UNIT4:Smart Contract Tools and Hands-on -Ethereum Virtual Machine(EVM),

wallets, introduction to solidity, attacks on smart contracts.

UNIT4:

Things to Consider While Selecting A

Smart Contract Tool
Accuracy, Speed, and Efficiency

The tool that you select must ensure if the smart contract is made speedily.This is so because
smart contracts are virtual and automated, there may be no paperwork to address. The tool
must also ensure that not a huge amount of time is spent on correcting mistakes that might
arise whilst filling out documentation by hand.

Trust and Transparency

The tool that you select must ensure about records being untampered with personal advantage
because there is no or zero engagement from the third party.The tool must notify that
encrypted transaction logs are exchanged only amongst contributors.

Security

Since blockchain transaction data are encrypted, they're extremely hard to hack. The tool that
you select should be equipped with the technology of not only creating the encrypted data but
also sharing it with the right parties. So in which case hackers would have to trade the
complete chain to trade even an individual record.

Savings

Smart contract tools put off the need for intermediaries to behaviour transactions, as well as
the time delays that come along with them. The removal of intermediaries whilst using smart
contracts helps in cutting the extra cost and increasing cost savings. So you must ensure if the
tool helps deploy the mechanism for the same.

10 Best Tools For Smart Contract

Development
Smart contracts are one of the biggest revolutionary interventions you can find in the
present times. They have helped in introducing easier automation of different business
processes and applications operating on a decentralized network. The interest in the best
smart contract development tools has been increasing profoundly in recent times. Smart
contracts have the capability to reduce administrative overhead, thereby serving as one of the
prominent highlights of blockchain technology. 

You don’t have to worry about any complicated technology terms when you think of smart
contracts. They are basically programs on a blockchain network that run according to
compliance with specific predefined conditions. The following discussion offers you a unique
take on the top smart contract development tools to help you build your skills for developing
smart contracts and decentralized applications. 

Essential Smart Contract Development

Tools You Need
The growth in popularity of smart contracts has pushed the creation of
many new tools for developing smart contracts. As a matter of fact, it is quite
difficult to rank a few tools in the top ten list when you need multiple tools for
building a smart contract. Therefore, it is important to look at the categories of
essential smart contract tools and the examples in each category. Here is an
outline of the most important smart contract development tools you would
need in 2022.

1. Smart Contract Programming Language

The foremost entry among important smart contract developer tools would point at
the programming language for creating the smart contract code. Interestingly, you
can find many popular smart contract programming languages suited to your
preferences. The top choices in programming languages for smart contract
development include Solidity, Rust, and Vyper. 

Solidity is the most commonly used programming language for smart contract
development. It works on all the popular smart contract development platforms such
as Avalanche, Ethereum, Polygon, and others. Solidity has been tailored for
Ethereum Virtual Machine, and any blockchain network compatible with EVM can
support the use of Solidity for smart contract development. 

The list of smart contract development tools in programming languages also includes

Vyper. It also offers EVM compatibility and is popular for being the primary language
of the Curve Finance DeFi platform. On the other hand, another recent addition
among smart contract programming languages, Rust, has been taking a different
route. Rust provides the flexibility for deploying to blockchain networks such as
Terra, Polkadot, and Solana. 

2. Libraries and Oracles

The discussion on the best smart contract development tools would also draw
attention to libraries and oracles. These tools are essential for incorporating the
special functionalities you need in a smart contract. For example, libraries can help
in adding new dApps, while oracles can help in obtaining information required to
execute smart contracts.

The best blockchain oracle for smart contract development is ChainLink, which helps

smart contracts turn into hybrid smart contracts. With the facility for including an off-
chain component and connection with the real world, the smart contract could
achieve better functionality. Almost 50% of smart contracts leverage oracles as an
important highlight in their infrastructure.

On the other hand, smart contract tools such as libraries like OpenZeppelin are also

important requirements for all developers. OpenZeppelin is the standard library
for Solidity programming language and features packages for multiple functionalities.
You can use OpenZeppelin packages for deploying NFTs, DAOs, or upgradable
contracts, thereby adding new functions to your smart contracts.

3. Development and Testing Framework

The next critical addition among top smart contract development tools is the
development and testing frameworks. These frameworks are a mandatory part of the
journey of every developer. The development and testing frameworks offer great
support in deploying and testing smart contracts efficiently. 

