Pendahuluan

Solana merupakan salah satu blockchain yang populer untuk pembuatan aset digital, termasuk token. Dengan menggunakan Solana CLI dan Token Extensions Program, kita dapat membuat token dengan lebih mudah karena metadata seperti nama, simbol, dan gambar dapat disimpan langsung di akun mint token. Panduan ini akan menjelaskan langkah demi langkah cara membuat token di Solana menggunakan metode terbaru yang lebih efisien.

1. Mengapa Menggunakan Token Extensions?

Dulu, metadata token di Solana harus disimpan dalam akun terpisah, yang membuat proses lebih rumit. Dengan Token Extensions, metadata dapat langsung disimpan dalam akun mint token, sehingga lebih sederhana dan kompatibel dengan berbagai dompet serta platform eksplorasi Solana.

Program lama: TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA (memerlukan akun metadata terpisah).
Program baru (Token Extensions): TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb (metadata langsung di akun mint).

2. Persiapan: Instalasi dan Konfigurasi Solana CLI

a. Menginstal Solana CLI

Unduh dan instal Solana CLI sesuai dengan panduan resmi Solana.

b. Membuat Folder dan Konfigurasi Kunci

Buka terminal dan buat folder untuk proyek token:

mkdir new-token && cd new-token

Buat keypair untuk otoritas mint token:

solana-keygen grind --starts-with bos:1

Konfigurasi Solana CLI untuk menggunakan keypair yang baru dibuat:

solana config set --keypair bosy1VC2BH2gh5fdXA3oKn53EuATLwapLWC4VR2sGHJ.json
solana config set --url devnet

3. Mendapatkan SOL untuk Biaya Transaksi

Untuk menjalankan transaksi di Solana, kita membutuhkan SOL. Jika bekerja di Devnet, kita bisa mendapatkan SOL gratis dari Solana Faucet:

solana airdrop 1

Jika di Mainnet, kita harus membeli SOL melalui exchange atau swap.

4. Membuat Alamat Mint Token

Buat keypair untuk akun mint token:

solana-keygen grind --starts-with mnt:1

Alamat ini akan digunakan sebagai akun utama token mint.

5. Membuat Akun Mint Token

Tentukan jumlah desimal token (default: 9). Gunakan perintah berikut untuk membuat token mint dengan metadata:

spl-token create-token --program-id TokenzQdBNbLqP5VEhdkAS6EPFLC1PHnBqCXEpPxuEb --enable-metadata mntTymSqMU4e1NEDdxJ9XoPN4MitCgQ7xxGW6AuRAWQ.json

Catatan: Setelah token mint dibuat, kita tidak dapat menambahkan ekstensi tambahan.

6. Menambahkan Metadata Token

a. Mengunggah Gambar Token

Unggah gambar ke penyimpanan online seperti IPFS, Arweave, atau AWS S3.

b. Membuat dan Mengunggah Metadata JSON

Buat file metadata.json dengan format berikut:

{
  "name": "Example Token",
  "symbol": "EXMPL",
  "description": "Example token from Solana Making a Token guide.",
  "image": "https://link-ke-gambar.png"
}

Unggah file JSON ini ke penyimpanan online.

c. Menghubungkan Metadata ke Token

spl-token initialize-metadata mntTymSqMU4e1NEDdxJ9XoPN4MitCgQ7xxGW6AuRAWQ "Example Token" "EXMPL" https://link-ke-metadata.json

Setelah ini, metadata token akan tampil di Solana Explorer.

7. Mencetak dan Mengirim Token

a. Membuat Akun untuk Menyimpan Token

spl-token create-account mntTymSqMU4e1NEDdxJ9XoPN4MitCgQ7xxGW6AuRAWQ

b. Mencetak Token

Cetak 100 token ke akun yang baru dibuat:

spl-token mint mntTymSqMU4e1NEDdxJ9XoPN4MitCgQ7xxGW6AuRAWQ 100

c. Mengirim Token ke Dompet Lain

spl-token transfer mntTymSqMU4e1NEDdxJ9XoPN4MitCgQ7xxGW6AuRAWQ 10 (alamat dompet) --fund-recipient

— fund-recipient digunakan untuk membayar biaya pembuatan akun token penerima.

8. Menonaktifkan Otorisasi untuk Keamanan

Setelah distribusi token selesai, kita bisa menonaktifkan beberapa fitur otorisasi agar token lebih aman.

a. Menonaktifkan Minting Token (Agar Pasokan Tetap)

spl-token authorize {token_address} mint --disable

Setelah menjalankan perintah ini, tidak ada yang bisa mencetak token baru, termasuk pemilik mint.

b. Menonaktifkan Pembekuan Token

spl-token authorize {token_address} freeze --disable

Dengan ini, tidak ada akun yang bisa membekukan atau mencairkan saldo token, membuatnya lebih transparan.

Setelah berbulan-bulan menyusun materi, akhirnya saya dapat membagikan ebook yang dirancang khusus untuk membantu teman-teman yang tertarik menjadi web3 developer atau solidity engineer. Ebook ini lebih dari sekadar tutorial; ini adalah panduan komprehensif dari dasar hingga tingkat lanjut, ditulis dengan gaya ringkas yang merangkum berbagai dokumentasi menjadi satu sumber yang mudah dipahami.

Apa yang Akan Kamu Pelajari di Ebook Ini?

1. Dasar-Dasar Blockchain, Ethereum, & Solidity:
Pelajari fondasi utama dari teknologi blockchain, pengenalan terhadap Ethereum, dan bagaimana Solidity digunakan untuk mengembangkan smart contract.

2. Konsep Dasar Pemrograman di Solidity:
Buku ini membahas setup environment yang dibutuhkan, tipe data, fungsi, dan berbagai konsep dasar yang akan membantu kamu membangun pemahaman teknis yang solid.

3. Materi Lanjutan:
Setelah menguasai dasar-dasar, kamu akan dibimbing untuk mendalami topik lanjut seperti event, error handling, debugging, dan keamanan dalam smart contract — hal-hal yang wajib dipahami seorang Solidity engineer.

