Six Solidity Best Practices for Smart Contract Security in 2023 by MoogleLabs Feb, 2023
16th April of 2019

Gaming has become one of the most interesting, popular, and lucrative ways to use smart contracts. People have created entire universes on blockchains where interaction among users is often the game itself. Other NFT games, such as Axie Infinity, are “play-to-earn” games where users get rewards for participating in different aspects of the game. Moreover, there is a wide variety of blockchain gaming themes.

If the code compiles successfully and there are no problems during this process, then you can proceed to deployment and interaction with a smart contract. You can select the environment and account for deploying the smart contract in the deployment and start transactions tab. The JavaScript VM environment will allow us to test the contract in the browser as quickly as possible. To connect to the smart contract, you use Ethers.js, and to test them, you can use well known JavaScript testing libraries like Chai.

solidity smart contracts

In this case, only the gas sent together with the call is used up. In Solidity, the calling contract causes a manual exception by default in such situations, so that exceptions “bubble up” the call stack. Since EVM executors can choose to include a transaction or not, transaction senders cannot abuse the system by setting a low gas price. If some gas is left after execution, it is refunded to the transaction originator. In case of an exception that reverts changes, already used up gas is not refunded.

I need to understand below smart contract code

Firstly, it allows anyone to complete a transaction between two parties without intermediaries. For example, if you want to transfer cryptocurrency between users, you don’t need a bank, a notary, or a broker to certify or authenticate the transaction. Secondly, since the blockchain stores the transaction inside blocks, it’s difficult to corrupt, delete, change, fake, or steal the assets involved. Finally, blockchain is an open-source, decentralized technology verified by peer-to-peer interactions, adding another layer of trust.

solidity smart contracts

Notice that we’re able to specify any data type that we want! We could add up to 17 different attributes here with any data type. For now, let’s keep it simple and only use two attributes to model the person.

The Ethereum Virtual Machine

The main difference between value types and reference types can be found in how they are assigned to a variable and stored in the EVM . This article explains what Solidity is and how it is used in the Ethereum ecosystem. This article is for you if you’re interested in learning more about the inner workings of this blockchain-based programming language. When a certain predetermined condition is met, the contract begins to be executed immediately. Since smart contracts are automated, their speed is very high. To test and deploy the smart contract we wrote, we will use the Solidity IDE, which is used to compile, deploy, and manually push the Solidity code.

solidity smart contracts

Keep up-to-date with how to create Web3 projects, launch dapps, build NFT applications, and much more. Stream real-time blockchain data into your backend via webhooks. Ethereum, Polygon, Avalanche, BNB Chain, Fantom, Cronos and all testnets are supported. Royalties aren’t built into a contract’s transfer functions, which would interfere with gifting and transfers between an owner’s wallets . Developers could break their code into different modules to ensure that the contracts and functions are small and easy to manage.

When testing on the Testnet, make sure you use the actual DAI token. The pragma Solidity version will be for Solidity versions 0.8.0 and up. Open Zeppelin has implementation standards for both the ERC20 and ERC721 tokens. Among the solidity recommended practices, an upgrade path that should support bug fixes and pertinent improvements receives important attention. You can switch between languages by clicking on the flyout menu in the bottom-left corner and selecting the preferred language.


Storage is a key-value store that maps 256-bit words to 256-bit words. It is not possible to enumerate storage from within a contract, it is comparatively costly to read, and even more to initialise and modify storage. Because of this cost, you should minimize what you store in persistent storage to what the contract needs to run. Store data like derived calculations, caching, and aggregates outside of the contract. A contract can neither read nor write to any storage apart from its own.

This means that if you understand JavaScript, it can be easy to pick up Solidity. Solidity also shares similar characteristics to the programming languages C++ and Python. Ideally, you want to contain the RPC URL and the deployer ‎Vimeo Create Video Editor on the App Store private keys inside your environment variable. The tests will use Ethers.js to interface with the smart contract and use Chai as an assertion library. You can write your unit tests after defining the happy and unhappy paths.

