2019-10-20
4 Things about Enterprise Blockchain Development. Get ready (for 2020)!
Today I want to talk about 4 things you didn't know about Blockchains, Hyperledger, Ethereum and general Smart Contract Development. In this video I will show you how to setup Hyperledger Besu on your development machine, how to supercharge your dev-environment with new tools on the market and how to improve your security in your code..
1: There is an Ethereum Node that is perfect for enterprises and large organizations which challenges Corda, Quorum and Hyperledger Fabric.
If you are a developer, you probably know the XKCD comic. There are 14 competing standards. Which is rediculous. Let's try to create one universal standard. Soon later: There are 15 competing standards.
It's not so different with Ethereum Nodes. There are different implementations of the Ethereum Protocol in different languages: Geth, for example, is written in Go. Parity is written in Rust. They both do pretty much the same thing, give or take: they are blockchain nodes. And there were a lot more of those nodes in the past - Ethereum came a long way already. Some of them are deprecated and forgotten.
What does that have to do with Hyperledger or Quorum?
In 2018 PegaSys released a new Ethereum node, implemented in Java. Java is usually more targeted towards Enterprise customers and use cases, so, needless to say, they were going after Enterprise customers as well. Their implementation was called Pantheon.
I actually made a video about that before, because I personally like the client and the approach very much. I think Java attracts a lot more developers than Rust for example.
In September 2019 they migrated their Project over to Hyperledger under the new name: Hyperledger Besu. Besu, former Pantheon, includes several consensus algorithms including Proof of Work, Proof of Authority, and[https://github.com/ethereum/EIPs/issues/650IBFT](https://media.consensys.net/scaling-consensus-for-enterprise-explaining-the-ibft-algorithm-ba86182ea668)(actually IBFT 2, which is not comaptible to Quorum IBFT), and has comprehensive permissioning schemes designed specifically for uses in a consortium environment.
So, Hyperledger Besu is essentially an Ethereum Node for Enterprise customers with all the features you would expect from an Enterprise-grade blockchain. This makes Besu a Quorum, Fabric and Corda challenger.
If you are developing blockchain solutions, then you probably will love the next thing:
2: It takes about 1 Minute to start working on your own Private Consortium Chain with an enterprise grade Node Implementation.
Surely, some will say, that is not new. After all, there is Ganache or similar tools. They are all great. But they are pretty much only simulating an Ethereum Blockchain, they are not 100% real node implementations. Not battle tested, so to say.
If you are familiar with Docker then starting your own hyperledger besu network with some nodes, a block explorer and other services, is really easy. Pegasys or Hyperledger Besu put together a really nice walkthrough!
For me that's not 100% working out of the box for *my *development environment, but it's fairly easy to adapt! And in unter 1 minute you have your private blockchain with several participating nodes and everythings setup, which usually takes longer in any other blockchain node out there.
Let's see how it works! Basically I'd do it like this:
-
Clone their repository
-
Edit the .env file, copy the address from my MetaMask extension address to the miner. So my MetaMask receives the funds from mining.
-
Edit the docker-compose.yml file to open the right ports to the host system:
... rpcnode: image: quickstart/besu:${BESU_VERSION} command: ["--network=dev", "--rpc-http-enabled", "--rpc-http-host=0.0.0.0", "--rpc-http-port=8545", "--rpc-http-cors-origins=", "--rpc-ws-enabled", "--rpc-ws-host=0.0.0.0", "--rpc-ws-port=8546", "--metrics-enabled", "--metrics-host=0.0.0.0", "--metrics-port=9545", "--graphql-http-enabled", "--graphql-http-host=0.0.0.0", "--graphql-http-port=8547", "--graphql-http-cors-origins=", "--host-whitelist=*"] volumes: - public-keys:${BESU_PUBLIC_KEY_DIRECTORY} depends_on: - bootnode ports: - "18545:8545" - "19545:9545" - "18547:8547" [...]
-
Start the blockchain with Docker-Compose.
docker-compose up
If you don't know how Docker works, then there is a link to a 2 hour comprehensive docker hands-on tutorial I created just last month: https://vomtom.at/docker-course?couponCode=VOMTOM_REDIRECT
- The last things is to Deploy the smart contracts either using Truffle or directly with Remix from your MetaMask.