Interestingly, you can find many promising options among development and testing
frameworks such as Hardhat, Truffle, and Remix. These three frameworks are the
popular choices of developers for creating, compiling, testing, and deploying smart
contracts. You can explore distinct features in each framework suited for making the
process of testing and deploying smart contracts a lot easier. 

You can also come across some of the alternative options in the development and
testing frameworks for smart contracts, such as Waffle, Embark, and web3j. In
addition, you can also find smart contract development and testing frameworks
without EVM support, such as TerraSDK and Anchor.

4. Crypto Wallets
The wallet is another important requirement among essential smart contract
developer tools as it helps in storing the funds. It helps in storing and managing your
testnet funds easily during the smart contract development and testing process.
Developers can opt for a combination of different crypto wallets for their smart
contract development project. 

The most popular crypto wallet for smart contract developers refers to Metamask,
which almost every crypto user knows. It is a hot wallet with the advantage of easier
and flexible access to your funds. However, such wallets present the risk of losing
your funds if the private key is compromised in any situation. 

The list of smart contract development tools also includes options like Gnosis Safe
and Ledger or Trezor. Gnosis Safe is a popular multi-sig wallet and offers a secure
option for safeguarding your funds during the smart contract development process.
Another plausible option for storing and managing your testnet funds would refer to
cold wallets such as Ledger or Trezor. 

Although you might have to go through many complicated steps for using cold
wallets, they provide better assurance of security. Above everything else, you can
always try a combination of hot wallets, multi-signature wallets, and cold wallets for
secure management of your funds.

5. Block Explorer
The entries among top smart contract development tools would also include block
explorers. Developers need block explorers for viewing transactions and monitoring
their status. One of the most popular examples of a block explorer for smart contract
developers is Etherscan, a free blockchain explorer. It features many in-built services
and is easily the biggest block explorer for the Ethereum community. 

Furthermore, Etherscan also supports projects on Binance Smart

Chain and Polygon networks, thereby proving its reach. The examples of smart
contract tools in the category of block explorers would also include Ethplorer and
Etherchain. Both the competitors to Etherscan are lighter and have come up with
some new and distinctive features.

6. Layer 1 Network
The outline of the best smart contract development tools might remain incomplete
without mentioning the layer 1 networks. Why do you need a layer 1
blockchain for smart contract development? For example, if you have to transfer a
transaction across the Ethereum blockchain, you must have a layer 1 blockchain for
sending the transaction to an ETH node. Generally, Metamask and other
popular crypto wallets come with background connections to layer 1 nodes. The
popular examples of layer 1 blockchain networks suitable for smart contract
development include Alchemy, QuickNode, and Infura. 

Alchemy is one of the popular smart contract developer tools in layer 1 networks. It is

one of the preferred choices of developers for ETH and EVM connections with an
interesting and easy-to-use UI. Alchemy also offers a diverse collection of responsive
layer 1 networks along with great client support.        

7. Help & Support Tools

The journey of a smart contract developer would come across certain setbacks from
time to time. In such cases, the top smart contract development tools for help and
support could help developers overcome their obstacles. All developers must include
help & support tools in their roadmap to ensure the best results from their project. 

The two most readily available platforms for solving developer setbacks include
Stack Exchange ETH and StackOverflow. Developers can also rely on Discord
communities to find answers to their questions. However, Discord is more suited for
discussions about new ideas for smart contract development. On the other hand,
forums are great platforms for support as they facilitate indexing and ranking for
queries.

8. Monitoring and Maintenance Tools

The list of smart contract tools in 2022 would also bring monitoring and maintenance
tools under the limelight. In most cases, developers opt for using their own scripts for
monitoring. On the other hand, popular tools such as Tenderly and Defender
by OpenZeppelin can ensure promising improvements in efficiency for developers.
Both the tools offer effective results in monitoring production code alongside
ensuring their safety.

What are smart contracts?

Smart contracts are self-executing, enterprise automation applications that run on a
decentralized community that includes a blockchain. And because they are able to
put off administrative overhead, clever contracts are one of the maximum attractive
functions related to blockchain technology.
Are smart contracts legally backed
contracts?
A clever settlement is a decentralized application that executes business logic in
response to occasions. Despite the name, smart contracts aren't legally binding
contracts. Their principal feature is to programmatically execute enterprise logic
that performs diverse duties, methods or transactions that have been programmed
into them to respond to a given set of situations. Legal steps have to be undertaken
to hyperlink this execution to legally binding agreements among events.

