If you are somewhat into blockchain and cryptocurrencies, you have probably heard the word smart contract more than once.
The first thing that comes to mind is something from law, some kind of smart contracts, which are monitored by an algorithm and probably can’t be violated. The second thing you might think of is the future of transactions: soon they will only be concluded through smart contracts. Let’s see if that is really the case.
A smart contract is a computer algorithm designed to help conclude an agreement, monitor fulfilment of a contract, and execute the obligations. Created in code, it is only executed on a blockchain, a distributed ledger controlled by a decentralized network of peer nodes.
As you might have guessed, this process has nothing to do with conventional deals. You can’t use a smart contract to buy a car or secure the supply of a carload of wheat. But you are free to exchange one token for another without any intermediaries, or deposit a token at interest with a crypto bank.
In the real world, contracts are concluded on paper or electronically, with the use of the digital signature. Contract fulfilment is monitored by the state, and disputes are resolved in court. There are some mentions on the web of people selling an apartment or another asset using a smart contract. But such information is nothing but deception.
Like offline, where contracts are regulated by certain countries and jurisdictions, a smart contract is only valid on the network where it is written and deployed.
It’s easier to grasp this with the example of a vending machine. One user puts stamps into the machine, the other puts seashells. The machine uses the exchange rate of 2 stamps per seashell. Both users trust the machine since its source code is public and everyone can read it.
The idea and the term ‘smart contract’ were coined by Nick Szabo in 1994. He described a smart contract as a cryptographic protocol that conducts and monitors contracts using a set of algorithms.
Smart contracts saw broad application in practice with the emergence of Ethereum. In 2013, the future project founder Vitalik Buterin realised that Bitcoin’s protocol was unusable for smart contracts because it had been designed for other purposes. So he decided to create a different protocol from scratch, which could be more relevant to the task.
Smart contracts help close deals and perform transactions according to pre-established rules, without any intermediaries. Blockchain makes such transactions transparent, traceable, and irreversible.
Applications based on smart contracts deployed on blockchain networks are called dApps (short for decentralized apps). Blockchain-based smart contracts enforce obligations on crypto projects, make them more secure, and provide a safe payment system for cryptocurrencies. Oracles play a key role in creation of next-gen smart contracts that provide fintech products and monetary instruments (e.g. market data-driven ones).
Let’s examine how smart contracts are created with the example of Ethereum, the most common blockchain platform.
First, we need to work out the smart contract’s logic and write the source code. Developers use Solidity, a language that is somehow similar to JavaScript. The code can be written in any integrated development environment, but Remix Online IDE is the most widespread one. It allows designing a smart contract, compiling it, and placing it on the network.
After compilation is complete, we need to deploy the code on the network. For that, we create a special transaction, and the deploying address pays a fee to the network (the fee currency is ETH in our case). The more complex the smart contract, the higher the fee.
If all goes well, the deployment transaction will be executed in one of the blocks and the smart contract will end up on the blockchain with a unique address. After that, it will be able to receive commands.
The price of a smart contract depends on its complexity. For example, creating a simple smart contract for issuing tokens costs 1000–5000 USD, while development of sophisticated dApps starts from 10,000 USD and may cost over 100,000 USD.
We at Polygant have been doing blockchain development for 10 years. For this time, we have designed around a hundred smart contracts of different complexity. Contact us on Telegram to discuss how advanced a contract your crypto project needs.
A security audit is an independent examination of a smart contract’s code that projects usually publish on GitHub. Audits are a must for DeFi projects and dApps whose numerous users transact millions of dollars. Usually, an audit consists of the following stages:
Auditing is a common process for large crypto projects. Most investors take into account the audit results when studying new DeFi projects. And they have more confidence in reports compiled by reputable audit firms.
Smart contracts help transact or block gigantic amounts of cryptocurrencies. And this can be a big prey for hackers. Even tiny code errors may lead to a project losing millions of user funds. For example, a hacking of The DAO resulted in the theft of $50 million worth of ETH and Ethereum’s hard forking.
A project team needs to make sure the code is secure, since transactions on the blockchain can’t be reversed. The specificity of the technology won’t allow their cryptocurrency to be recovered, nor solve problems after a hack. This is why it is critical to find all vulnerabilities beforehand.
Auditing helps achieve a variety of goals, including:
Finding and fixing vulnerabilities
Auditors check smart contracts for various downfalls. Some are found immediately, but most can only be identified with the use of special techniques and tools. For example, during market manipulation, an assailable smart contract may be attacked with flash loans. To find such bottlenecks, auditors try to hack a smart contract. Here are the most common types of attacks they imitate:
Addressing security errors
Auditors also examine the network that hosts the smart contracts and the application programming interface (API) used to interact with dApps. If it turns out that the project can’t withstand a DDoS attack or its API is compromised, it will be unsafe for users to connect crypto wallets to potentially harmful blockchain apps.
Optimizing gas expenses
On top of analysing blockchain security, auditors look at how optimized and efficient smart contracts are. Seasoned blockchain developers try to optimize their performance. But inexperienced enthusiasts may neglect optimization.
Some smart contracts need to send a series of transactions to be executed. Given that gas fees are high on networks like Ethereum, efficient smart contracts could help save on transaction fees. And if they are inefficient, expensive gas could disrupt their operation.
A security audit is a common service. And though different audit firms may employ different approaches, here is a typical plan most of them follow:
A report is submitted at the end of the audit. In most reports, problems are categorised by severity: critical, major, minor, trivial. The problem status is also indicated, and is updated in the final report if the team had managed to fix the related error before the final report was drawn up.
Besides general takeaways, the report contains recommendations, code error review, and examples of inefficient code. When the project team receives the final report, they can publish the full version or the key findings in the community.
The audit cost depends on the number of smart contracts to be reviewed. On average, an audit costs 2000–3000 USD. In a more complex case, it can cost over 10,000 USD. Another factor affecting the cost of service is the reputation of the audit firm.
Polygant is respected in the market. But we don’t think our reputation should be reflected in our rates. Send us a request to find out how much an audit will cost you.