Gas Optimization In Solidity: Strategies For Cost-Effective Smart Contracts
Gas is the “fuel” that powers smart contract execution. This article offers practical strategies for Solidity gas optimization.
🇺🇦 Hacken stands with Ukraine!Learn more
The crypto industry is at a standstill in terms of market capitalization and TVL. But the number of smart contracts audits is increasing every month. Innovative applications of blockchain technology continue to create value. dApps and Web3 apps still handle millions and billions of user funds.
Even in the bear market, we see a hike in audits, pentests, and bug bounties. People would only use a decentralized application that works right. No one would store funds in a platform that can’t guarantee safety. Lax app security can have disastrous results, as proven by historical data on exploits. Over the years, the DeFi sector alone lost nearly $6 billion to hacks.
As we all know, decentralized applications are powered by smart contracts programmed to execute specific functions upon meeting a set of parameters. These are essential for any Web3 application. While code quality dictates whether applications will work as intended, code security dictates the risks of losing locked funds.
Determining security and functionality is the bread and butter of smart contract auditors. A reputable third-party cybersecurity organization is always preferred to in-house efforts because its analysis is more objective and adds credibility. An external auditor will verify that contracts work as intended and eliminate any risks of post-deployment “surprises.”
Take the necessary steps to protect your project by auditing your smart contracts.
You’ve finished developing a blockchain application and found an external auditor. Your next step is to prepare for the review itself. A cybersecurity firm typically provides you with an audit preparation checklist, which has all the necessary step-by-step guidance to maximize the results of your joint efforts.
The preparation phase is crucial. Your goal as a customer is to supply all the relevant information about the project and code. A good auditor will help you with this step. An audit will go smoothly if you implement the following recommendations.
Documentation should be sufficient. Functional requirements explain the app’s functions in a simple, straightforward language. They are vital for understanding what users and key stakeholders can do with the system. Good functional requirements define what an application is supposed to do and describe its desired behavior.
Key demands of functional requirements:
Technical documentation describes and explains everything related to the application’s software. The information may range from internal documentation for teams to external documentation for end users.
Key requirements for technical documentation:
With most projects using multiple smart contracts, there will be cross-contact dependencies. It would be best if you mentioned these dependencies, ideally charting them or describing system roles. This step enables auditors to analyze dependencies’ effects on other smart contracts.
The depth of technical documentation and functional requirements affects the documentation quality of the final audit scoring.
Your project should have a development environment. It can be any development environment based on your preference (e.g., Truffle, Hardhat, Foundry).
Key requirements for development environment:
If the customer doesn’t have a development environment, the auditor will help set it up based on technical configurations and using appropriate software packages. This factor affects the code quality metric.
Ideally, project developers grant access to well-configured code via a repository, such as GitHub, Bitbucket, or GitLab.
A codebase should follow conventional formatting and these rules:
A code that follows these rules will make the audit process more efficient. Unfortunately, only some people in the industry are well-organized. A repository may be unstructured or scattered over blockchain explorers like EtherScan or BscScan. The overall code quality affects the code quality metric.
Not all audits are equal, as some clients submit their entire project and others just a portion. If that’s your case, you need to prepare a verified audit scope so that auditors know which contracts they should focus on.
A verified scope of audit should include:
Specifying contract paths is unnecessary when the entire repository has to be audited. Sometimes, a repository may contain critical code beyond the audit scope. In this case, the auditor will explicitly mention the excluded code, “repository contains contracts that are out of scope and cannot be verified.”
Auditors thoroughly test all contracts by running them through all possible scenarios. The audit team will create test cases themselves. But you should provide a set of unit tests. Unit tests are important because they reflect a developer’s perspective, effectively contributing to additional validations.
There are several benefits to writing tests for smart contracts. For you as a customer, unit tests showcase that smart contracts are working as intended. For a cybersecurity firm, unit tests provide a way to validate smart contract functionality. In addition to speeding up issue verification, it streamlines the audit process by providing a clear and concise set of tests to verify contracts’ behavior.
Key requirements for unit tests:
Unit tests also affect the test coverage metric. More importantly, having 100% test coverage will increase the chances of preventing costly errors and eliminating critical bugs.
A successful preparation phase is a prerequisite for a thorough and detailed audit to detect and eliminate fatal smart contract vulnerabilities. The following smart contract audit preparation checklist will help you get the most of your smart contract audit: