Professional Documents
Culture Documents
Unit4 Cat-Ii
Unit4 Cat-Ii
Unit4 Cat-Ii
UNIT4:
The tool that you select must ensure if the smart contract is made speedily.This is so because
smart contracts are virtual and automated, there may be no paperwork to address. The tool
must also ensure that not a huge amount of time is spent on correcting mistakes that might
arise whilst filling out documentation by hand.
The tool that you select must ensure about records being untampered with personal advantage
because there is no or zero engagement from the third party.The tool must notify that
encrypted transaction logs are exchanged only amongst contributors.
Security
Since blockchain transaction data are encrypted, they're extremely hard to hack. The tool that
you select should be equipped with the technology of not only creating the encrypted data but
also sharing it with the right parties. So in which case hackers would have to trade the
complete chain to trade even an individual record.
Savings
Smart contract tools put off the need for intermediaries to behaviour transactions, as well as
the time delays that come along with them. The removal of intermediaries whilst using smart
contracts helps in cutting the extra cost and increasing cost savings. So you must ensure if the
tool helps deploy the mechanism for the same.
You don’t have to worry about any complicated technology terms when you think of smart
contracts. They are basically programs on a blockchain network that run according to
compliance with specific predefined conditions. The following discussion offers you a unique
take on the top smart contract development tools to help you build your skills for developing
smart contracts and decentralized applications.
Solidity is the most commonly used programming language for smart contract
development. It works on all the popular smart contract development platforms such
as Avalanche, Ethereum, Polygon, and others. Solidity has been tailored for
Ethereum Virtual Machine, and any blockchain network compatible with EVM can
support the use of Solidity for smart contract development.
Interestingly, you can find many promising options among development and testing
frameworks such as Hardhat, Truffle, and Remix. These three frameworks are the
popular choices of developers for creating, compiling, testing, and deploying smart
contracts. You can explore distinct features in each framework suited for making the
process of testing and deploying smart contracts a lot easier.
You can also come across some of the alternative options in the development and
testing frameworks for smart contracts, such as Waffle, Embark, and web3j. In
addition, you can also find smart contract development and testing frameworks
without EVM support, such as TerraSDK and Anchor.
4. Crypto Wallets
The wallet is another important requirement among essential smart contract
developer tools as it helps in storing the funds. It helps in storing and managing your
testnet funds easily during the smart contract development and testing process.
Developers can opt for a combination of different crypto wallets for their smart
contract development project.
The most popular crypto wallet for smart contract developers refers to Metamask,
which almost every crypto user knows. It is a hot wallet with the advantage of easier
and flexible access to your funds. However, such wallets present the risk of losing
your funds if the private key is compromised in any situation.
The list of smart contract development tools also includes options like Gnosis Safe
and Ledger or Trezor. Gnosis Safe is a popular multi-sig wallet and offers a secure
option for safeguarding your funds during the smart contract development process.
Another plausible option for storing and managing your testnet funds would refer to
cold wallets such as Ledger or Trezor.
Although you might have to go through many complicated steps for using cold
wallets, they provide better assurance of security. Above everything else, you can
always try a combination of hot wallets, multi-signature wallets, and cold wallets for
secure management of your funds.
5. Block Explorer
The entries among top smart contract development tools would also include block
explorers. Developers need block explorers for viewing transactions and monitoring
their status. One of the most popular examples of a block explorer for smart contract
developers is Etherscan, a free blockchain explorer. It features many in-built services
and is easily the biggest block explorer for the Ethereum community.
6. Layer 1 Network
The outline of the best smart contract development tools might remain incomplete
without mentioning the layer 1 networks. Why do you need a layer 1
blockchain for smart contract development? For example, if you have to transfer a
transaction across the Ethereum blockchain, you must have a layer 1 blockchain for
sending the transaction to an ETH node. Generally, Metamask and other
popular crypto wallets come with background connections to layer 1 nodes. The
popular examples of layer 1 blockchain networks suitable for smart contract
development include Alchemy, QuickNode, and Infura.
The two most readily available platforms for solving developer setbacks include
Stack Exchange ETH and StackOverflow. Developers can also rely on Discord
communities to find answers to their questions. However, Discord is more suited for
discussions about new ideas for smart contract development. On the other hand,
forums are great platforms for support as they facilitate indexing and ranking for
queries.
The bitcoin network was the first to use some sort of smart contract by using
them to transfer value from one person to another.
The smart contract involved employs basic conditions like checking if the
amount of value to transfer is actually available in the sender account.
Later, the Ethereum platform emerged which was considered more powerful,
precisely because the developers/programmers could make custom contracts in
a Turing-complete language.
It is to be noted that the contracts written in the case of the bitcoin network were
written in a Turing-incomplete language, restricting the potential of smart
contracts implementation in the bitcoin network.
There are some common smart contract platforms like Ethereum, Solana,
Polkadot, Hyperledger fabric, etc.
History:
In 1994, Nick Szabo, a legal scholar, and a cryptographer recognized the
application of a decentralized ledger for smart contracts. He theorized that
these contracts could be written in code which can be stored and replicated on
the system and supervised by the network of computers that constitute the
blockchain. These smart contracts could also help in transferring digital assets
between the parties under certain conditions.
