How to develop secure and optimized blockchain smart contracts? – 5 rules | Nextrope Academy

Paulina Lewandowska

10 Oct 2022
How to develop secure and optimized blockchain smart contracts? – 5 rules | Nextrope Academy

Why is the security of smart contracts important?

Smart contracts are a major part of applications based on blockchain technology. In the development process of smart contracts, we should maintain the highest security standards because of factors such as:

  • in many systems, they are responsible for the most critical functionality, the incorrect operation of which can be associated with a number of very unpleasant consequences, including irreversible loss of funds, a logical error ruining the operation of the entire application/protocol,
  • a smart contract that has already been published on the web cannot be modified. This feature means that bugs and vulnerabilities that are diagnosed after the contract is launched productionally cannot be fixed. (There is an advanced technique to create "upgradeable contracts," which allows the contract logic to be modified later, but it also has a number of other drawbacks and limitations that do not relieve the developer from writing secure code. For the purposes of this article, we will skip a detailed analysis of this solution).
  • The source code of most contracts is publicly available. It is good practice to publish the source code in services such as Etherscan which significantly increases the credibility of the application data or defi protocols. However, making the code publicly available entails that anyone can verify such code for security, and use any irregularities to their advantage.

Learning to write secure smart contracts is a process that requires learning many advanced aspects of the Solidity language. In this article, we will present 5 tips to simplify this process and secure our software from the most common mistakes.

1. Accurate testing of smart contracts

The first, and at the same time the most important factor that allows us to verify that our contract works properly is writing automated tests. The testing process usually allows us to reveal various security gaps or irregularities at an early stage of development. Another advantage of automated tests is protection against code regression, i.e. a situation when during implementation of new functionalities bugs are created in previously written code. In such tests we should check all possible scenarios, 100% code coverage with tests should not be a goal in itself, but only a measure to help us make sure that tests scrupulously check every method on our contract.

2. Configuration of additional tools

It is worthwhile to make use of tools that are able to measure and check the quality of the software we provide. Tools you should use in your daily work are:

  • A plugin for measuring code coverage e.g. solidity-coverage. Expanding on the thought from the first point that code coverage should not be an end in itself, it is nevertheless worth having such analytics in the testing process. By analyzing code coverage with tests, we are able to easily see which code fragments require us to write additional tests.
  • Framework for static code analysis e.g. slither, mythril. These are tools that, with the help of static analysis, are able not only to point out places in our code where a vulnerability exists, but also to offer a number of tips. Following these tips can improve not only the security, but also the quality of our software.

3. Openzeppelin smart contract library

There are many libraries and ready-made contracts that have been prepared for later use by developers of blockchain applications. However, each of these libraries needs to be verified before use to see if it has any vulnerabilities. The most popular library at the moment is openzeppelin. It is a collection of secure, tested smart contracts used in many of DeFi's most popular protocols such as uniswap. It allows us to use the most commonly used implementations of ERC (Ethereum Request For Comments) standards and reusable contracts.

The library has a large range of components that can be used to implement the most popular functionalities on the smart contract side. I will give two applications of the library as examples. However, we believe it is worth exploring all the capabilities and contracts that are provided there.

  • Ownable and AccessControl extensions

These extensions allow us to very easily add access control to functions that, according to business requirements, should only be available for execution to authorized addresses. An example from the documentation showing the use of the Ownable extension in practice:

pragma solidity ^0.8.0;
 
import "@openzeppelin/contracts/access/Ownable.sol";
 
contract MyContract is Ownable {
    function normalThing() public {
        // anyone can call this normalThing()
    }
 
    function specialThing() public onlyOwner {
        // only the owner can call specialThing()!
    }
}

As you can see, using the openzeppelin library is not only very easy, but also allows you to write more concise code that other developers can understand.

  • Implementations of the popular token standards ERC-20, ERC-721 and ERC-1155

Many decentralized applications and protocols are based on ERC-20 or NFT tokens. Each token must have an implemented interface that works according to the specification. Implementing a token entirely on your own is associated with a high risk of error, so our token may have security holes or problems with operation on various exchanges and wallets. With the help of openzeppelin library we are able to prepare a standard, functional token and enrich it with the most popular extensions with little effort. A good place to start is the interactive token configurator in the openzeppelin documentation, it allows us to generate token source code that will meet functional requirements and security standards.