One of the most popular programming languages used commonly for creating smart contracts on the blockchain is Solidity. Solidity is one of the most widely used blockchain programming languages for building smart contracts. The internet is transitioning to Web3, and the new decentralized frontier requires the development of quality dapps. Further, they execute different types of transactions between parties quickly, securely, permanently, incorruptible, and uncensorable. They are also peer-to-peer authenticated, eliminating third parties such as banks, notaries, and brokers.

The transaction hash will be generated from outside the function and inserted into the mapping along with the deposit amount. Because you will receive two parameters, you’ll have to validate them to ensure users don’t insert malicious inputs. Your smart contract will use the DAI cryptocurrency, but you need to create a mocked DAI token to test your local node. We’ll create the smart contract template for the token and escrow smart contract.

In addition, for step-by-step written and video tutorials on how to build your project with Moralis, visit Moralis’ documentation page. Solidity smart contracts are strings of code written in the Solidity language. These specify the terms and conditions that all parties involved in a transaction need to fulfill before the contract can go through.

You can deploy your smart contract to any Ethereum Testnet, including the Ropsten, Kovan, Goerli, and Rinkeby Testnets. Each Testnet has a different RPC connection, and you wouldn’t want to hardcode them one by one. The first suggested action is thorough testing of contracts to provide better bug detection. Additionally, developers should welcome the chance to create additional tests when they come across fresh attack vectors. Every account has a persistent key-value store mapping 256-bit words to 256-bit words called storage. Regardless of whether or not the account stores code, the two types are treated equally by the EVM.

Let’s say most buyers are external accounts (i.e. individuals), but some buyers are other contracts . Assume that among those buyer contracts there is one contract whose developers made a mistake in its fallback function and it throws an exception when invoked . Now as soon as we invoke contractWithError.transfer() in our refund function an exception will be thrown and iteration will be stopped. Therefore, transaction is reverted and none of the buyers gets their refund. Solidity is used to create smart contracts for fungible tokens and non-fungible tokens.

In fact, the time stamps are expressed in unix time which is the number of seconds that have passed since Thursday, 1 January 1970. Now we can add the modifier to the addPerson() function so that only the owner can call it. While I’m here, I’ll show you how I format my Solidity code once the functions start getting big, with lots of arguments, modifiers, visibility, etc… Next, we use require() to check that the account calling the function is the owner.

Solidity is statically typed, supports inheritance, libraries and complex user-defined types among other features. Let us begin with a basic example that sets the value of a variable and exposes it for other contracts to access. It is fine if you do not understand everything right now, we will go into more details later.

  • Open Zeppelin has implementation standards for both the ERC20 and ERC721 tokens.
  • Because the transaction process does not involve middlemen, smart contracts can execute automatically at any time.
  • First is to listen for them directly, just as I mentioned before.
  • It’s a high-level programming language that looks a lot like JavaScript, Python, and C++.

Solidity data types are usually categorized as either value types or reference types. The data button is an auto-generated getter for a public data variable. Finally, the set function is a transaction-type function that consumes gas and resources to start.

Bootstrapping your smart contract for development

Furthermore, contracts can access relevant properties of the current block like its number and timestamp. However, it is neither possible to obtain a list of all keys of a mapping, nor a list of all values. Record what you added to the mapping, or use it in a context where this is not needed. Or even better, keep a list, or use a more suitable data type. Then, choose the kind of server you would like to work on – Mainnet, Testnet, or Local Devnet. Next, choose the region closest to you (for example, New York, Toronto, London, etc.).

This can interact with both different Ethereum testnets and the main network. In this article, you learned how to use Hardhat to develop, test, and deploy an Ethereum smart contract. Next, you can go even deeper by learning to connect your frontend applications to the smart contract from the browser. Unlike the deposit function, view functions essentially just read the blockchain in its current state without changing it. This is a function named set of access modifier type public which takes a variable x of datatype uint as a parameter.