Enterprise Blockchain Development in 2020: The 4 most important things (you didn’t know!)

Today I want to talk about 4 things you didn’t
know about Blockchains, Hyperledger, Ethereum and general Smart Contract Development. First I’ll show you around the new Enterprise
Ethereum Node under the Hyperledger Umbrella. Then we’ll setup a consortium network using
Docker, so you can easily replicate that in AWS or Azure or port it over to Kubernetes
and run it on an elasic kubernetes service or google’s kubernetes service. After that I’ll show you sweet stuff for your
development environment. We’re going to supercharge your workflow. You don’t want to miss this part, believe
me! And finally we’re talking about code quality,
Security, Audit and the most comprehensive list of Development tools out there you can
find today. Stay tuned – we’re going hands on and we’re
taking a deep dive. NUMBER 1: There is an Ethereum Node that is
perfect for enterprises and large organizations which challenges Corda, Quorum and Hyperledger
Fabric. If you are a developer, you probably know
the XKCD comic. There are 14 competing standards. Which is rediculous. Let’s try to create one universal standard. Soon later: There are 15 competing standards. It’s not so different with Ethereum Nodes. There are different implementations of the
Ethereum Protocol in different languages: Geth, for example, is written in Go. Parity is written in Rust. They both do pretty much the same thing, give
or take: they are blockchain nodes. And there were a lot more of those nodes in
the past – Ethereum came a long way already. Some of them are deprecated and forgotten. ## What does that have to do with Hyperledger
or Quorum? In 2018 PegaSys released a new Ethereum node,
implemented in Java. Java is usually more targeted towards Enterprise
customers and use cases, so, needless to say, they were going after Enterprise customers
as well. Their implementation was called Pantheon. I actually made a video about that before,
because I personally like the client and the approach very much. I think Java attracts a lot more developers
than Rust for example. In September 2019 they migrated their Project
over to Hyperledger under the new name: Hyperledger Besu. Besu, former Pantheon, includes several consensus
algorithms including Proof of Work, Proof of Authority, and IBFT, and has comprehensive
permissioning schemes designed specifically for uses in a consortium environment. So, Hyperledger Besu is essentially an Ethereum
Node for Enterprise customers with all the features you would expect from an Enterprise-grade
blockchain. This makes Besu a Quorum, Fabric and Corda
challenger. If you are developing blockchain solutions,
then you probably will love the next thing: NUMBER 2: It takes about 1 Minute to start
working on your own Private Consortium Chain with an enterprise grade Node Implementation. Surely, some will say, that is not new. After all there is Ganache or similar tools. They are all great. But they are only simulating an Ethereum Blockchain,
they are not 100% real node implementations. Not battle tested. Side note: This video is not a paid promotion
of Besu. I’m including it, because I found it useful. If you are familiar with Docker then starting
your own hyperledger besu network with some nodes, a block explorer and other services,
is really easy. They put together a really nice walkthrough! It’s not all bells and whistles, and it’s
not 100% working out of the box for my development environment, but it’s fairly easy to adapt! And in unter 1 minute you have your private
blockchain with several participating nodes and everythings setup, which usually takes
longer in any other blockchain node out there. Let’s see how it works! Basically I’d do it like this: [handson part] 1. Clone their repository 2. Edit the .env file, copy the address from
my MetaMask extension address to the miner. So my MetaMask receives the funds from mining. 3. Edit the docker-compose.yml file to open the
right ports to the host system: 4. Start the blockchain with Docker-Compose. If you don’t know how Docker works, then there
is a link to a 2 hour comprehensive docker hands-on tutorial I created just last month. 5. The last things is to Deploy the smart contracts
either using Truffle or directly with Remix from your MetaMask That’s it. It’s really as easy as that! And you get a full block explorer on top. Like this one. NUMBER 3: Development using Frameworks and
Debugging isn’t as hard as it sounds at first When you do any software development, you
are probably used to a proper IDE, code highlighting, intellisense-style code completion, step by
step debugging and many more features. This is fairly standard with languages like
Java, JavaScript, Python, PHP and many more. But how does that work with Solidity? Given, most of the current Solidity development
tools are not as mature as tools like IntelliJ for Java Development, or a full blown visual
studio for C#, but they came a long way already. So, when you are used to developing your Smart
Contracts purely in a text editor or in the online-version of remix, then here might be
some alternative setups to supercharge your smart contract development in 2020. When using VSCode then you have access to
a few interesting Extensions. My favorite is still the Solidity Visual Auditor
together with the dark theme. The theme itself might be not everyones flavor. But the extension helps tremendously reduce
errors and increase readability, with an integrated linter and many more features I expect to
have when writing code which is basically immutable. If you didn’t know the extension then check
it out. Next is Truffle. If you don’t used it so far then consider
using truffle for your next project or current project. Truffle comes with many features that ease
the life of a smart contract developer. The best feature is the fully integrated testing
suite. Never forget Unit testing your smart contracts
and with truffle that’s really really easy. How I use truffle to do Unit-Testing? Let’s check it out. 1. Create a new truffle project with truffle
init and 2. edit the config file to have a development
network connect with ganache 3. Add your Smart contracts as usual. Ideally with VSCode of course. 4. Add a unit tests 5. open ganache 6. run the unit tests and await the results. If I’m working in teams and we use github,
then I’ll check in the whole folder, except the build and node_modules folder, and everyone
can and should run these unit tests. On top you can have a full blown CI/CD pipeline. It’s really convenient. Obviously, there should be unit-tests for
everything. But how do you define “everything” exactly? In other major languages there are test coverage
reports. Luckily, there is something similar in Solidity
as well. For this I’m using solidity coverage. [solidity coverage report] 1. install solidity coverage using npm 2. run solidity coverage 3. open the HTML report. I’m using the http-server, another npm package
for this, but you can probably just open it in a browser. It’s just my habit. Truffle also comes with a developer console
to directly interact with your smart contracts or even debug your smart contracts step by
step. You can create new instances or debug transactions. It’s really convenient to know the tools from
the inside out. Let’s see any example: 1. I have this smart contract here. And imaging I’m going to update this variable. I have to send off a transaction. 2. First I’ll connect using truffle console. That connects to an open network 3. I’ll create a new instance of my smart contract 4. I can simply interact with my smart contract. Then I can debug that transaction step by
step. 5. I can enter the debug command and the truffle
debugger will open up. 6. It allows me to jump step by step into the
functions. And on top of that, I’ve started using tenderly
in combination with truffle, to know where exactly my smart contracts are failing. Whenever a transaction fails then usually
I don’t see the exact location or reason in the code. With proxying the RPC calls through tenderly
I get the exact line where the transaction fails. It saves me some time. Let’s have a look how that works: 1. I start tenderly. Tenderly sits between ganache and truffle. It’s a proxy. So make sure your truffle config is connecting
to tenderly, not to truffle. 2. Then I start my truffle console 3. Let’s see this smart contract here. You can see that I have a require here. Let’s trigger that. 4. We create the new instance 5. We send off the transaction. 6. The transaction fails, but let’s see what
tenderly tells us. It show us the exact location of the error. Now, in 2020 there is really no reason to
use notepad for creating HTML sites anymore. The same is true for solidity development. Even if you don’t like VScode, then you can
use the new Remix desktop. It’s remix, as we all know and love it, but
as a Desktop App. You can browse your favorite projects on your
disk, use the integrated compilers and also the integrated blockchain. That means you can make use of all the great
features you know from the online version, like the debugger or the security tools and
other extensions. I heard soon you can use it 100% offline,
which makes it a great companion on travels as well. NUMBER 4: Security, Audit and standardized
workflows is not a huge pain (actually) Ethereum and solidity have a somewhat problematic
history, that’s not a secret. Two years ago the development tools were by
far not mature enough to really help avoid costly bugs. And, considering that smart contracts are
immutable once deployed, meaning you can’t change them once they are running, it just
had to lead to a few desasters here and there. Costly desasters. And also the community wasn’t always happy
with the way problems were resolved. This is not so much the case anymore. There are not only better tools, like truffle,
but also great resources to learn about best practices, existing pitfalls and more. I’m a big fan of the newsletter https://weekinethereumnews.com/. It’s my weekly read on news around Ethereum. I’m literally waiting for it. Thanks Evan, I hope you keep up the good work! Security wise I’m usually reading a lot on
reddit, the ethdev and ethereum reddits, and I’m looking for community insights. One thing I can recommend is the consensys
github repository talking about the smart contract best practices There the Solidity Recommendations and known
attacks are a bare minimum to know for every Ethereum Blockchain Developer. These attacks are so well known that you will
find a copy of those also in the Solidity documentation. But I like this site more, since it’s so clearly
only about Smart Contract best practices and not just another chapter in the Solidity docs. The second page worth a scan through is the
Smart Contract Weakness Classification and Test Cases. https://swcregistry.io/ It’s a collection
of typical weaknesses and their pendant to classical CWE, the common software security
weaknesses. Static analyzers are also getting better and
better. ConsenSys and their projects are usually following
a freemium model, so is their static analysis and auditing software Mythx, where the Pro
version is paid. https://mythx.io The free version checks for
the most obvious things like Use of Deprecated Solidity Functions or Unprotected SELFDESTRUCT
Instructions, but leaves out the good stuff. That is Reentrancy or Transaction Order Dependence
and many other things only available in the Pro version. It’s still worth a try, since it’s easy to
install and gives a nice report. The other thing is standardized smart contracts. There is no need to re-invent the ERC20 smart
contract in 2020. If you want to launch a system that uses tokens,
or use any other standardized smart contract or library like the SafeMath library, then
why not use an existing template? OpenZeppelin did an amazing job at this. All you have to do is install them through
npm in your exising truffle project. Their smart contracts will be installed in
the node_modules folder and there is a lot of them available. Then import, for example the SafeMath Library
– or any other of their contracts – into your smart contract. And then simply use it. That’s it. It’s really that simple. I’m sure I didn’t mention the one or the other
thing, so let me include the longest and most comprehensive list of developer tools for
Etheruem you can find out there. It’s a github repository with all the good
stuff you can possibly imagine. So, now it’s your turn. Let me know in the comments which of these
five production hacks you’re going to try first: Tenderly or the Solidity Visual Auditor
Plugin! For more like this, subscribe to this channel
and I hope I’ll see you in the next videos!

4 thoughts on “Enterprise Blockchain Development in 2020: The 4 most important things (you didn’t know!)”

  1. Excellent video, very informative! Thanks so much for sharing this. Would be curious to hear your thoughts about Truffle Teams, currently in beta…


Leave a Reply

Your email address will not be published. Required fields are marked *