4. Using new versions of the Solidity language

An important safety tip is that projects should use new versions of the Solidity language. The compiler requires us to include Solidity version information at the beginning of each source file with a .sol extension:

pragma solidity 0.8.17;

Along with new versions of the language, new features are introduced, but in addition to this, it is also important that fixes are added to various kinds of known bugs. A list of the bugs found in each version can be found in this file. As you can see, with newer versions of the language the number of bugs decreases and is successively fixed.

The language's developers in the official documentation also recommend using the latest version in newly implemented smart contracts:

When deploying contracts, you should use the latest released version of Solidity. Apart from exceptional cases, only the latest version receives security fixes”.

5. Learning from other people's mistakes

An essential factor for delivering secure software is the sheer knowledge of the advanced aspects of the Solidity language, as well as awareness of potential threats. In the past, we have witnessed many vulnerabilities where multi-million dollar assets fell prey to the attacker. Many examples of such incidents can be found on the Internet, along with detailed information on what mistake was made by the developers and how it could have been prevented. An example of the above is an article explaining the "reentrancy" attack, with the help of which the attacker stole $150 million worth of ETH. The list of possibilities for attacking smart contracts is definitely longer, so it is worth reading the list of the most popular vulnerabilities in Solidity. A good way to learn security is also to take on the role of an attacker, for this purpose the Ethernaut service is worth a look. There you will find a collection of tasks involving hacking various smart contracts, these tasks will help consolidate previously acquired security knowledge and learn new advanced aspects of the Solidity language.

Summary

In conclusion, software security of decentralized applications is a very important, but also difficult issue requiring knowledge of not only the programming language itself. Also required are testing skills, a willingness to constantly explore the topic of smart contract vulnerabilities, knowledge of new libraries and tools. This topic is vast and complicated and the above 5 points are just guidelines that can help improve the security of our code and with the associated learning. Also take a look at other articles in the Nextrope Academy series, where we take a closer look at other technical issues.

Tagi

Most viewed


Never miss a story

Stay updated about Nextrope news as it happens.

You are subscribed

Nextrope on Economic Forum 2024: Insights from the Event

Kajetan Olas

14 Sep 2024
Nextrope on Economic Forum 2024: Insights from the Event

The 33rd Economic Forum 2024, held in Karpacz, Poland, gathered leaders from across the globe to discuss the pressing economic and technological challenges. This year, the forum had a special focus on Artificial Intelligence (AI and Cybersecurity, bringing together leading experts and policymakers.

Nextrope was proud to participate in the Forum where we showcased our expertise and networked with leading minds in the AI and blockchain fields.

Economic Forum 2024: A Hub for Innovation and Collaboration

The Economic Forum in Karpacz is an annual event often referred to as the "Polish Davos," attracting over 6,000 participants, including heads of state, business leaders, academics, and experts. This year’s edition was held from September 3rd to 5th, 2024.

Key Highlights of the AI Forum and Cybersecurity Forum

The AI Forum and the VI Cybersecurity Forum were integral parts of the event, organized in collaboration with the Ministry of Digital Affairs and leading Polish universities, including:

  • Cracow University of Technology
  • University of Warsaw
  • Wrocław University of Technology
  • AGH University of Science and Technology
  • Poznań University of Technology

Objectives of the AI Forum

  • Promoting Education and Innovation: The forum aimed to foster education and spread knowledge about AI and solutions to enhance digital transformation in Poland and CEE..
  • Strengthening Digital Administration: The event supported the Ministry of Digital Affairs' mission to build and strengthen the digital administration of the Polish State, encouraging interdisciplinary dialogue on decentralized architecture.
  • High-Level Meetings: The forum featured closed meetings of digital ministers from across Europe, including a confirmed appearance by Volker Wissing, the German Minister for Digital Affairs.

Nextrope's Active Participation in the AI Forum

Nextrope's presence at the AI Forum was marked by our active engagement in various activities in the Cracow University of Technology and University of Warsaw zone. One of the discussion panels we enjoyed the most was "AI in education - threats and opportunities".

Our Key Activities

Networking with Leading AI and Cryptography Researchers.

Nextrope presented its contributions in the field of behavioral profilling in DeFi and established relationships with Cryptography Researchers from Cracow University of Technology and the brightest minds on Polish AI scene, coming from institutions such as Wroclaw University of Technology, but also from startups.

Panel Discussions and Workshops

Our team participated in several panel discussions, covering a variety of topics. Here are some of them

  • Polish Startup Scene.
  • State in the Blockchain Network
  • Artificial Intelligence - Threat or Opportunity for Healthcare?
  • Silicon Valley in Poland – Is it Possible?
  • Quantum Computing - How Is It Changing Our Lives?