Where are smart contracts executed?

Smart agreement execution can result in the exchange of money, transport of
offerings, unlocking of content protected via digital rights management, or different
styles of facts manipulation consisting of converting the name on a land title. Smart
contracts can also be used to put into effect privateness safety via, as an example,
facilitating the selective launch of privacy-blanketed information to satisfy a specific
request. Simple occasions could be acquainted with smart contracts easily. More
sophisticated good judgment may encode greater complex occasions including
calculating the cost of a derivative financial instrument and processing a change of
the by-product, or routinely freeing a coverage price in the occasion of a person's
demise or a herbal disaster.

How are smart contracts made?

A clever settlement is a special form of program that encodes commercial
enterprise common sense that runs on a unique-reason virtual gadget baked into a
blockchain or different kind of dispensed ledger. After the utility is written, it's far
passed off to every other group for a protection overview. Once the settlement has
been authorized, it is deployed on a current blockchain or other disbursed ledger
infrastructure. Because of such heavy and advanced encryption and security
checks, smart contracts are considered a long-term and safe bet.

What is the need for Smart contract tools?

Smart contract tools facilitate, verify, and implement clever contracts. They offer the
blockchain basis for smart contracts and provide clever contract programming.
They also are useful for trying out offerings and hosting the deployment and
execution of smart contracts. In addition to the clever agreement, the systems
include the inputs and outputs of clever contracts in the blockchain. Clever
agreement tools provide complete standardization, ensure protection, and guide.
They also provide a wide global reach. Such tools make smart contracts usable in
terms of cryptocurrency as well. Bitcoin itself is a smart contract platform as it
instils transaction that doesn’t involve any third-party interference.

Smart Contracts in Blockchain

A Smart Contract (or cryptocontract) is a computer program that directly and
automatically controls the transfer of digital assets between the parties under
certain conditions. A smart contract works in the same way as a traditional
contract while also automatically enforcing the contract. Smart contracts are
programs that execute exactly as they are set up(coded, programmed) by their
creators. Just like a traditional contract is enforceable by law, smart contracts
are enforceable by code. 

The bitcoin network was the first to use some sort of smart contract by using
them to transfer value from one person to another. 
The smart contract involved employs basic conditions like checking if the
amount of value to transfer is actually available in the sender account. 
Later, the Ethereum platform emerged which was considered more powerful,
precisely because the developers/programmers could make custom contracts in
a Turing-complete language. 
It is to be noted that the contracts written in the case of the bitcoin network were
written in a Turing-incomplete language, restricting the potential of smart
contracts implementation in the bitcoin network. 
There are some common smart contract platforms like Ethereum, Solana,
Polkadot, Hyperledger fabric, etc.

History:
In 1994, Nick Szabo, a legal scholar, and a cryptographer recognized the
application of a decentralized ledger for smart contracts. He theorized that
these contracts could be written in code which can be stored and replicated on
the system and supervised by the network of computers that constitute the
blockchain. These smart contracts could also help in transferring digital assets
between the parties under certain conditions. 

Features of Smart Contracts

The following are some essential characteristics of a smart contract :
1. Distributed: Everyone on the network is guaranteed to have a copy of all
the conditions of the smart contract and they cannot be changed by one of
 the parties. A smart contract is replicated and distributed by all the nodes
connected to the network.
2. Deterministic: Smart contracts can only perform functions for which they
are designed only when the required conditions are met. The final outcome
will not vary, no matter who executes the smart contract.
3. Immutable: Once deployed smart contract cannot be changed, it can only
be removed as long as the functionality is implemented previously.
4. Autonomy: There is no third party involved. The contract is made by you
and shared between the parties. No intermediaries are involved which
minimizes bullying and grants full authority to the dealing parties. Also, the
smart contract is maintained and executed by all the nodes on the network,
thus removing all the controlling power from any one party’s hand.
5. Customizable: Smart contracts have the ability for modification or we can
say customization before being launched to do what the user wants it to do. 
6. Transparent: Smart contracts are always stored on a public distributed
ledger called blockchain due to which the code is visible to everyone,
whether or not they are participants in the smart contract.
7. Trustless: These are not required by third parties to verify the integrity of the
process or to check whether the required conditions are met.
8. Self-verifying: These are self-verifying due to automated possibilities.
9. Self-enforcing: These are self-enforcing when the conditions and rules are
met at all stages.