Every smart contract has its address in the blockchain. The contract can be
interacted with by using its address presuming the contract has been
broadcasted on the network.
The idea behind smart contracts is pretty simple. They are executed on a basis
of simple logic, IF-THEN for example:
IF you send object A, THEN the sum (of money, in cryptocurrency) will be
transferred to you.
IF you transfer a certain amount of digital assets (cryptocurrency, for
example, ether, bitcoin), THEN the A object will be transferred to you.
IF I finish the work, THEN the digital assets mentioned in the contract will be
transferred to me.
Note: The WHEN constraint can be added to include the time factor in the
smart contracts. It can be seen that these smart contracts help set conditions
that have to be fulfilled for the terms of the contract agreement to be executed.
There is no limit on how much IF or THEN you can include in your intelligent
contract.
Purpose of EVM
The Ethereum Virtual Machine (EVM) is a Turing complete
programmable machine, which can execute scripts to produce arbitrary
outcomes. It has been built with the purpose of being a “world computer” and
has immense power.
A smart contract wallet is a device or application that lets users customize the way they
would prefer to manage their digital assets.
Account abstraction is how developers make smart contract wallets possible. They abstract all
the essential functions of the Externally Owned Account (EOA) and plug them into a smart
contract full of new levers and buttons.
There are three main functions of an Ethereum wallet, with one being more used than the
others. These functions include:
An app: The primary use case for an Ethereum wallet is to help you manage your funds. It
provides an interface to transfer assets and use the Ethereum network without much technical
knowledge.
Your Ethereum account: An Ethereum wallet holds access to a user’s unique addresses on
the blockchain and provides an immutable account of their activities on the network. With an
Ethereum account, users can build a social identity across different applications such as
Twitter, Reddit, and Web3 applications.
A login for Ethereum apps: The Ethereum ecosystem includes a variety of dapps built
around finance, gaming, predictions, NFTs, and more. An Ethereum wallet provides login
access to these applications and allows users to interact with them seamlessly.
The moment your crypto wallet is created, a unique phrase is generated, known as
your ‘Secret Recovery Phrase’ (SRP) or ‘seed phrase’. And yes, this phrase may
seem cryptic, but really, it’s just a cryptographic master password that you need to
keep secret. This is the seed from which your digital public addresses and
private keys sprout—one pair for every account you generate in MetaMask.
The public address is the first way you identify yourself on the blockchain. It’s like
your bank account number, whereas your private key (derived from your SRP) is
more like the pin code to get into your bank account—you wouldn’t want to share
that with anyone, and want to keep it safe, right?
A cold wallet, by definition, is a custody solution that stores funds entirely offline.
Because sending crypto with cold wallets requires more steps than hot wallets, their
primary purpose is to receive funds and provide secure, long-term storage. And
although cold storage solutions use hardware wallets, not all hardware wallets are
considered cold storage. If the hardware wallet uses Bluetooth or can automatically
connect to the internet, it is vulnerable to many of the same threats as hot wallets.
Both hot and cold wallets offer the benefit of self-custody, where users hold private
keys that allow them to move assets on their respective blockchains. When proper
security measures are in place, either approach can be a safer option compared to
centralized exchanges, which can expose users to additional third-party risks.
The same investor could set up a browser-based or mobile wallet to interact with
dapps and smart contracts. Funds in this wallet are “hot” because of the risks
associated with smart contracts and internet connection. A hot wallet ideally holds a
lesser portion of a crypto investor’s portfolio – an amount they can afford to lose.
Centralized cryptocurrency exchanges are other entities that utilize cold and hot
wallet solutions. Many centralized cryptocurrency exchange hacks have come from
compromised hot wallets, underlining the risks associated with this storage method.
Coinbase, for instance, claims to store up to 98% of customer funds in “guarded cold
storage,” with a smaller amount kept in hot wallets to fulfill deposit and withdrawal
requests.
Hot wallets provide greater convenience, as they are primarily mobile and desktop-
based apps.
Hot wallets are free to use and are relatively easy to set up.
They provide a seamless gateway to access opportunities in the Web3 economy
(including NFTs, DeFi and gaming applications).
Hot wallets are ideal for regular crypto trading and payments. They often provide
third-party integrations for buying coins or even performing cross-chain swaps.
Hot wallets generally allow investors to store more cryptocurrencies. Hardware
wallets support fewer cryptocurrencies, as such functionalities take longer to build.
Hot wallets usually provide a more intuitive user experience, including a portfolio
tracker, dapp browser, NFT display, etc.
Cons
Being connected to the internet exposes hot wallet users to a greater risk of security
breaches.
Users could suffer substantial losses resulting from malicious software updates or
installing apps from unofficial sources.
Cold wallets provide unparalleled security as private keys are stored offline,
sometimes in air-gapped devices and multiple locations.
Cold wallets encourage long-term investments, which are historically profitable for
cryptocurrency investors.
Cold wallets lower the risk of physical crypto theft, as users do not usually move with
private keys or hardware wallets.
