In another article from the series on Algorand smart contract best practices, we cover the most common mistakes that we see in development. We also expand on how invariants calculations influence security and answer some of the questions we get asked frequently.
If you haven’t read the previous articles from the series, you can read them here:
All the articles have been written based on our own experience, shared by Łukasz Ptak, Blockchain Developer at Ulam Labs.
Common mistakes in Algorand smart contracts development
Not enough testing
The most common mistake is not testing the contract sufficiently. While it’s true that smart contracts can be updated, the exploits that are already in the code on blockchain can lead to irreversible disasters, including loss of funds or permanently locking them out. It’s a good idea to test every single smart contract you build. Especially if it does something simple that you’re almost sure will work.
For more complex algorithms on Algorand, it is very useful to implement a reference algorithm in Python and then compare if the on-chain state transitions match the expected results. This technique can be extended with fuzzing for better coverage of possible inputs. In general, up to 50% of the development time should be dedicated to testing, as it’s the only reliable method of creating robust smart contracts.
Not caring about PyTEAL’s abstraction
Whether you develop smart contracts in PyTEAL or Reach, you need to be aware of the workings of TEAL, otherwise you are exposing yourself to risks imposed by an abstraction layer provided in these languages. It is not possible to avoid certain pitfalls without good knowledge of TEAL. One example is:
un = AssetParam.unitName(asa_id)
In the above snippet, it may look like the Seq’s will have value 1–if the asset has a unit name–and 0 if otherwise. This is however wrong, and the .hasValue() method will only ever evaluate to 0 if the asset doesn’t exist. It’s more obvious why this happens when you investigate the TEAL code generated from Seq.
Why invariants matter in smart contracts?
In the first part of our best practices, we mentioned key steps to follow to ensure security of smart contracts. We advised that invariants of calculations should be considered at the smart contract design stage. Here’s why.
Invariants play an important role in validating algorithms. Simply put, an invariant is something that never changes. During the design process, figure out what are the invariants for the state transitions. These can take many forms, one example could be the invariant in an AMM (Automated Market Maker) based on the x*y=k formula, where a swap must not change the value of k. The x and y may vary, but the equation should always return k. Note, that different operations often have different invariants.
Another good idea is to look for equations that must always stay true. For example, the sum of all user’s staked amounts must be equal to the total staked amount in a staking smart contract. Having a list of these simple equations brings two major benefits: it becomes much easier to reason whether the code is doing the right thing, and it creates a set of assumptions that can be tested. Which results in large improvements in the quality of the testing suite.
Moreover, having defined the exact behaviors, plan what should happen with the rounding errors.
Using Algorand Virtual Machine (AVM) – Closing Thoughts
To close the three-part series appropriately, we asked Łukasz some additional questions on working with AVM. Even if they don’t fall into the brackets of best practices directly, we thought you still might find value in getting some more general insights.
You’re tasked to develop a smart contract. What’s the first thing you’d do?
Firstly, I gather all the requirements for the smart contract that will be created, then I try to design the simplest model that will meet all the criteria. I split the contract into methods (endpoints).
It’s crucial to plan out the purpose of each endpoint and assign it to the correct phase of the program. After this, the failure conditions for each endpoint can be described, as well as the invariants for formulas used within.
Where to stay on top of the latest news on Algorand smart contracts?
Many interesting insights from industry leaders and Algorand itself can be found on the official Algorand blog. A must-have for all the developers is Algorand’s newsletter. It contains relevant updates, both for the code and ecosystem standpoint. This way, even if you miss some info, it’s still there, waiting for you in your inbox.
Is there Algorand’s support for developers?
So far, one of the best way to get support is to get on the Algorand Discord. There, you can get direct help from Algorand’s developers or even founders. You can always turn to the Developer Portal for documentation, too.
What is the best thing about developing a smart contract on Algorand?
Developing on Algorand has many advantages for developers. Starting from the top, it has a very short block time and high transaction throughput – around 4s to confirm transactions at a 1,000 TPS throughput. This enables development of responsive WEB3 applications that run smoothly and where you can focus on delivering the best possible product for the end-user, instead of minimizing transaction costs, like you would on Ethereum.
Minimizing the storage requirements and runtime cost is still an important factor, but plays a much smaller role on Algorand than on other chains. While PyTEAL may seem hard at first, it just takes time to get used to it and doesn’t have a steep learning curve.
It’s definitely a very interesting experience to build an AST (Abstract Syntax Tree) from scratch, but a lot of work is being done to make the development even better and more straightforward.
My favorite part about Algorand is that a lot of its aspects are just right. The blockchain is not too old to make the mistakes of its predecessors, and not too young to have no ecosystem. It’s large enough to attract interesting projects and talented developers, but it’s also small enough that with the right ideas, it’s possible to influence the future of Algorand.
Build on Algorand with Ulam Labs
We hope you enjoyed the three parts about smart contract development on Algorand. Even if the information shared was quite technical, it might be beneficial for the founders as well to know the specifics of building on that blockchain.
And if you’d like to build a project on Algorand – don’t hesitate to consult it with us! We can build it end-to-end as well as audit your smart contracts.