That's it. It's really as easy as that! And you get a full block explorer on top.
3: Development using Frameworks and Debugging isn't as hard as it sounds at first
When you do any software development, you are probably used to a proper IDE, code highlighting, intellisense-style code completion, step by step debugging and many more features.
This is fairly standard with languages like Java, JavaScript, Python, PHP and many more. But how does that work with Solidity?
Given, most of the current Solidity development tools are not as mature as tools like IntelliJ for Java Development, or a full blown visual studio for C#, but they came a long way already. So, when you are used to developing your Smart Contracts purely in a text editor or in the online-version of remix, then here might be some alternative setups to supercharge your smart contract development in 2020.
When using VSCode then you have access to a few interesting Extensions.
My favorite is still the Solidity Visual Auditor together with the dark theme. The extension helps tremendously reduce errors and increase readability, with an integrated linter and many more features I expect to have when writing code which is basically immutable.
If you didn't know the extension then check it out: https://marketplace.visualstudio.com/items?itemName=tintinweb.solidity-visual-auditor
Next is Truffle. If you don't used it so far then consider using truffle for your next project or current project. Truffle comes with many features that ease the life of a smart contract developer.
The best feature is the fully integrated testing suite. Never forget Unit testing your smart contracts and with truffle that's really really easy. How I use truffle to do Unit-Testing? Let's check it out.
Create a new truffle project with truffle init and edit the config file to have a development network connect with Ganache:
networks: {
development: {
host: "127.0.0.1", // Localhost (default: none)
port: 7545, // Standard Ethereum port (default: none)
network_id: "*", // Any network (default: none)
},
}
Add your Smart contracts as usual. Ideally with VSCode of course :):
Add a unit tests
open Ganache and run the unit tests and await the results.
If I'm working in teams and we use GitHub, then I'll check in the whole folder, except the *build *and *node_modules *folder. Then everyone can and should run these unit tests. On top you can have a full blown CI/CD pipeline. It's really convenient.
Obviously, there should be unit-tests for everything. But how do you define "everything" exactly? In other major languages there are test coverage reports. Luckily, there is something similar in Solidity as well. For this I'm using solidity coverage.
First, install solidity coverage using npm: npm install solidity-coverage
Then run solidity coverage inside your truffle project: npx solidity-coverage
Then move over to "./coverage" and open the HTML report. I'm using the http-server, another npm package (npm install -g http-server) for this, but you can probably just open it in a browser. It's just my habit.
Truffle also comes with a developer console to directly interact with your smart contracts or even debug your smart contracts step by step. You can create new instances or debug transactions. It's really convenient to know the tools from the inside out. Let's see any example.
I have this smart contract here:
pragma solidity 0.5.11;
import "../node_modules/@openzeppelin/contracts/math/SafeMath.sol";
contract SomeContract {
uint public myVar;
function setMyVar(uint _myVar) public {
require(_myVar > 0, "Argument can't be 0 or smaller");
myVar = _myVar;
}
}
And imaging I'm going to update this variable myVar. I have to send off a transaction.
First I'll connect using truffle console. That connects to an open network, so I have Ganache running in the background. I re-deploy my smart contract with migrate --reset:
Then I'll create a new instance of my smart contract:
let instance = await SomeContract.deployed()
I can simply interact with my smart contract.
await instance.myVar()
and update the Variable:
await instance.setMyVar(5)
Then I can debug that transaction step by step. I can enter the debug command and the truffle debugger will open up.
debug TXHash
It allows me to jump step by step into the functions.
And on top of that, I've started using tenderly in combination with truffle, to know where exactly my smart contracts are failing. Whenever a transaction fails then usually I don't see the exact location or reason in the code. With proxying the RPC calls through tenderly I get the exact line where the transaction fails. It saves me some time.
Let's have a look how that works:
- I start tenderly. Tenderly sits between ganache and truffle. It's a proxy.