4. Pola Desain (Design Patterns):
Dalam pengembangan smart contract yang efisien, pola desain seperti ownership, factory, dan proxy sangat diperlukan. Ebook ini akan membantu kamu memahami cara menggunakan pola-pola ini dalam proyek kamu.

5. Bonus Repositori Kode Smart Contract:
Sebagai tambahan, ebook ini juga menyertakan akses ke repositori kode smart contract sebagai referensi langsung yang bisa dipelajari dan diadaptasi ke dalam proyek kamu.

Unduh Ebook “Mastering Solidity” 100% Gratis!

Ebook ini tersedia secara gratis untuk kamu yang serius ingin menjadi seorang Solidity engineer atau web3 developer. Jangan lewatkan kesempatan untuk memiliki ebook ini secara cuma-cuma! Kamu dapat mengunduhnya melalui tautan berikut: https://skydope.gumroad.com/l/mastering-solidity-ebook-ID.

Are you ready to dive into the world of blockchain development and master the art of writing smart contracts with Solidity? I’m thrilled to offer the first 50 readers an exclusive opportunity to download my newly released eBook for free.

Why This eBook?

“Mastering Solidity: Comprehensive Guide to Solidity Development” is not just a book; it’s a complete resource designed to take you from a novice to a proficient Solidity developer. Drawing on my extensive experience in blockchain development, this eBook covers everything you need to know, from the basics of Solidity to advanced techniques in writing smart contracts. Here’s what you can expect inside:

• Introduction to Blockchain Technology: I provide a thorough introduction to blockchain, highlighting its transformative impact across industries.
• Solidity Fundamentals: Learn the syntax, structure, and core concepts of the Solidity programming language.
• Smart Contract Development: Follow my guidance on creating, testing, and deploying smart contracts on the Ethereum network.
• Advanced Solidity Concepts: Explore inheritance, libraries, and design patterns that are crucial for writing secure and efficient smart contracts.
• Real-World Examples: I share practical examples and case studies from my experience to demonstrate the application of Solidity in real-world scenarios.
• Best Practices and Security: Discover my top tips and techniques for writing secure, scalable, and maintainable code.
• Comprehensive Reference Material: Access a wealth of resources and references to deepen your understanding and stay updated with the latest in Solidity development.

Whether you’re just starting or looking to enhance your existing skills, this eBook is your ultimate companion in the world of blockchain development.

Who Should Read This eBook?

This eBook is perfect for:

• Beginner Developers: Those new to blockchain and Solidity who want a clear, structured introduction.
• Intermediate Developers: Developers with some experience looking to deepen their knowledge and tackle more complex projects.
• Experienced Developers: Seasoned developers seeking to stay current with the latest best practices and trends in Solidity development.
• Tech Enthusiasts and Students: Individuals with an interest in blockchain technology who want to expand their understanding and skill set.

Exclusive Offer

For a limited time, I’m offering this invaluable resource for free to the first 50 readers. Don’t miss out on this opportunity to elevate your blockchain development skills. By downloading my eBook, you will:

• Gain Early Access: Be among the first to explore this comprehensive guide and enhance your development skills.
• Get Future Updates: Receive notifications about updates and additional resources related to Solidity and blockchain development.

How to Claim Your Free Copy

To claim your free copy of “Mastering Solidity: Comprehensive Guide to Solidity Development”, simply click the download link below. Hurry, as this offer is only available to the first 50 readers!

https://superxdev.gumroad.com/l/mastering-solidity-ebook

Exclusive Free eBook: Mastering Solidity and Ethereum Development was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.

Solidity, the primary language for writing smart contracts on Ethereum, has unique features to handle logging and error management. Understanding these mechanisms is essential for developing robust and maintainable decentralized applications (dApps). This article delves into the intricacies of event logging and error handling in Solidity, providing a comprehensive guide for both beginners and experienced developers.

Introduction to Event Logging

What are Events?

In Solidity, events are a convenient way to log data on the Ethereum blockchain. They facilitate communication between smart contracts and their external users, enabling the creation of logs that can be easily accessed and monitored.

Events are typically emitted by smart contracts to signal that something significant has occurred. Once emitted, events are stored in the transaction logs of the blockchain, making them accessible for future reference.

Use Cases of Events

Events have several practical applications in smart contract development, including:

• Transaction Notifications: Informing external applications when a particular action has taken place within the smart contract.
• State Changes: Logging changes in the state of the contract for auditing and debugging purposes.
• Data Storage: Storing historical data in an efficient manner that is cheaper than using contract storage.

Defining and Emitting Events

Syntax and Examples

Defining an event in Solidity is straightforward. The syntax involves the event keyword followed by the event name and parameters.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract EventExample {
    // Define an event
    event DataStored(uint256 indexed id, string data);
    // Emit the event
    function storeData(uint256 id, string memory data) public {
        emit DataStored(id, data);
    }
}

In this example, we define an event DataStored with two parameters: id and data. The event is emitted inside the storeData function, logging the values passed to it.

Indexed Parameters

Indexed parameters allow for efficient filtering of event logs. By marking a parameter with the indexed keyword, you can create up to three indexed parameters per event, enabling faster and more targeted searches.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract IndexedEventExample {
    // Define an event with indexed parameters
    event DataStored(uint256 indexed id, address indexed sender, string data);
    // Emit the event
    function storeData(uint256 id, string memory data) public {
        emit DataStored(id, msg.sender, data);
    }
}

In this example, both id and sender are indexed, allowing for efficient querying based on these parameters.

Subscribing and Listening to Events

Using Web3.js

To listen for events emitted by a smart contract, you can use Web3.js, a popular JavaScript library for interacting with the Ethereum blockchain.

First, you need to set up a Web3 instance and connect to an Ethereum node.

const Web3 = require('web3');
const web3 = new Web3('https://mainnet.infura.io/v3/YOUR_INFURA_PROJECT_ID'));

// ABI of the contract
const abi = [/* Contract ABI here */];
// Address of the deployed contract
const address = '0xYourContractAddress';
// Create contract instance
const contract = new web3.eth.Contract(abi, address

Then, you can subscribe to the event using the events property of the contract instance.

contract.events.DataStored({
    filter: {sender: '0xSpecificAddress'}, // Optional filter
    fromBlock: 0 // Start from block 0
}, (error, event) => {
    if (error) {
        console.error(error);
    } else {
        console.log(event.returnValues);
    }
});

This code listens for the DataStored event, optionally filtering by the sender address and starting from block 0.

