0xedB0...3484

Turn your stories into NFTs

0 Following     0 Follower

NFT

#13
read

I'm a trust maxi

One of the best quality of smart contracts is that you can often trust them. I write often, because sometimes, what should be the main focus of a smart contract developer is completely pushed aside, by polluting the smart contract with anti-patterns inherited from the classic software development culture.

If you want your smart contracts to be widely used, people must be able to trust them.

For your contracts to be trusted, there are a few things that you should absolutely avoid.

Upgradable smart contracts

If your smart contract can be upgraded, it means you can change the rules. Imagine an insurance, or wedding, or job contract that someone proposes you to sign. Your pen is 2 inches above the sheet of paper, you are ready to sign it, then you realise, there is a big white space in between two paragraphs. With an eyebrow raised, you ask: "why is there a white gap inside that contract?". Then the person (your insurer, or future wife or employer, ... I don't know which is worse) replies "Oh, it's just in case I change my mind and want to add something later".

Would you sign that?

Same with upgradable smart contracts. Don't write them. Don't use them. Red flag.

Even with a time lock on each upgrade so people might have the time to opt out.

The only exception to this rule would be if the time lock is 10 000 years.

Governance functions

Same. Please remove them or keep them as exceptional as possible. Put restrictions on them, ... Favour trust over governance.

The good thing is that removing governance functions often strongly reduces your gas costs.

Ownable

Does it mean contracts shouldn't derive from the famous Ownable smart contract?

Absolutely not. Ownable is good. It's very good practice for a contract to have an owner. It allows people to know who is in charge. It can act as a contact to call for help, explanations, advice, feed back, partnership, ...

You can transfer ownership to tell the world you don't care about that contract any more, but Bob is now in charge and will take care about support, advice, maintenance of the web GUI associated with the contract, ...

Please, give an owner to your contracts, but give no power to that owner.

Renounced contracts

Stop showing off your renouncing transaction to the world in order to make people think your contract is now safe. Renouncing a contract is misleading. It's not because a contract is renounced that it is any safer. It can have some sneaky code left in it that will allow someone to pull the rug. It can have some operator role that can mess up with the settings and spoil the party.

Renouncing is misleading.

DAOs

DAOs are a big trend in the blockchain ecosystem, and are often showed as democratic and sound governance.

The problem with DAOs is that they are managed by humans. The purpose of a DAO is to change the rules. The problem with DAOs is that you let humans make decisions, and humans are very bad at making the right decisions. If humans were any good at taking decisions, the planet would not be in such a terrible state.

Letting humans decide is a one way ticket to failure land.

Some idiot majority will prefer short time gains over long term sustainability and your project will go down the toilet thanks to its DAO.

As the EVM often says (when you carefully listen to her): Humans cannot be trusted.

Darwin wins

Conclusion: write non upgradable, non governable, non DAOed, immutable smart contracts.

If you missed something, if you forgot some feature, too bad. Your contract will be abandoned by its users, and will die. That's life. Let Darwin rule.

But I WANT to upgrade my smart contract!!

Ok, if you really want to upgrade your contract (add a new feature, drop a useless one ...) then, do it the proper way: keep your first smart contract as it is (which should be your only option bye the way, as contracts should NOT be upgradable) and create a new one.

That way, all the people who are not interested in your new version will just stay on the initial one.

If needed, copy the current previous smart contract state into the new one. You probably won't be able to afford it on Ethereum. That's why Ethereum is not a good option to launch a new smart contract. But if you were clever enough to deploy your contract on a reliable, fast and cheap blockchain like Fantom, then it will just cost you a few FTMs.

Then, persuade your users to use the new smart contract.

You should not block, pause, or suicide your first smart contract. Because if you blocked the first one, nobody will be able to trust you not to block the new one.

The most important feature of a smart contract is its trustworthiness, and upgradability is a trust killer.

Written on
Published on block 57 088 457
Reactions are currently disabled. They will return soon.

⏪ Previous Story

0xedB0...3484 avatar

Tomb forks reloaded: the smart contracts

In the previous stories, Tomb forks flaws and improvements, and Tomb forks from a different angle, we ...
by 0xedB0...3484

⏩ Next Story

0xedB0...3484 avatar

StoryPress tokenomics

StoryPress uses two tokens. The Cherry token (CHRY) used to mint new stories, comments, reactions. And the ...
by 0xedB0...3484