code testing with third-party tools and enables continuous verification. After testing, auditors prepare an exhaustive report for you to review.
Before you agree to grant full permission to the auditing team to fix all the possible exploits in the code, you must agree with their auditing criteria. Auditing is important because once we deploy to the blockchain, it is irreversible (immutable), and if the testing has not been done thoroughly, can cause a lot of issues for your projects and your investors. Though it may not guarantee full-proof testing of your code, auditors being trained security professionals can help you a lot from any possible exploits.
Where to Find Smart Contract Auditor Jobs?
There are a number of online job portals that provide smart contract auditor jobs. A few of these are Glassdoor, Indeed, Cryptocurrencyjobs, Wellfound, Web3,career, and PriorityCrypto.
Most of theses jobs require skills such as analyzing code, reviewing Solidity code, auditing code, identifying vulnerabilities, suggesting steps for mitigating risks, and submitting reports with clear action-items. The average salaries for this role can range between $70k-$200k, and even more than that. Due to rising cases of hacks in crypto, these salaries have seen a spike with auditors getting as high as $450k.
These portals also advertise jobs for companies that want to hire smart contract developer. These engineers can be hired to create Decentralized Exchanges, NFT Market Places, web3 games, cryptocurrency wallets, identity wallets (based on verifiable credentials), and crypto bridges. For this, the developers may require to have knowledge of Ethereum, Solidity, and Rust.
A few portals where one can hire developer are Arc.dev, Toptal, Elluminati, and LinkedIn. Some of these are the companies that have a talent pool to select from.
AI Smart Contract Audit
These digital agreements are already smart and Artificial Intelligence just made them smarter than ever before!! AI helps in finding code errors, provides automated audits, and gives an insight into vulnerabilities. Not only this, an AI audit is more secure and can audit thousands of them together. Two popular AI-powered audit solutions are:
- 0x0.ai: A Defi platform that combines AI with privacy and security to audit. It analyses the Solidity code for errors and risks.
- AnChain: It is a risk-evaluation engine that uses AI for auditing. It performs audits on multiple pieces of code and provides data on how secure your code in comparison to other code that are already deployed.
A List of Smart Contract Vulnerability Scanners
There are several analysis tools in the market that let you identify vulnerabilities. Using them can help you mitigate risks and save you from a lot of attacks. They also identify bad configurations and logic issues, and third-party errors, . Most of these support different major blockchain networks.
Popular Vulnerability Scanners:
- Slither (from ChainSecurity and Ethereum Foundation)
- Mythx (Paid tool by ConsenSys)
- Mythril (Free Tool by ConsenSys)
- SmartCheck (A static analysis tool)
Disclaimer
This article is for informational purposes only and is NOT a financial advice. We do not promote, in any form, any smart contract, wallets, blockchain, blockchain firm company, cryptocurrencies or tokens mentioned herein. The content of this article is based on the information available up to the knowledge. You should be aware that investing in any web3 project or cryptocurrency or wallet or blockchain is subject to market risk and you MUST do your own due diligence (DYOR) before you put any money in any of the smart contracts or blockchain companies or wallets or coins/tokens issued by these companies.