Capabilities of Smart Contracts

1. Accuracy: Smart contracts are accurate to the limit a programmer has
accurately coded them for execution.
2. Automation: Smart contracts can automate the tasks/ processes that are
done manually.
3. Speed: Smart contracts use software code to automate tasks, thereby
reducing the time it takes to maneuver through all the human interaction-
related processes. Because everything is coded, the time taken to do all the
work is the time taken for the code in the smart contract to execute.
4. Backup: Every node in the blockchain maintains the shared ledger,
providing probably the best backup facility.
5. Security: Cryptography can make sure that the assets are safe and sound.
Even if someone breaks the encryption, the hacker will have to modify all the
blocks that come after the block which has been modified. Please note that
this is a highly difficult and computation-intensive task and is practically
impossible for a small or medium-sized organization to do.
6. Savings: Smart contracts save money as they eliminate the presence of
intermediaries in the process. Also, the money spent on the paperwork is
minimal to zero.
7. Manages information: Smart contract manages users’ agreement, and
stores information about an application like domain registration, membership
records, etc.
8. Multi-signature accounts: Smart contracts support multi-signature
accounts to distribute funds as soon as all the parties involved confirm the
agreement.

How Do Smart Contracts Work?

A smart contract is just a digital contract with the security coding of the
blockchain.
 It has details and permissions written in code that require an exact sequence
of events to take place to trigger the agreement of the terms mentioned in
the smart contract. 
 It can also include the time constraints that can introduce deadlines in the
contract. 

 Every smart contract has its address in the blockchain. The contract can be
interacted with by using its address presuming the contract has been
broadcasted on the network. 

The idea behind smart contracts is pretty simple. They are executed on a basis
of simple logic, IF-THEN for example: 
 IF you send object A, THEN the sum (of money, in cryptocurrency) will be
transferred to you.
 IF you transfer a certain amount of digital assets (cryptocurrency, for
example, ether, bitcoin), THEN the A object will be transferred to you.
 IF I finish the work, THEN the digital assets mentioned in the contract will be
transferred to me.

Note: The WHEN constraint can be added to include the time factor in the
smart contracts. It can be seen that these smart contracts help set conditions
that have to be fulfilled for the terms of the contract agreement to be executed.
There is no limit on how much IF or THEN you can include in your intelligent
contract. 

Smart Contract Working

 Identify Agreement: Multiple parties identify the cooperative opportunity
and desired outcomes and agreements could include business processes,
asset swaps, etc.
 Set conditions: Smart contracts could be initiated by parties themselves or
when certain conditions are met like financial market indices, events like
GPS locations, etc.
 Code business logic: A computer program is written that will be executed
automatically when the conditional parameters are met.
 Encryption and blockchain technology: Encryption provides secure
authentication and transfer of messages between parties relating to smart
contracts.
 Execution and processing: In blockchain iteration, whenever consensus is
reached between the parties regarding authentication and verification then
the code is executed and the outcomes are memorialized for compliance and
verification.
 Network updates: After smart contracts are executed, all the nodes on the
network update their ledger to reflect the new state. Once the record is
posted and verified on the blockchain network, it cannot be modified, it is in
append mode only.

Applications of Smart Contracts

1. Real Estate: Reduce money paid to the middleman and distribute between
the parties actually involved. For example, a smart contract to transfer
ownership of an apartment once a certain amount of resources have been
transferred to the seller’s account(or wallet).
2. Vehicle ownership: A smart contract can be deployed in a blockchain that
keeps track of vehicle maintenance and ownership. The smart contract can,
for example, enforce vehicle maintenance service every six months; failure
of which will lead to suspension of driving license.
3. Music Industry: The music industry could record the ownership of music in
a blockchain. A smart contract can be embedded in the blockchain and
 royalties can be credited to the owner’s account when the song is used for
commercial purposes. It can also work in resolving ownership disputes.
4. Government elections: Once the votes are logged in the blockchain, it
would be very hard to decrypt the voter address and modify the vote leading
to more confidence against the ill practices.
5. Management: The blockchain application in management can streamline
and automate many decisions that are taken late or deferred. Every decision
is transparent and available to any party who has the authority(an application
on the private blockchain). For example, a smart contract can be deployed to
trigger the supply of raw materials when 10 tonnes of plastic bags are
produced.
6. Healthcare: Automating healthcare payment processes using smart
contracts can prevent fraud. Every treatment is registered on the ledger and
in the end, the smart contract can calculate the sum of all the transactions.
The patient can’t be discharged from the hospital until the bill has been paid
and can be coded in the smart contract.