Real-World Examples

Let’s consider a more practical example: a simple voting contract.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract Voting {
    // Define events
    event VoteCasted(address indexed voter, uint256 proposalId);
    event ProposalAdded(uint256 indexed proposalId, string proposal);
    struct Proposal {
        string description;
        uint256 voteCount;
    }

    Proposal[] public proposals;
    // Add a new proposal
    function addProposal(string memory description) public {
        proposals.push(Proposal(description, 0));
        emit ProposalAdded(proposals.length - 1, description);
    }

    // Cast a vote
    function vote(uint256 proposalId) public {
        proposals[proposalId].voteCount++;
        emit VoteCasted(msg.sender, proposalId);
    }
}

In this example, we define two events, VoteCasted and ProposalAdded, to log voting activities and the addition of new proposals. These events can be listened to in a dApp to update the UI in real-time whenever a vote is cast or a new proposal is added.

Introduction to Error Handling

Importance of Error Handling

Error handling is crucial in smart contract development to ensure the integrity and reliability of the contract. Effective error handling helps prevent unexpected behaviors, secure funds, and provide meaningful feedback to users and developers.

Common Error Types

In Solidity, errors can be broadly categorized into:

• Assertion Failures: Using assert to enforce invariants and check internal errors.
• Requirement Failures: Using require to validate inputs and conditions.
• Reversions: Using revert to handle errors explicitly and revert the state.

Assert, Require, and Revert

Differences and Use Cases

Assert

assert is used to check for conditions that should never be false. It is typically used to enforce invariants within the code. If an assert statement fails, it indicates a bug in the contract.

function safeMath(uint256 a, uint256 b) public pure returns (uint256) {
    uint256 result = a + b;
    assert(result >= a);
    return result;
}

In this example, assert ensures that the addition operation does not overflow.

Require

require is used to validate inputs and conditions before executing the rest of the function. It is commonly used for input validation and to check conditions that should be true before proceeding.

function transfer(address recipient, uint256 amount) public {
    require(balance[msg.sender] >= amount, "Insufficient balance");
    balance[msg.sender] -= amount;
    balance[recipient] += amount;
}

Here, require checks if the sender has sufficient balance before proceeding with the transfer.

Revert

revert is used to handle errors explicitly and revert the state changes. It can be used with or without an error message.

function withdraw(uint256 amount) public {
    if (balance[msg.sender] < amount) {
        revert("Insufficient balance");
    }
    balance[msg.sender] -= amount;
    payable(msg.sender).transfer(amount);
}

In this example, revert is used to handle the case where the balance is insufficient, providing an explicit error message.

Custom Errors

Solidity 0.8.4 introduced custom errors, which are more gas-efficient than revert strings. Custom errors allow developers to define and use specific error types within their contracts.

Example

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract CustomErrorExample {
    error InsufficientBalance(uint256 available, uint256 required);
    mapping(address => uint256) balance;
    function withdraw(uint256 amount) public {
        uint256 available = balance[msg.sender];
        if (available < amount) {
            revert InsufficientBalance(available, amount);
        }
        balance[msg.sender] -= amount;
        payable(msg.sender).transfer(amount);
    }
}

Advanced Solidity: Event Logging and Error Handling was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.

Introduction

Ethereum, one of the most prominent blockchains, enables the development of decentralized applications (dApps) through its smart contract language, Solidity. While Solidity excels in handling on-chain data, integrating off-chain data (information that resides outside the blockchain) is crucial for many practical applications. This is where oracles come into play. Oracles bridge the gap between off-chain data and blockchain smart contracts, enabling the blockchain to interact with real-world information.

This article explores the concept of oracles, their importance, and the methods of integrating off-chain data into Solidity smart contracts, providing a detailed technical overview for developers and blockchain enthusiasts.

Understanding Oracles

What are Oracles?

Oracles are third-party services that provide smart contracts with external data. They act as intermediaries, fetching data from the real world and supplying it to the blockchain, which is inherently isolated from the external environment. This data can include anything from financial market prices, weather conditions, sports results, to IoT sensor information.

Types of Oracles

1. Inbound Oracles: Provide data from external sources to the blockchain.
2. Outbound Oracles: Send data from the blockchain to external systems.
3. Software Oracles: Retrieve data from online sources such as APIs, websites, and databases.
4. Hardware Oracles: Gather data from the physical world using IoT devices.
5. Consensus-based Oracles: Aggregate data from multiple sources and use consensus mechanisms to determine the most accurate data.

Importance of Oracles

Oracles are crucial because they expand the capabilities of smart contracts, enabling them to respond to real-world events. Without oracles, the utility of smart contracts would be limited to on-chain activities, severely restricting their potential applications.

Integrating Off-chain Data in Solidity

Integrating off-chain data involves several steps and considerations. Here, we delve into the technicalities of using oracles with Solidity, focusing on Chainlink, the most widely used oracle network.

Chainlink: The Leading Oracle Network

Chainlink is a decentralized oracle network that provides reliable tamper-proof inputs and outputs for complex smart contracts. It enables smart contracts to securely interact with external data sources and APIs.

Setting Up Chainlink Oracles in Solidity

Prerequisites

Before we dive into the code, ensure you have the following:

1. Node.js: For installing development tools.
2. Truffle or Hardhat: Ethereum development environments.
3. Metamask: Ethereum wallet for managing accounts and interacting with the blockchain.
4. Link Tokens: Required for paying the oracles.