Broadening Horizons

Besides tuning in to topics that strictly overlap with our professional expertise we decided to broaden our horizons and participated in panels about national security and cross-border cooperation.

Meeting with clients:

We had a pleasure to deepen relationships with our institutional clients and discuss plans for the future.

Networking with Experts in AI and Blockchain

A major highlight of the Economic Forum in Karpacz was the opportunity to network with experts from academia, industry, and government.

Collaborations with Academia:

We engaged with scholars from leading universities such as the Cracow University of Technology and the University of Warsaw. These interactions laid the groundwork for potential research collaborations and joint projects.

Building Strategic Partnerships:

Our team connected with industry leaders, exploring opportunities for partnerships in regard to building the future of education. We met many extremely smart, yet humble people interested in joining advisory board of one of our projects - HackZ.

Exchanging Knowledge with VCs and Policymakers:

We had fruitful discussions with policymakers and very knowledgable representatives of Venture Capital. The discussions revolved around blockchain and AI regulation, futuristic education methods and dillemas regarding digital transformation in companies. These exchanges provided us with very interesting insights as well as new friendships.

Looking Ahead: Nextrope's Future in AI and Blockchain

Nextrope's participation in the Economic Forum Karpacz 2024 has solidified our position as one of the leading, deep-tech software houses in CEE. By fostering connections with academia, industry experts, and policymakers, we are well-positioned to consult our clients on trends and regulatory needs as well as implementing cutting edge DeFi software.

What's Next for Nextrope?

Continuing Innovation:

We remain committed to developing cutting-edge software solutions and designing token economies that leverage the power of incentives and advanced cryptography.

Deepening Academic Collaborations:

The partnerships formed at the forum will help us stay at the forefront of technological advancements, particularly in AI and blockchain.

Expanding Our Global Reach:

The international connections made at the forum enable us to expand our influence both in CEE and outside of Europe. This reinforces Nextrope's status as a global leader in technology innovation.

If you're looking to create a robust blockchain system and go through institutional-grade testing please reach out to contact@nextrope.com. Our team is ready to help you with the token engineering process and ensure your project’s resilience in the long term.

Monte Carlo Simulations in Tokenomics

Kajetan Olas

01 May 2024
Monte Carlo Simulations in Tokenomics

As the web3 field grows in complexity, traditional analytical tools often fall short in capturing the dynamics of digital markets. This is where Monte Carlo simulations come into play, offering a mathematical technique to model systems fraught with uncertainty.

Monte Carlo simulations employ random sampling to understand probable outcomes in processes that are too complex for straightforward analytic solutions. By simulating thousands, or even millions, of scenarios, Monte Carlo methods can provide insights into the likelihood of different outcomes, helping stakeholders make informed decisions under conditions of uncertainty.

In this article, we will explore the role of Monte Carlo simulations within the context of tokenomics.  illustrating how they are employed to forecast market dynamics, assess risk, and optimize strategies in the volatile realm of cryptocurrencies. By integrating this powerful tool, businesses and investors can enhance their analytical capabilities, paving the way for more resilient and adaptable economic models in the digital age.

Understanding Monte Carlo Simulations

The Monte Carlo method is an approach to solving problems that involve random sampling to understand probable outcomes. This technique was first developed in the 1940s by scientists working on the atomic bomb during the Manhattan Project. The method was designed to simplify the complex simulations of neutron diffusion, but it has since evolved to address a broad spectrum of problems across various fields including finance, engineering, and research.

Random Sampling and Statistical Experimentation

At the heart of Monte Carlo simulations is the concept of random sampling from a probability distribution to compute results. This method does not seek a singular precise answer but rather a probability distribution of possible outcomes. By performing a large number of trials with random variables, these simulations mimic the real-life fluctuations and uncertainties inherent in complex systems.

Role of Randomness and Probability Distributions in Simulations

Monte Carlo simulations leverage the power of probability distributions to model potential scenarios in processes where exact outcomes cannot be determined due to uncertainty. Each simulation iteration uses randomly generated values that follow a specific statistical distribution to model different outcomes. This method allows analysts to quantify and visualize the probability of different scenarios occurring.

The strength of Monte Carlo simulations lies in the insight they offer into potential risks. They allow modelers to see into the probabilistic "what-if" scenarios that more closely mimic real-world conditions.