Example Use cases:  

1. Smart contracts provide utility to other contracts. For example, consider a
smart contract that transfers funds to party A after 10 days. After 10 days,
the above-mentioned smart contract will execute another smart contract
which checks if the required funds are available at the source account(let’s
say party B).
2. They facilitate the implementation of ‘multi-signature’ accounts, in which the
assets are transferred only when a certain percentage of people agree to do
so
3. Smart contracts can map legal obligations into an automated process.
4. If smart contracts are implemented correctly, can provide a greater degree of
contractual security.

Advantages of Smart Contracts

1. Recordkeeping: All contract transactions are stored in chronological order
in the blockchain and can be accessed along with the complete audit trail.
However, the parties involved can be secured cryptographically for full
privacy.
2. Autonomy: There are direct dealings between parties. Smart contracts
remove the need for intermediaries and allow for transparent, direct
relationships with customers.
3. Reduce fraud: Fraudulent activity detection and reduction. Smart contracts
are stored in the blockchain. Forcefully modifying the blockchain is very
difficult as it’s computation-intensive. Also, a violation of the smart contract
can be detected by the nodes in the network and such a violation attempt is
marked invalid and not stored in the blockchain.
4. Fault-tolerance: Since no single person or entity is in control of the digital
assets, one-party domination and situation of one part backing out do not
 happen as the platform is decentralized and so even if one node detaches
itself from the network, the contract remains intact.
5. Enhanced trust: Business agreements are automatically executed and
enforced. Plus, these agreements are immutable and therefore unbreakable
and undeniable.
6. Cost-efficiency: The application of smart contracts eliminates the need for
intermediaries(brokers, lawyers, notaries, witnesses, etc.) leading to reduced
costs. Also eliminates paperwork leading to paper saving and money-saving.

Challenges of Smart Contracts

1. No regulations: A lack of international regulations focusing on blockchain
technology(and related technology like smart contracts, mining, and use
cases like cryptocurrency) makes these technologies difficult to oversee.
2. Difficult to implement: Smart contracts are also complicated to implement
because it’s still a relatively new concept and research is still going on to
understand the smart contract and its implications fully.
3. Immutable: They are practically immutable. Whenever there is a change
that has to be incorporated into the contract, a new contract has to be made
and implemented in the blockchain.
4. Alignment: Smart contracts can speed the execution of the process that
span multiple parties irrespective of the fact whether the smart contracts are
in alignment with all the parties’ intention and understanding.

Introduction to Ethereum Virtual

Machine (EVM)?
Ethereum Virtual Machine (EVM) is designed as the runtime environment
for smart contracts in Ethereum. It is sandboxed and isolated from the other
parts of the system. This means that any operation on EVM should not affect
your data or programs in any way, no matter how many times you call a
particular function on it.
 An EVM is the runtime environment that executes Ethereum smart contracts.
 Ethereum contains its own Turing-complete scripting language, called
Solidity, and with this comes a need to execute this code. 
 A program called the Ethereum Virtual Machine (EVM) can do this task.
 It runs on top of the Ethereum network, meaning that all nodes reach a
consensus about what code should be executed at every given time.

Purpose of EVM
The Ethereum Virtual Machine (EVM) is a Turing complete
programmable machine, which can execute scripts to produce arbitrary
outcomes. It has been built with the purpose of being a “world computer” and
has immense power.

What are smart contract wallets?

“Similar to how browsers serve as your gateway to the internet, wallets
serve as your gateway to interacting with crypto apps, also known as
dapps.”

A smart contract wallet is a device or application that lets users customize the way they
would prefer to manage their digital assets.

Account abstraction is how developers make smart contract wallets possible. They abstract all
the essential functions of the Externally Owned Account (EOA) and plug them into a smart
contract full of new levers and buttons.