Step-by-Step Integration

1. Install Dependencies:

Begin by installing the necessary dependencies.

npm install @chainlink/contracts truffle-hdwallet-provider

2. Set Up the Solidity Smart Contract:

Create a new Solidity file (e.g., DataConsumerV3.sol) and import the Chainlink contracts.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.7;

import {AggregatorV3Interface} from "@chainlink/contracts@1.1.0/src/v0.8/shared/interfaces/AggregatorV3Interface.sol";

/**
 * THIS IS AN EXAMPLE CONTRACT THAT USES HARDCODED
 * VALUES FOR CLARITY.
 * THIS IS AN EXAMPLE CONTRACT THAT USES UN-AUDITED CODE.
 * DO NOT USE THIS CODE IN PRODUCTION.
 */

/**
 * If you are reading data feeds on L2 networks, you must
 * check the latest answer from the L2 Sequencer Uptime
 * Feed to ensure that the data is accurate in the event
 * of an L2 sequencer outage. See the
 * https://docs.chain.link/data-feeds/l2-sequencer-feeds
 * page for details.
 */

contract DataConsumerV3 {
    AggregatorV3Interface internal dataFeed;

    /**
     * Network: Sepolia
     * Aggregator: BTC/USD
     * Address: 0x1b44F3514812d835EB1BDB0acB33d3fA3351Ee43
     */
    constructor() {
        dataFeed = AggregatorV3Interface(
            0x1b44F3514812d835EB1BDB0acB33d3fA3351Ee43
        );
    }

    /**
     * Returns the latest answer.
     */
    function getLatestPrice() public view returns (int) {
        // prettier-ignore
        (
            /* uint80 roundID */,
            int answer,
            /*uint startedAt*/,
            /*uint timeStamp*/,
            /*uint80 answeredInRound*/
        ) = dataFeed.latestRoundData();
        return answer;
    }
}

In this contract:

• We import the necessary Chainlink interfaces.
• We define a constructor that initializes the priceFeed with the address of the Chainlink Price Feed contract.

3. Deploy the Contract:
Configure Truffle or Hardhat to deploy the contract to a testnet like Kovan or Rinkeby. Here’s an example of a Truffle migration script:

const DataConsumerV3 = artifacts.require("DataConsumerV3");

module.exports = function (deployer) {
    deployer.deploy(DataConsumerV3);
};

4. Interact with the Deployed Contract:
Once deployed, you can interact with the contract to fetch the latest price.

const PriceConsumerV3 = artifacts.require("PriceConsumerV3");

module.exports = async function(callback) {
    const priceConsumer = await PriceConsumerV3.deployed();
    const latestPrice = await priceConsumer.getLatestPrice();
    console.log(`The latest price BTC/USD is ${latestPrice.toString()}`);
    callback();
};

Security Considerations

Data Authenticity and Integrity

Ensure that the data source is trustworthy and that the data remains untampered. Using decentralized oracles like Chainlink can mitigate risks by aggregating data from multiple sources.

Oracle Manipulation

Since oracles act as intermediaries, they can be targeted for manipulation. It’s essential to use secure and reliable oracle networks. Chainlink’s decentralized nature helps in reducing this risk.

Handling Failures

Implement fallback mechanisms to handle oracle failures or data unavailability. Smart contracts should be designed to handle unexpected scenarios gracefully.

Future Trends and Developments

Decentralized Oracle Networks (DONs)

Decentralized Oracle Networks, like Chainlink, are becoming more sophisticated, providing higher levels of security and reliability. Future developments may include more robust consensus mechanisms and integration with a broader range of data sources.

Cross-Chain Oracles

As blockchain interoperability grows, cross-chain oracles will become vital. These oracles can fetch and relay data across different blockchain networks, enhancing the functionality and reach of smart contracts.

Privacy-preserving Oracles

With increasing concerns about data privacy, oracles that can handle confidential information without compromising security are in demand. Techniques like zero-knowledge proofs could be integrated into oracle systems to achieve this.

Security is a paramount concern in smart contract development due to the irreversible nature of blockchain transactions. Vulnerabilities in smart contracts can lead to significant financial losses and damage to reputations. In this chapter, we will explore essential security best practices for writing secure Solidity contracts, covering common vulnerabilities and strategies to mitigate them.

Common Vulnerabilities

Several common vulnerabilities have historically plagued smart contracts. Understanding these issues is the first step towards writing secure code.

1. Reentrancy

Reentrancy attacks occur when a contract makes an external call to another untrusted contract before updating its state. This allows the untrusted contract to call back into the original contract, potentially leading to unexpected behavior or draining of funds.

Example:

// Vulnerable contract
contract VulnerableBank {
    mapping(address => uint) public balances;

    function deposit() public payable {
        balances[msg.sender] += msg.value;
    }
    function withdraw(uint amount) public {
        require(balances[msg.sender] >= amount, "Insufficient balance");
        (bool success,) = msg.sender.call{value: amount}("");
        require(success, "Transfer failed");
        balances[msg.sender] -= amount;
    }
}

Mitigation

• Use the Checks-Effects-Interactions pattern.
• Employ a reentrancy guard.

Example:

// Safe contract using Checks-Effects-Interactions pattern and reentrancy guard
contract SafeBank {
    mapping(address => uint) public balances;
    bool private locked;

    modifier noReentrancy() {
        require(!locked, "No reentrancy");
        locked = true;
        _;
        locked = false;
    }
    function deposit() public payable {
        balances[msg.sender] += msg.value;
    }
    function withdraw(uint amount) public noReentrancy {
        require(balances[msg.sender] >= amount, "Insufficient balance");
        balances[msg.sender] -= amount;
        (bool success,) = msg.sender.call{value: amount}("");
        require(success, "Transfer failed");
    }
}

2. Integer Overflow and Underflow

Integer overflows and underflows occur when an arithmetic operation exceeds the maximum or minimum value a variable can hold. This can lead to unintended behavior.

Example:

// Vulnerable contract
contract Overflow {
    uint8 public value;

    function increment(uint8 _amount) public {
        value += _amount;
    }
}

Mitigation

• Use the SafeMath library (in older versions of Solidity).
• Utilize built-in overflow checks (Solidity 0.8.0 and later).

Example:

// Safe contract using built-in overflow checks
contract SafeMath {
    uint8 public value;

    function increment(uint8 _amount) public {
        value += _amount; // This will automatically revert on overflow in Solidity 0.8.0+
    }
}

3. Access Control

Improper access control can allow unauthorized users to perform critical operations on a contract.

Example:

// Vulnerable contract
contract AdminOnly {
    address public owner;

    constructor() {
        owner = msg.sender;
    }
    function changeOwner(address newOwner) public {
        owner = newOwner;
    }
}

Mitigation

• Implement proper access control using modifiers.
• Use libraries such as OpenZeppelin’s Ownable.