Monte Carlo Simulations in Tokenomics

Monte Carlo simulations are instrumental tool for token engineers. They're so useful due to their ability to model emergent behaviors. Here are some key areas where these simulations are applied:

Pricing and Valuation of Tokens

Determining the value of a new token can be challenging due to the volatile nature of cryptocurrency markets. Monte Carlo simulations help by modeling various market scenarios and price fluctuations over time, allowing analysts to estimate a token's potential future value under different conditions.

Assessing Market Dynamics and Investor Behavior

Cryptocurrency markets are influenced by a myriad of factors including regulatory changes, technological advancements, and shifts in investor sentiment. Monte Carlo methods allow researchers to simulate these variables in an integrated environment to see how they might impact token economics, from overall market cap fluctuations to liquidity concerns.

Assesing Possible Risks

By running a large number of simulations it’s possible to stress-test the project in multiple scenarios and identify emergent risks. This is perhaps the most important function of Monte Carlo Process, since these risks can’t be assessed any other way.

Source: How to use Monte Carlo simulation for reliability analysis?

Benefits of Using Monte Carlo Simulations

By generating a range of possible outcomes and their probabilities, Monte Carlo simulations help decision-makers in the cryptocurrency space anticipate potential futures and make informed strategic choices. This capability is invaluable for planning token launches, managing supply mechanisms, and designing marketing strategies to optimize market penetration.

Using Monte Carlo simulations, stakeholders in the tokenomics field can not only understand and mitigate risks but also explore the potential impact of different strategic decisions. This predictive power supports more robust economic models and can lead to more stable and successful token launches. 

Implementing Monte Carlo Simulations

Several tools and software packages can facilitate the implementation of Monte Carlo simulations in tokenomics. One of the most notable is cadCAD, a Python library that provides a flexible and powerful environment for simulating complex systems. 

Overview of cadCAD configuration Components

To better understand how Monte Carlo simulations work in practice, let’s take a look at the cadCAD code snippet:

sim_config = {

    'T': range(200),  # number of timesteps

    'N': 3,           # number of Monte Carlo runs

    'M': params       # model parameters

}

Explanation of Simulation Configuration Components

T: Number of Time Steps

  • Definition: The 'T' parameter in CadCAD configurations specifies the number of time steps the simulation should execute. Each time step represents one iteration of the model, during which the system is updated. That update is based on various rules defined by token engineers in other parts of the code. For example: we might assume that one iteration = one day, and define data-based functions that predict token demand on that day.

N: Number of Monte Carlo Runs

  • Definition: The 'N' parameter sets the number of Monte Carlo runs. Each run represents a complete execution of the simulation from start to finish, using potentially different random seeds for each run. This is essential for capturing variability and understanding the distribution of possible outcomes. For example, we can acknowledge that token’s price will be correlated with the broad cryptocurrency market, which acts somewhat unpredictably.

M: Model Parameters

  • Definition: The 'M' key contains the model parameters, which are variables that influence system's behavior but do not change dynamically with each time step. These parameters can be constants or distributions that are used within the policy and update functions to model the external and internal factors affecting the system.

Importance of These Components

Together, these components define the skeleton of your Monte Carlo simulation in CadCAD. The combination of multiple time steps and Monte Carlo runs allows for a comprehensive exploration of the stochastic nature of the modeled system. By varying the number of timesteps (T) and runs (N), you can adjust the depth and breadth of the exploration, respectively. The parameters (M) provide the necessary context and ensure that each simulation is realistic.

Messy graph representing Monte Carlo simulation, source: Bitcoin Monte Carlo Simulation

Conclusion

Monte Carlo simulations represent a powerful analytical tool in the arsenal of token engineers. By leveraging the principles of statistics, these simulations provide deep insights into the complex dynamics of token-based systems. This method allows for a nuanced understanding of potential future scenarios and helps with making informed decisions.

We encourage all stakeholders in the blockchain and cryptocurrency space to consider implementing Monte Carlo simulations. The insights gained from such analytical techniques can lead to more effective and resilient economic models, paving the way for the sustainable growth and success of digital currencies.

If you're looking to create a robust tokenomics model and go through institutional-grade testing please reach out to contact@nextrope.com. Our team is ready to help you with the token engineering process and ensure your project’s resilience in the long term.

FAQ

What is a Monte Carlo simulation in tokenomics context?

  • It's a mathematical method that uses random sampling to predict uncertain outcomes.

What are the benefits of using Monte Carlo simulations in tokenomics?

  • These simulations help foresee potential market scenarios, aiding in strategic planning and risk management for token launches.

Why are Monte Carlo simulations unique in cryptocurrency analysis?

  • They provide probabilistic outcomes rather than fixed predictions, effectively simulating real-world market variability and risk.