What’s an Ethereum wallet?

An Ethereum wallet is a hardware device or software enabling users to interact with the
Ethereum blockchain and its decentralized applications (dapps) ecosystem. An Ethereum
wallet supports sending and receiving ETH and Ethereum-based tokens, including crypto
tokens (ERC-20) and non-fungible tokens (NFTs).

There are three main functions of an Ethereum wallet, with one being more used than the
others. These functions include:

An app: The primary use case for an Ethereum wallet is to help you manage your funds. It
provides an interface to transfer assets and use the Ethereum network without much technical
knowledge. 

Your Ethereum account: An Ethereum wallet holds access to a user’s unique addresses on
the blockchain and provides an immutable account of their activities on the network. With an
Ethereum account, users can build a social identity across different applications such as
Twitter, Reddit, and Web3 applications.

A login for Ethereum apps: The Ethereum ecosystem includes a variety of dapps built
around finance, gaming, predictions, NFTs, and more. An Ethereum wallet provides login
access to these applications and allows users to interact with them seamlessly.

Top Ethereum wallets:

Most Compatible: MetaMask

Most Secure: Ellipal

Most Secure and Compatible: Ledger

Most User-Friendly: Trust Wallet

Most Versatile: Argent

Most Affordable: Coinbase, Meta Mask and Trust Wallet

How does a crypto wallet work?

Your wallet is a means for storing and managing your identity, represented by
digital keys. You need these keys to do anything on a blockchain—connect to a
dapp, send or receive crypto, buy or sell NFTs, etc. Think of your wallet as a Web3
permissions manager, where you grant access to the apps that you want to use.

The moment your crypto wallet is created, a unique phrase is generated, known as
your ‘Secret Recovery Phrase’ (SRP) or ‘seed phrase’. And yes, this phrase may
seem cryptic, but really, it’s just a cryptographic master password that you need to
keep secret. This is the seed from which your digital public addresses and
private keys sprout—one pair for every account you generate in MetaMask.

The public address is the first way you identify yourself on the blockchain. It’s like
your bank account number, whereas your private key (derived from your SRP) is
more like the pin code to get into your bank account—you wouldn’t want to share
that with anyone, and want to keep it safe, right?

Hot wallet vs. cold wallet

A hot wallet is connected to the internet and used for regular transactions such as
sending payments or interacting with decentralized applications (dapps). They are
primarily mobile or desktop applications and represent an easy self-custody option
for investors.

A cold wallet, by definition, is a custody solution that stores funds entirely offline.
Because sending crypto with cold wallets requires more steps than hot wallets, their
 primary purpose is to receive funds and provide secure, long-term storage. And
although cold storage solutions use hardware wallets, not all hardware wallets are
considered cold storage. If the hardware wallet uses Bluetooth or can automatically
connect to the internet, it is vulnerable to many of the same threats as hot wallets. 

Both hot and cold wallets offer the benefit of self-custody, where users hold private
keys that allow them to move assets on their respective blockchains. When proper
security measures are in place, either approach can be a safer option compared to
centralized exchanges, which can expose users to additional third-party risks.

What’s the difference between the

two?
The primary difference between cold and hot wallets is that users mainly use cold
wallets for long-term storage and protecting coins, while hot wallets are used
regularly. Thus, as their names suggest, funds in cold wallets are “cold” and largely
untouched, while funds in hot wallets are “hot” because of their frequent use.

In a typical example, a cryptocurrency investor may set up a hardware wallet only

used to receive funds designated for long-term investments. These funds are rarely
transferred out and could lie “cold” in the wallet for several months or even years. 

The same investor could set up a browser-based or mobile wallet to interact with
dapps and smart contracts. Funds in this wallet are “hot” because of the risks
associated with smart contracts and internet connection. A hot wallet ideally holds a
lesser portion of a crypto investor’s portfolio – an amount they can afford to lose. 

Centralized cryptocurrency exchanges are other entities that utilize cold and hot
wallet solutions. Many centralized cryptocurrency exchange hacks have come from
compromised hot wallets, underlining the risks associated with this storage method.
Coinbase, for instance, claims to store up to 98% of customer funds in “guarded cold
storage,” with a smaller amount kept in hot wallets to fulfill deposit and withdrawal
requests.