Cold storage solutions rarely require software upgrades, making them more immune
to new security issues.
Cold wallets also encourage greater privacy as associated addresses mainly receive
funds and have fewer trails on the blockchain.
Users require a less proactive approach to secure funds in cold storage than a hot
wallet.
Cons
Cold-storage wallets are not free to use. Getting a decent hardware wallet could cost
between $50-$300.
Cold storage wallets could be more convenient. Users must currently go through
several steps to sign transactions.
Investors must replace cold storage wallets in the event of a loss to guarantee
security.
Security
Cold wallets provide the highest level of security for cryptoassets. They store private
keys offline, eliminating most online vulnerabilities. Bad actors must gain physical
possession of the cold storage device and the owner’s consent to move funds. There
is also an additional hurdle if the wallet utilizes a multi-signature feature where
several entities must sign a transaction before it is approved.
Learn more about multi-signature and MPC wallets in our explainer on seed phrases.
In stark contrast, hot wallets are susceptible to online attack vectors, including device
malware, malicious smart contracts and software upgrades. For example, an
unprecedented hack that affected 9,231 Slope Wallet users directly resulted from a
software upgrade that allowed attackers to steal private keys holding approximately
$4.1 million worth of assets. The losses later affected even users who merely
imported (to a different wallet) a seed phrase created with Slope Wallet.
But both hot and cold wallet users risk falling victim to phishing attacks such as those
perpetrated through email and social media platforms. The attack was traditionally
only a threat to hot wallets. But a recent Trezor malware hack proved this to no
longer be the case.
Pricing
Cold wallet solutions are usually expensive to set up. The cheapest hardware wallet
devices cost around $40 and offer minimal functionality. Users must acquire a mid-
budget-sized device for about $100 to enjoy a relatively high-quality experience.
Most hot wallets are free to use and available on respective app stores for Android
and iOS users. They are also easy to set up and offer a superior user experience to
cold storage solutions.
Convenience
Being mobile and desktop-native applications make hot wallets more convenient
than cold wallets. For cold storage solutions, the user must physically possess the
device and pass through several security steps to validate transactions. In most
cases, the screens are relatively small and barely display a few lines of text.
However, hot wallets are mobile and routinely come in the shape of smartphones,
tablets, and PCs. Features such as fingerprint authentication, QR codes, and
advanced transaction fee customization make hot wallets more convenient for
signing transactions. This is especially helpful if users want to send payments
frequently or interface with smart contracts.
Interaction
Hot wallets are more interoperable with Web3 applications and smart contracts.
Users immediately find the option to connect to dapps using these wallets. In
contrast, most cold storage wallets do not provide functionalities for new-age crypto
innovations such as NFTs and DeFi protocols. For instance, some do not support
sending and receiving NFTs or liquidity provider (LP) tokens.
Most hot wallets come equipped with a dapp browser, NFT display, staking portal
and gaming hubs. Cold storage solutions are not designed for such use cases and
thus provide fewer user interactive opportunities.
Final considerations
The most experienced investors combine cold and hot wallet solutions to ensure the
best security for their cryptoassets. Such a combination is advantageous, especially
for investors with diversified portfolios who need to explore Web3 applications.
Cold wallets are essential to protect funds in the long term, while hot wallets are
helpful for anyone who needs regular engagement. Users can decide to create
multiple hot wallets for different purposes. For instance, the best security practice is
to create a new “burner wallet” for participating in NFT mints. Users may also create
specific wallets for interfacing with DeFi protocols or gaming applications. This
diversification protects against losing funds to a single hot wallet breach.
In May 2016, a few participants from the Ethereum society inaugurated the DAO [26]. The
inception was known as genesis DAO. The DAO was an open-source smart contract that
allowed anyone to exchange DAO tokens with ether.
That method of exchange helped to gather around $150M, providing DAO with a large
crowdfund. Participants with DAO tokens were permitted to cast their vote on propositions
and receive rewards as long as it resulted in profit. However, the DAO contract contained
severe flaws, allowing attackers to remove funds. A loophole existed which permitted an
attacker to request funds from the smart contract numerous times before the balance was
updated. The vulnerability occurred due to bugs in the code where the developers did not
consider the potential for a recursive call. Hence, it enabled attackers to steal ether worth
millions of dollars within the first few hours. The DAO attack scenario demonstrates how
destructive a simple smart contract vulnerability can be.
Similarly, the Parity Wallet hack is another vulnerability which was discovered on the Parity
Multisig Wallet with version 1.5+ [27], [28]. The flaw permitted an attacker to remove over
150,000 ETH ( 30M USD). In order to execute the attack, the adversary transmitted two
transactions aiming to acquire ownership of Multisig so that all the currency could be
drained. Once the attack was accomplished, the Parity Multisig Wallet Library contract was
initiated. However, it contained a bug which authorized anyone to run initWallet [29]. The
attack was executed twice; hence, it is referred to as Parity Wallet hack 1 and 2. In the first
attack, the attacker was able to modify the status of the wallet by initiating a call to initWallet.
As a result, the attacker was believed to be the owner and drained funds without any
hindrance.