So make sure your truffle config is connecting to tenderly, not to truffle.
development: {
host: "127.0.0.1",
port: 9545, // <<< port from tenderly now!
network_id: "*",
},
Then I start my truffle console and try to update the smart contract from above with the value 0, which should trigger that require.
The transaction fails, but tenderly tells us where exactly that is. It show us the exact location of the error.
Now, in 2020 there is really no reason to use notepad for creating HTML sites anymore. The same is true for solidity development. Even if you don't like VScode, then you can use the new Remix IDE Desktop. It's Remix, as we all know and love it, but as a Desktop App.
You can browse your favorite projects on your disk, use the integrated compilers and also the integrated Blockchain. That means you can make use of all the great features you know from the online version, like the debugger or the security tools and other extensions.
I heard soon you can use it 100% offline, which makes it a great companion on travels as well.
4: Security, Audit and standardized workflows is not a huge pain (actually)
Ethereum and Solidity have a somewhat problematic history, that's not a secret. Two years ago the development tools were by far not mature enough to really help avoid costly bugs. And, considering that smart contracts are immutable once deployed, meaning you can't change them once they are running, it just had to lead to a few disasters here and there. Costly disasters. And also the community wasn't always happy with the way problems were resolved.
This is not so much the case anymore. There are not only better tools, like truffle, but also great resources to learn about best practices, existing pitfalls and more.
I'm a big fan of the newsletter https://weekinethereumnews.com/. It's my weekly read on news around Ethereum. I'm literally waiting for it. Thanks Evan, I hope you keep up the good work!
Security wise I'm usually reading a lot on reddit, the ethdev and ethereum reddits, and I'm looking for community insights. One thing I can recommend is the ConsenSys GitHub repository talking about the smart contract best practices.
There the Solidity Recommendations and known attacks are a bare minimum to know for every Ethereum Blockchain Developer. These attacks are so well known that you will find a copy of those also in the Solidity documentation. But I like the ConsenSys site more, since it's so clearly only about Smart Contract best practices and not just another chapter in the Solidity docs.
The second page worth a scan through is the Smart Contract Weakness Classification and Test Cases. https://swcregistry.io/ It's a collection of typical weaknesses and their pendant to classical CWE, the common software security weaknesses.
Static analyzers are also getting better and better. ConsenSys and their projects are usually following a *freemium *model, so is their static analysis and auditing software Mythx, where the Pro version is paid, reachable at https://mythx.io
The free version checks for the most obvious things like Use of Deprecated Solidity Functions or Unprotected SELFDESTRUCT Instructions, but leaves out the good stuff. That is Reentrancy or Transaction Order Dependence and many other things only available in the Pro version. It's still worth a try, since it's easy to install and gives a nice report.
The other thing is standardized smart contracts. There is no need to re-invent the ERC20 smart contract in 2020. If you want to launch a system that uses tokens, or use any other standardized smart contract or library like the SafeMath library, then why not use an existing template? OpenZeppelin did an amazing job at this. Reachable at https://github.com/OpenZeppelin/openzeppelin-contracts
All you have to do is install them through npm in your exising truffle project. Their smart contracts will be installed in the node_modules folder and there is a lot of them available.
Then import, for example the SafeMath Library - or any other of their contracts - into your smart contract.
***import*** "../node_modules/@openzeppelin/contracts/math/SafeMath.sol";
And then simply use it. That's it. It's really that simple.
I'm sure I didn't mention the one or the other thing, so let me include the longest and most comprehensive list of developer tools for Ethereum you can find out there. It's a github repository with all the good stuff you can possibly imagine.
So, now it's your turn. Let me know in the comments which of these five production hacks you're going to try first: Tenderly or the Solidity Visual Auditor Plugin!
For more like this, subscribe to the YouTube channel or my Newsletter and I hope I'll see you in the next videos or my courses! [
Ethereum Blockchain Mastery: The Ultimate Developer Bundle
Learn Blockchain Development By Building 6 Projects Using Solidity, Remix, Ganache, Geth, Metamask, Truffle & More!
Udemy
](https://www.udemy.com/course/blockchain-developer-bundle/)