Hot Wallets: Pros and Cons

Pros

 Hot wallets provide greater convenience, as they are primarily mobile and desktop-
based apps.
 Hot wallets are free to use and are relatively easy to set up.
 They provide a seamless gateway to access opportunities in the Web3 economy
(including NFTs, DeFi and gaming applications). 
 Hot wallets are ideal for regular crypto trading and payments. They often provide
third-party integrations for buying coins or even performing cross-chain swaps.
 Hot wallets generally allow investors to store more cryptocurrencies. Hardware
wallets support fewer cryptocurrencies, as such functionalities take longer to build.
 Hot wallets usually provide a more intuitive user experience, including a portfolio
tracker, dapp browser, NFT display, etc.

Cons

 Being connected to the internet exposes hot wallet users to a greater risk of security
breaches.
 Users could suffer substantial losses resulting from malicious software updates or
installing apps from unofficial sources.

Examples of leading hot wallet

solutions
The most popular examples of hot wallet solutions include:

 Metamask: Ethereum development studio Consensys initially released Metamask in

2016. Since then, it has become the leading wallet for accessing Ethereum dApps
and other EVM-compatible networks. Metamask is available as a browser extension
and mobile app.
 Trust Wallet: Trust Wallet went live in 2017 and grew in prominence after the
founding company was acquired by the leading cryptocurrency exchange Binance.
Although Trust Wallet gained most of its initial market share as a mobile-first
application, it has since expanded to offer a browser-based extension.
 Coinbase Wallet: Coinbase Wallet is a self-custodial crypto storage solution
developed by crypto exchange Coinbase. Coinbase Wallet enables access to Web3
apps and basic functionalities such as sending and receiving many cryptocurrencies.
The application is available as a browser extension and mobile application.

Cold Wallets: Pros and Cons

Pros

 Cold wallets provide unparalleled security as private keys are stored offline,
sometimes in air-gapped devices and multiple locations.
 Cold wallets encourage long-term investments, which are historically profitable for
cryptocurrency investors.
 Cold wallets lower the risk of physical crypto theft, as users do not usually move with
private keys or hardware wallets.
 Cold storage solutions rarely require software upgrades, making them more immune
to new security issues. 
 Cold wallets also encourage greater privacy as associated addresses mainly receive
funds and have fewer trails on the blockchain.
 Users require a less proactive approach to secure funds in cold storage than a hot
wallet.

Cons

 Cold-storage wallets are not free to use. Getting a decent hardware wallet could cost
between $50-$300.
 Cold storage wallets could be more convenient. Users must currently go through
several steps to sign transactions.
 Investors must replace cold storage wallets in the event of a loss to guarantee
security.

Examples of cold wallet storage

solutions
 Ledger: Ledger is a leading provider of cryptocurrency hardware wallets and has
sold four million devices since launching in 2014. The company currently offers the
Ledger Nano X, Ledger Nano S Plus and Ledger Stax. Although these devices offer
varying functionalities, they keep cryptocurrencies in secure cold storage.
 Trezor: Trezor wallets are cold-storage hardware devices developed by Czech-
based startup SatoshiLabs since 2014. The wallet currently comes in two variants,
the Trezor Model T and Trezor One. The latter offers fewer features, as it was
Trezor’s flagship product. Yet, both provide secure offline storage for cryptoassets.
 Paper wallets: This method involves generating a pair of public and private
cryptographic keys printed on paper. The user transfers funds to the associated
address and safely puts away the paper wallet until a future date when they choose
to move the assets. The advent of hardware wallets has made this cold storage
method archaic. Yet, it comes in handy for long-term storage or gifting
cryptocurrencies.

A closer look at the wallet

comparison
Cryptocurrency investors make several tradeoffs when choosing between a hot and
a cold wallet. Both wallets have unique strengths that determine what’s best for
individual users. This section presents a head-to-head comparison of cold versus hot
wallets.

Security
Cold wallets provide the highest level of security for cryptoassets. They store private
keys offline, eliminating most online vulnerabilities. Bad actors must gain physical
possession of the cold storage device and the owner’s consent to move funds. There
is also an additional hurdle if the wallet utilizes a multi-signature feature where
several entities must sign a transaction before it is approved.

Learn more about multi-signature and MPC wallets in our explainer on seed phrases.

In stark contrast, hot wallets are susceptible to online attack vectors, including device
malware, malicious smart contracts and software upgrades. For example, an
unprecedented hack that affected 9,231 Slope Wallet users directly resulted from a
software upgrade that allowed attackers to steal private keys holding approximately
$4.1 million worth of assets. The losses later affected even users who merely
imported (to a different wallet) a seed phrase created with Slope Wallet.

But both hot and cold wallet users risk falling victim to phishing attacks such as those
perpetrated through email and social media platforms. The attack was traditionally
only a threat to hot wallets. But a recent Trezor malware hack proved this to no
longer be the case. 

Pricing
Cold wallet solutions are usually expensive to set up. The cheapest hardware wallet
devices cost around $40 and offer minimal functionality. Users must acquire a mid-
budget-sized device for about $100 to enjoy a relatively high-quality experience. 

Most hot wallets are free to use and available on respective app stores for Android
and iOS users. They are also easy to set up and offer a superior user experience to
cold storage solutions.

Convenience
Being mobile and desktop-native applications make hot wallets more convenient
than cold wallets. For cold storage solutions, the user must physically possess the
device and pass through several security steps to validate transactions. In most
cases, the screens are relatively small and barely display a few lines of text.

However, hot wallets are mobile and routinely come in the shape of smartphones,
tablets, and PCs. Features such as fingerprint authentication, QR codes, and
advanced transaction fee customization make hot wallets more convenient for
signing transactions. This is especially helpful if users want to send payments
frequently or interface with smart contracts.  

Interaction
Hot wallets are more interoperable with Web3 applications and smart contracts.
Users immediately find the option to connect to dapps using these wallets. In
contrast, most cold storage wallets do not provide functionalities for new-age crypto
innovations such as NFTs and DeFi protocols. For instance, some do not support
sending and receiving NFTs or liquidity provider (LP) tokens.

Most hot wallets come equipped with a dapp browser, NFT display, staking portal
and gaming hubs. Cold storage solutions are not designed for such use cases and
thus provide fewer user interactive opportunities.

Final considerations
The most experienced investors combine cold and hot wallet solutions to ensure the
best security for their cryptoassets. Such a combination is advantageous, especially
for investors with diversified portfolios who need to explore Web3 applications. 

Cold wallets are essential to protect funds in the long term, while hot wallets are
helpful for anyone who needs regular engagement. Users can decide to create
multiple hot wallets for different purposes. For instance, the best security practice is
to create a new “burner wallet” for participating in NFT mints. Users may also create
specific wallets for interfacing with DeFi protocols or gaming applications. This
diversification protects against losing funds to a single hot wallet breach.

Attacks on smart contracts

There have been a lot of attacks on smart contracts, costing a large amount of money.
However, the DAO attack and the Parity Wallet hacks are the most often discussed.

In May 2016, a few participants from the Ethereum society inaugurated the DAO [26]. The
inception was known as genesis DAO. The DAO was an open-source smart contract that
allowed anyone to exchange DAO tokens with ether.

That method of exchange helped to gather around $150M, providing DAO with a large
crowdfund. Participants with DAO tokens were permitted to cast their vote on propositions
and receive rewards as long as it resulted in profit. However, the DAO contract contained
severe flaws, allowing attackers to remove funds. A loophole existed which permitted an
attacker to request funds from the smart contract numerous times before the balance was
updated. The vulnerability occurred due to bugs in the code where the developers did not
consider the potential for a recursive call. Hence, it enabled attackers to steal ether worth
millions of dollars within the first few hours. The DAO attack scenario demonstrates how
destructive a simple smart contract vulnerability can be.

Similarly, the Parity Wallet hack is another vulnerability which was discovered on the Parity
Multisig Wallet with version 1.5+ [27], [28]. The flaw permitted an attacker to remove over
150,000 ETH ( 30M USD). In order to execute the attack, the adversary transmitted two
transactions aiming to acquire ownership of Multisig so that all the currency could be
drained. Once the attack was accomplished, the Parity Multisig Wallet Library contract was
initiated. However, it contained a bug which authorized anyone to run initWallet [29]. The
attack was executed twice; hence, it is referred to as Parity Wallet hack 1 and 2. In the first
attack, the attacker was able to modify the status of the wallet by initiating a call to initWallet.
As a result, the attacker was believed to be the owner and drained funds without any
hindrance.