Example:

// Safe contract using OpenZeppelin's Ownable
import "@openzeppelin/contracts/access/Ownable.sol";

contract AdminOnly is Ownable {
    function changeOwner(address newOwner) public onlyOwner {
        transferOwnership(newOwner);
    }
}

4. Denial of Service (DoS)

DoS attacks can prevent users from interacting with a contract by exploiting gas limits or other vulnerabilities.

Example:

// Vulnerable contract
contract Auction {
    address public highestBidder;
    uint public highestBid;

    function bid() public payable {
        require(msg.value > highestBid, "Bid too low");
        if (highestBidder != address(0)) {
            (bool success,) = highestBidder.call{value: highestBid}("");
            require(success, "Refund failed");
        }
        highestBidder = msg.sender;
        highestBid = msg.value;
    }
}

Mitigation

• Avoid using call for sending funds.
• Use pull over push pattern for withdrawals.

Example:

// Safe contract using pull over push pattern
contract Auction {
    address public highestBidder;
    uint public highestBid;
    mapping(address => uint) public refunds;

    function bid() public payable {
        require(msg.value > highestBid, "Bid too low");
        if (highestBidder != address(0)) {
            refunds[highestBidder] += highestBid;
        }
        highestBidder = msg.sender;
        highestBid = msg.value;
    }
    function withdrawRefund() public {
        uint refund = refunds[msg.sender];
        refunds[msg.sender] = 0;
        (bool success,) = msg.sender.call{value: refund}("");
        require(success, "Refund failed");
    }
}

5. Front-Running

Front-running occurs when a malicious actor intercepts and exploits a pending transaction before it is mined.

Mitigation

• Use commit-reveal schemes.
• Implement gas price limits.

Example:

// Simple commit-reveal scheme
contract SecureAuction {
    struct Bid {
        bytes32 blindedBid;
        uint deposit;
    }

    address public highestBidder;
    uint public highestBid;
    mapping(address => Bid) public bids;
    function placeBlindedBid(bytes32 _blindedBid) public payable {
        bids[msg.sender] = Bid({
            blindedBid: _blindedBid,
            deposit: msg.value
        });
    }
    function revealBid(uint _value, bytes32 _secret) public {
        Bid storage bidToCheck = bids[msg.sender];
        require(bidToCheck.blindedBid == keccak256(abi.encodePacked(_value, _secret)), "Invalid bid reveal");
        require(bidToCheck.deposit >= _value, "Insufficient deposit");
        if (_value > highestBid) {
            highestBid = _value;
            highestBidder = msg.sender;
        }
        bidToCheck.deposit = 0; // Reset deposit after reveal
    }
}

General Security Best Practices

1. Use Libraries and Standards

Use well-audited libraries such as OpenZeppelin for common functionalities like access control, token standards, and more.

2. Avoid Floating Pragma

Lock the Solidity version in your contracts to avoid incompatibility issues and unexpected behavior due to compiler updates.

Example:

// Good practice
pragma solidity ^0.8.0;

3. Conduct Security Audits

Regularly audit your smart contracts with professional security firms to identify and fix vulnerabilities.

4. Write Tests

Write comprehensive unit tests to cover various scenarios and edge cases. Use testing frameworks like Truffle or Hardhat.

5. Follow Best Practices for Contract Design

• Implement the Checks-Effects-Interactions pattern to minimize reentrancy risks.
• Use the pull over push pattern for handling funds.

6. Use Multisig Wallets

For contracts handling significant funds, use multisig wallets to increase security for fund management.

Example:

// Simple multisig wallet using OpenZeppelin
import "@openzeppelin/contracts/access/AccessControl.sol";

contract MultisigWallet is AccessControl {
    bytes32 public constant SIGNER_ROLE = keccak256("SIGNER_ROLE");
    uint256 public approvalsNeeded;
    mapping(bytes32 => uint256) public approvals;
    constructor(uint256 _approvalsNeeded) {
        approvalsNeeded = _approvalsNeeded;
        _setupRole(DEFAULT_ADMIN_ROLE, msg.sender);
    }
    function submitTransaction(address to, uint256 value) public onlyRole(SIGNER_ROLE) {
        bytes32 txHash = keccak256(abi.encodePacked(to, value));
        approvals[txHash]++;
        if (approvals[txHash] >= approvalsNeeded) {
            (bool success,) = to.call{value: value}("");
            require(success, "Transaction failed");
        }
    }
    function addSigner(address account) public onlyRole(DEFAULT_ADMIN_ROLE) {
        grantRole(SIGNER_ROLE, account);
    }
    function removeSigner(address account) public onlyRole(DEFAULT_ADMIN_ROLE) {
        revokeRole(SIGNER_ROLE, account);
    }
}

7. Implement Circuit Breakers

Use circuit breakers to halt contract operations in case of emergencies.

Example:

// Circuit breaker pattern
contract EmergencyStop {
    bool private stopped = false;
    address private owner;

    modifier stopInEmergency() {
        require(!stopped, "Stopped in emergency");
        _;
    }
    modifier onlyOwner() {
        require(msg.sender == owner, "Not the owner");
        _;
    }
    constructor() {
        owner = msg.sender;
    }
    function toggleContractActive() public onlyOwner {
        stopped = !stopped;
    }
    function deposit() public payable stopInEmergency {
        // deposit logic
    }
    function withdraw(uint amount) public stopInEmergency {
        // withdraw logic
    }
}

8. Be Cautious with External Calls

Minimize and carefully handle external calls to prevent unexpected behaviors and vulnerabilities.

Security Best Practices in Solidity was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.

Setting up your development environment for Solidity is the first crucial step to diving into the world of Ethereum smart contract development. In this guide, we’ll walk you through the essential tools and configurations you need to get started, ensuring a smooth and efficient workflow.

Step 1: Install Node.js and npm

Node.js is a JavaScript runtime that is required for most blockchain development tools. npm is the package manager for Node.js, and you’ll use it to install various development tools.

1. Download Node.js: Visit the https://nodejs.org/ and download the LTS (Long Term Support) version for your operating system.

