A Guide to Smart Contract Programming
In the world of decentralized applications, smart contracts are an attractive skill to learn. These new blockchain-based programs are already powering some promising businesses on the blockchain and promise to power many more. So how do they work, what languages support them, and what should programmers know going in?
On the surface, a smart contract is simply a computer program, but under the hood it has some key differences. It runs in a blockchain environment, which means that it operates on every blockchain node.
Developers will find smart contract programming languages supporting syntax and programming concepts that they are familiar with, but there will also be some key differences.
Differences from regular programming
There are some platform characteristics that make smart contract coding different to traditional programming. For one thing, Ethereum contracts, like the blockchain they are based on, are state machines, meaning that they store data in a certain state and then process transactions which transfer them to a different state.
In Ethereum, which is the most popular smart contract execution platform today, smart contracts are accounts that react to transactions from other accounts, changing state as a result.
Contracts in Ethereum have some constraints. You can forget non-deterministic programming in this programming model. Determinism means that when you feed data to a program, you always get the same result, whereas non-determinism might produce different results that you can’t predict.
Smart contracts can’t be unpredictable, because all nodes in the blockchain must agree on the program’s state. Unexpected random outputs might be great in games, but in smart contracts, they aren’t cool.
Determinism is one reason why smart contracts cannot query external sources in the same way that you can by simply querying online APIs in other languages. If the output from the data source changes between queries from two separate nodes, (prices shifting on a real-time streaming stock ticker, for example) then that would break consensus.
Instead, you refer to an oracle, which is a dedicated service for getting real-world information in and out of smart contracts. The oracle guarantees that it will deliver the same result to all smart contract nodes.
Perhaps the most important difference between smart contracts and traditional programming, though, is that in smart contracts, money is a primitive. In regular code, written for a bank, say, when you write a program to move money around, you’re not really moving the money. You’re moving symbols that represent the money.
In smart contracts, you are receiving, storing and sending real money. Once it is sent, it is gone forever unless a lot of it is stolen at once from a badly written smart contract, in which case the community might vote to roll back the state of the blockchain to retrieve the cash in extreme circumstances.
When the DAO, a digital autonomous organization formed in 2016, was hacked, thieves stole more millions of dollars in ether. This posed an existential threat to Ethereum, and let the community to do the unthinkable and reverse supposedly immutable transactions.
Other owners of smart contracts aren’t lucky enough to get the community to give them a do-over. One EOS-based online casino found itself $24,000 short after a wily programmer figured out a bug in the smart contract code that ran the games, and then kept hitting it repeatedly for a guaranteed payout.
The need for security
This highlights the importance of security in smart contract programming, even more so than in regular programming (where is already pretty important).
Over at Consensys, the Brooklyn, NY-based studio and incubator for Ethereum smart contracts, researchers have developed a set of best practices for smart contract programming. Aside from obvious but all-too-frequently overlooked advice such as keeping code as simple as possible, it includes other pointers such as using caution when issuing calls to other contracts that you don’t trust.
Smart contract languages
However, other smart contract programming languages have also hit the scene. One such option is Vyper, which is derived from Python 3’s syntax. Released in 2018, this language slims down and simplifies its syntax, removing many of the constructs that many programmers are familiar with, such as class inheritance and recursion.
Its developers also designed it with security in mind, deliberately forbidding contracts from doing certain things in an attempt to keep programs as secure as possible.
Another programming language introduced in 2018 aimed at securing smart contracts is Flint. It introduced programming features designed specifically to support contracts, and is currently in active development.
Ethereum is not the only smart contract platform, of course. Block.one’s EOS is another decentralized application platform that supports smart contracts, but its approach is different.
Dan Larimer, the developer behind EOS, is a software engineer with a focus on small-footprint, high-performance programs. He chose a compiled model based on WebAssembly (WASM), which is a web standard supported by companies including Google, Microsoft, and Apple.
Block.one recommends C++ as the language of choice for smart contracts running on EOS, which will be an uphill struggle for many web-era programmers used to friendlier scripted languages. However, programmers can also choose to write EOS code in other languages such as Rust, C#, Typescript, Haxe, and Kotlin. That’s the beauty of WASM.
For many developers, some basic programming knowledge and an eagerness to tinker will be all they need to write smart contracts. For those that want to be good at it, though, learning how to write code simply and securely, and to test it comprehensively will be a big requirement.
The tools to help do that are still evolving, but some are already showing promise. Mythril, a system for analysing security and smart contract code, is a useful port of call when developing smart contracts for commercial deployment.
Get smart contracts right, and you could end up consulting for the next big blockchain startup or even create the next CryptoKitties-style success story. The use cases are all out there, and just waiting to be addressed. It’s a new frontier for knowledge-hungry developers.