2. Install Node.js: Follow the installation instructions for your OS.

3. Verify Installation:

node -v

npm -v

Step 2: Install Truffle

Truffle is a popular development framework for Ethereum that provides a suite of tools for smart contract development.

1. Install Truffle:

npm install -g truffle

2. Verify Installation:

truffle version

Step 3: Install Ganache

Ganache is a personal blockchain for Ethereum development that you can use to deploy contracts, develop applications, and run tests.

1. Download Ganache: Visit the ttps://trufflesuite.com/ganache/ and download the version suitable for your OS.

2. Install Ganache: Follow the installation instructions for your OS.

3. Launch Ganache: Open Ganache to start your local blockchain.

Step 4: Install a Code Editor

Visual Studio Code (VS Code) is a popular choice for Solidity development due to its extensive range of extensions and ease of use.

1. Download VS Code: Visit the https://code.visualstudio.com/ and download the version for your OS.

2. Install VS Code: Follow the installation instructions for your OS.

3. Install Solidity Extension:

• Open VS Code.
• Go to the Extensions view by clicking the Extensions icon in the Activity Bar on the side of the window or by pressing Ctrl+Shift+X.
• Search for “Solidity” and install the Solidity extension by Juan Blanco.

Step 5: Initialize a Truffle Project

1. Create a New Directory for Your Project:

mkdir MySolidityProject
cd MySolidityProject

2. Initialize a Truffle Project:

truffle init

This command sets up a basic Truffle project structure with the necessary directories and configuration files.

Step 6: Connect Truffle to Ganache

1. Configure Truffle to Use Ganache:

• Open the `truffle-config.js` file in your project directory.
• Add the following network configuration:

module.exports = {
  networks: {
    development: {
      host: "127.0.0.1", // Localhost (default: none)
      port: 7545, // Standard Ethereum port (default: none)
      network_id: "*", // Any network (default: none)
    },
  },
  // Other configurations…
};

Step 7: Write a Simple Smart Contract

1. Create a Solidity File:

• In the `contracts` directory of your project, create a new file named `SimpleStorage.sol`.
• Add the following code to `SimpleStorage.sol`:

pragma solidity ^0.8.0;

contract SimpleStorage {
  uint256 public storedData;

  function set(uint256 x) public {
    storedData = x;
  }

  function get() public view returns (uint256) {
    return storedData;
  }
}

Step 8: Compile and Deploy the Smart Contract

1. Compile the Contract:

truffle compile

2. Deploy the Contract:

• Create a new migration script in the migrations directory. Name it 2_deploy_contracts.js.
• Add the following code:

const SimpleStorage = artifacts.require("SimpleStorage");

module.exports = function (deployer) {
  deployer.deploy(SimpleStorage);
};

- Run the migration:

truffle migrate

Step 9: Interact with the Deployed Contract

1. Open the Truffle Console:

truffle console

2. Interact with the Contract:

let instance = await SimpleStorage.deployed();
await instance.set(42);

let value = await instance.get();
console.log(value.toString()); // Should print '42'

Congratulations! You have successfully set up your Solidity development environment, written a simple smart contract, and interacted with it using Truffle and Ganache.

How to Set Up Your Development Environment for Solidity was originally published in CoinsBench on Medium, where people are continuing the conversation by highlighting and responding to this story.

Solidity is a statically-typed programming language specifically designed for writing smart contracts that run on the Ethereum Virtual Machine (EVM). As the backbone of Ethereum, it enables developers to create decentralized applications (dApps) that harness the power of blockchain technology. In this post, we’ll delve into the core aspects of Solidity, including its use cases, contract structure, and key programming concepts.

What is Solidity?

Solidity is an object-oriented programming language influenced by C++, Python, and JavaScript, tailored for developing smart contracts on the Ethereum blockchain. Smart contracts are self-executing contracts with the terms directly written into code, facilitating, verifying, or enforcing the performance of a contract.

Use Cases of Solidity

1. Decentralized Finance (DeFi): Creating protocols for lending, borrowing, and trading without intermediaries.
2. Non-Fungible Tokens (NFTs): Developing unique digital assets for art, gaming, and collectibles.
3. Decentralized Autonomous Organizations (DAOs): Automating organizational governance and decision-making.
4. Supply Chain Management: Enhancing transparency and traceability in logistics.

Contract Structure

A basic Solidity contract consists of the following parts:

pragma solidity ^0.8.0;

contract MyContract {
  // State variables
  uint public myNumber;

  // Constructor
  constructor(uint _initialNumber) {
    myNumber = _initialNumber;
  }

  // Functions
  function setNumber(uint _newNumber) public {
    myNumber = _newNumber;
  }

  function getNumber() public view returns (uint) {
    return myNumber;
  }
}

Key Components:

• Pragma: Specifies the version of Solidity.
• Contract: Defines the contract name and encapsulates state variables and functions.

Variables and Types

Solidity supports various data types:

• Boolean: bool
• Integer: int and uint
• Address: address
• String: string
• Bytes: bytes
• Fixed-size Arrays: uint[10]
• Dynamic Arrays: uint[]

Functions

Functions define the behavior of the contract. They can be public, private, internal, or external, dictating their accessibility.

function exampleFunction() public pure returns (string memory) {
  return "Hello, World!";
}

Function Visibility

• Public: Accessible by anyone.
• Private: Only accessible within the contract.
• Internal: Accessible within the contract and derived contracts.
• External: Can only be called from outside the contract.

Modifiers

Modifiers alter the behavior of functions. Commonly used for access control.

modifier onlyOwner() {
  require(msg.sender == owner, "Not the contract owner");
  _;
}
function restrictedFunction() public onlyOwner {
  // Function logic
}

Operators

Solidity includes various operators for arithmetic, comparison, and logical operations.

• Arithmetic: +, -, *, /
• Comparison: ==, !=, ≥, ≤, >, <
• Logical: &&, ||, !

Conditionals

Control flow uses if-else statements.

function checkNumber(uint _number) public pure returns (string memory) {
  if (_number > 10) {
    return "Greater than 10";
  } else {
    return "10 or less";
  }
}

Arrays

Arrays can be fixed or dynamic.

uint[] public dynamicArray;
uint[5] public fixedArray;

Structs

Structs allow grouping related data.

struct Person {
  string name;
  uint age;
}

Person public person = Person("Alice", 30);

Events

Events facilitate logging and are useful for off-chain interaction.

event NumberChanged(uint oldNumber, uint newNumber);

function setNumber(uint _newNumber) public {
  emit NumberChanged(myNumber, _newNumber);
  myNumber = _newNumber;
}

Error Handling

Solidity provides require, assert, and revert for error handling.

function withdraw(uint _amount) public {
  require(_amount <= balance, "Insufficient balance");
  balance -= _amount;
}

Inheritance

Solidity supports inheritance, allowing contracts to inherit properties and functions from other contracts.

contract Parent {
  uint public parentNumber;
  function setParentNumber(uint _number) public {
    parentNumber = _number;
  }
}

contract Child is Parent {
  function getParentNumber() public view returns (uint) {
    return parentNumber;
  }
}

That’s it! now you can write solidity code for more confidently

Belajar Django Framework (pengenalan) — Django adalah sebuah web framework yang di tulis dalam bahasa python yang digunakan untuk membantu pembangunan aplikasi web yang berkualitas. Django menyediakan berbagai kemudahan yang mana mengurangi banyak pekerjaan yang biasa dilakukan dalam pengembangan web.

Tutorial ini dibuat untuk developer maupun pemula yang ingin mempelajari bagaimana cara membangun sebuah website yang berkualitas dengan menggunakan Django dengan berbagai fitur dan kemudahan yang di tawarkannya.

Sebelum melanjutkan, pastikan kamu telah memahami dasar bahasa pemrograman python berbasis objek (OOP): control structures, data structures, variables, classes, objects, dll.

Mengenal django

Django adalah sebuah high-level Python web framework yang membuat pengembangan jadi lebih cepat dan terstruktur.

Sejarah dari django

• 2003 − Dimulai oleh Adrian Holovaty dan Simon Willison sebagai project internal di Lawrence Journal-World newspaper.
• 2005 − Dirilis pada Juli 2005 dan dinamakan Django, sama dengan gitaris jazz Django Reinhardt.
• 2005 − Cukup tangguh untuk menangani website dengan traffic yang tinggi
• Saat ini − Sekarang django adalah project open source dengan kontributor dari seluruh dunia.

Filosofi desain

Django hadir dengan filosofi desain berikut:

• Loosely Coupled − Django bertujuan membuat setiap elemennya dapat berdiri sendiri
• Less Coding − Mengurangi kode sehingga proses pengembangan menjadi cepat
• Don’t Repeat Yourself (DRY) − Semuanya dibuat dalam sekali dan tidak mengulanginya secara terus menerus
• Fast Development − Filosofi Django adalah melakukan semua yang dapat dilakukan dengan memfasilitasi pengembangan yang sangat cepat.
• Clean Design − Secara ketat mempertahankan desain yang clean di seluruh kodenya dan membuatnya mudah untuk mengikuti best practice

Kelebihan

Berikut adalah beberapa keuntungan menggunakan Django

• Object-Relational Mapping (ORM) Support − Django menyediakan perantara antara model data dan database engine, serta mendukung banyak sistem database termasuk MySql, Oracle, Postgres, dll. Django juga mendukung database NoSQL melalui Django-nonrel. Untuk sekarang, satu-satunya database NoSQL yang didukung adalah MogoDB dan google app engine
• Multilingual Support − Django mendukung website dengan multibahasa melalui sistem internasionalisasi yang ada. Jadi kamu bisa mengembangkan situs web yang akan mendukung banyak bahasa.
• Framework Support − Django memiliki dukungan bawaan untuk Ajax, RSS, Caching dan berbagai framework lainnya.
• Administration GUI − Django menyediakan antarmuka pengguna siap pakai yang bagus untuk aktivitas admin.
• Development Environment − Django hadir dengan server web yang ringan untuk memfasilitasi development dan pengujian aplikasi.

Metode MVC — MVT

Seperti yang telah diketahui, django adalah web framework Python. Dan seperti kebanyakan framework modern lainnya, django mendukung metode MVC. Pertama mari kita lihat apa itu metode Model-View-Controller (MVC), kemudian kita akan lihat django untuk metode Model-View-Template (MVT).

Ketika berbicara tentang aplikasi yang menyediakan UI (web atau desktop), biasanya kita berbicara tentang arsitektur MVC. Dan seperti namanya, metode MVC didasarkan pada tiga komponen: Model, View, dan Controller

Yang disebut dengan Model bagian yang berurusan dengan database. View adalah bagian antarmuka atau bagian depan aplikasi, segala sesuatu yang diproses dalam sistem akan ditampilkan pada view, sedangkan Controller adalah bagian yang menangani atau mengenengahi antar model dan view, jadi controller lah yang berperan sebagai pengendali dari sebuah sistem.

MVT pada Django

Model-View-Template (MVT) sedikit berbeda dari MVC. Perbedaan utama antara dua metode adalah bahwa Django sendiri menangani bagian Controller (Code yang mengontrol interaksi antara Model dan View) langsung dengan template. Templatenya sendiri adalah file HTML yang digabungkan dengan Django Template Language (DTL).

Diagram berikut mengilustrasikan bagaimana masing-masing komponen metode MVT berinteraksi satu sama lain untuk melayani permintaan user

Programmer membuat Model, View dan template kemudian URL akan dipetakkan dan Django melakukan tugasnya untuk menyajikannya kepada user.

Nah itulah pengenalan untuk sekarang, diartikel berikutnya kita akan memasukki bagian coding untuk mempelajari Django lebih dalam lagi. Di akhir pembelajaran kita akan membuat sebuah project sederhana dari nol menggunakan Django. Pastikan kalian tetap mengikuti artikel ini jika kalian tertarik untuk mempelajari Django dalam pengembangan web. Sekian dulu saya ucapkan terima kasih dan sampai jumpa.

Sumber: https://technozee.my.id/belajar-django-framework-pengenalan/

5 Langkah mendeploy laravel ke Heroku — Pada saat kamu mengerjakan project Laravel tentunya di tahap akhir kamu ingin membuat project web tersebut dapat diakses dari internet, tapi sebelum itu mungkin kamu ingin memastikan apakah semua fungsi web yang kamu buat tersebut dapat berjalan dengan normal sesuai yang di inginkan.

Oleh karena itu, untuk melakukan pengujian tersebut kamu tidak perlu langsung mengupload project ke server production. Daripada itu, cukup gunakan semacam layanan hosting/cloud yang gratis seperti Heroku

Heroku adalah platform cloud. Artinya, kamu tidak perlu khawatir tentang infrastruktur, kamu hanya fokus pada aplikasi kamu.

beberapa fitur Heroku:

• Deployment Instan dengan Git push — build aplikasi kamu dilakukan oleh Heroku menggunakan skrip build
• Banyak sumber daya Add-on (aplikasi, database, dll.)
• Proses penskalaan — penskalaan independen untuk setiap komponen aplikasi kamu tanpa memengaruhi fungsionalitas dan performa
• Isolasi — setiap proses (alias dyno) sepenuhnya terisolasi satu sama lain
• Logging dan Visibilitas Penuh — akses mudah ke semua output logging dari setiap komponen aplikasi kamu dan setiap proses (dyno)

Heroku menyediakan tutorial yang ditulis dengan sangat baik yang memungkinkan kamu memulai dalam beberapa menit. Juga mereka menyediakan 750 jam komputasi pertama secara gratis yang berarti kamu dapat memiliki satu proses (alias Dyno) tanpa biaya. Juga kinerjanya sangat bagus misalnya aplikasi web sederhana yang ditulis dalam node.js dapat menangani sekitar 60–70 permintaan per detik

Baca juga: 7 Daftar layanan hosting gratis terbaik 2021 (recommended)

Table of Contents

• Berikut 5 Langkah mendeploy laravel ke Heroku
• 1. Siapkan project laravel atau buat baru
• 2. Siapkan Heroku CLI
• 3. Buat file Procfile dan push project ke Heroku
• 4. Menambahkan konfigurasi pada file .env
• 5. Konfigurasi Database

Berikut 5 Langkah mendeploy laravel ke Heroku

1. Siapkan project laravel atau buat baru

Langkah pertama, kamu perlu menyiapkan project Laravel yang akan di deploy atau kamu bisa buat baru dengan mengetikan perintah berikut di terminal/cmd

composer create-project — prefer-dist laravel/laravel newProject

Setelah siap, masuk ke directory laravel kamu

2. Siapkan Heroku CLI

Pastikan sudah ada Heroku CLI pada komputer kamu, jika berlum terinstall silahkan buka link dibawah

https://devcenter.heroku.com/articles/heroku-cli#download-and-install

Download dan install Heroku Installer berdasarkan OS komputermu

Setelah Heroku berhasil terinstall, kembali ke terminal/cmd dan coba login dengan akun Heroku milikmu

heroku login

Akan muncul tampilan halaman login di browser dan jangan lupa klik tombol loginnya

Jika berhasil akan muncul tulisan seperti ini:

Apabila gagal bisa login dengan perintah berikut, masukkan email & password seperti login pada umumnya

heroku login -i

3. Buat file Procfile dan push project ke Heroku

Pada tahap ini, kamu perlu membuat Procfile (file konfigurasi heroku) di dalam folder utama project Laravel, masukkan kode berikut

web: vendor/bin/heroku-php-apache2 public/

Setelah itu save lalu kembali ke terminal/cmd dan ketikkan

git init

Untuk melakukan git initiation, lalu ketik perintah berikut untuk membuat app pada heroku kamu

heroku create

Kamu akan mendapatkan nama aplikasi dan nama repository seperti berikut

Setelah itu, lakukan commit dan push project ke Heroku dengan perintah

git add .
git commit -m “Initial Commit”
git push heroku master

Sekarang project Laravel kamu telah berhasil di-deploy, kamu bisa melihatnya di dahsboard heroku

Kamu bisa buka web yang telah di deplo tadi, tetapi pasti akan muncul pesan error 500, itu karena kita belum mengatur konfigurasi pada file .env

4. Menambahkan konfigurasi pada file .env

Pada tahap ini kita akan menambahkan beberapa pengaturan web didalam Heroku, klik menu Settings didalam app pada dashboard Heroku

Kemudian klik Reveal Config Vars

Tambahkan beberapa konfigurasi dari file .env pada project Laravel

APP_NAME=Shortlink
APP_ENV=production
APP_KEY=base64:hNKt9MqPA1/C2G1Ar4oCAIqF7y95oWDmJcjmtGQns3k=
APP_URL=http://arcane-thicket-31872.herokuapp.com
CACHE_DRIVER=cookie
SESSION_DRIVER=cookie

Maka hasilnya akan seperti ini

Sekarang jika kita membuka aplikasinya dengan mengklik Open app, sudah tidak akan ada error lagi

Baca juga: 5 Tips belajar pemrograman untuk pemula

5. Konfigurasi Database

Langkah terahkhir yang harus dilakukan adalah menyetting database, jadi kita bisa melakukan migrasi pada Heroku. Untuk menggunakan MySql pada Heroku akan dikenakan biaya oleh karena itu, kita akan menggunakan database PostgreSQL karena gratis.

Pertama, klik menu Resources kemudian di bagian Add-ons klik Find more add-ons, kamu akan diarahkan ke halaman Add-ons

Pilih Heroku Postgres

Setelah itu, kita akan diarahkan ke halaman baru dan klik tombol Install Heroku Postgres pada sisi kanan

Setalah menglik tombol install kita akan di suruh memilih plan, tidak perlu di ganti apa2 langsung klik Provision add-on

Setelah selesai, kita bisa melihat Heroku Postgres ada di menu Resources pada dashboard

Kembali ke terminal/cmd dan ketikkan

heroku run php artisan migrate

Untuk menjalankan migrasi database pada aplikasi Laravel seperti biasa melalui Heroku

Selesai! sekarang aplikasi Laravel kamu sudah siap berjalan dan diakses oleh siapa saja

Semoga postingan ini bermanfaat, saya ucapkan terima kasih dan sampai jumpa

Sumber: https://technozee.my.id/5-langkah-mendeploy-laravel-ke-heroku/