EVM 101: a guide for aspiring blockchain developers

Photo by Kanchanara on Unsplash

EVM 101: a guide for aspiring blockchain developers

Ethereum Virtual Machine (or EVM for friends) is the main piece of software responsible for running the Ethereum blockchain and all other forks that came from it (Binance Smart Chain, Polygon, Fantom, etc). It will perform transactions as every other blockchain but can also run code from smart contracts.

What is a smart contract? | Coinbase

Smart contracts

Smart contracts have a full life-cycle where they can be deployed, perform tasks and self-destruct – despite it's not very common. Smart contracts by themselves can't start transactions automatically as they don't act as wallets (i.e they don't pay fees).

In EVM, smart contracts are written in Solidity. You can think of smart contracts as any class in Java, Rust, Go or any other strongly-typed language. This is what it looks like:

Transactions

When interacting with smart contracts, every potential change in the state of the blockchain implies paying fees for that. For example, if you are sending BUSD from your address to another one, the BUSD smart contract will deduct the value from your balance and increase the recipient's balance with something like that:

_balances[sender] -= amount;
_balances[recipient] += amount;

In essence, every mathematical operation (and here is the list of all OPCODEs) has a fixed cost in Gas and the price of Gas is determined by the network. So as a developer, one of your concerns is related to how much your code costs for the users. You should always look for the best solution in terms of gas usage and avoid writing expensive code.

Standards

The first and most used standard is ERC20, a standard for fungible tokens, like BUSD. Another standard that is very known these days is ERC721, most known as NFTs, and is used for representing unique and non-fungible tokens. These tokens implement mechanisms to perform transfers, minting, burning and everything that you should be able to do with the blockchain's native coin.

The most notable organization behind the development of open standards is OpenZeppelin, but most of the code related to smart contracts is open source and the community is working hard to build better standards and protocols.

Frameworks

When developing smart contracts, you should probably be using a framework to help you with that. Tools for helping you to develop smart contracts vary according to the programming language that you prefer. For example, Hardhat is the best framework if you like using JavaScript/TypeScript. If you are a Python programmer, you'll probably like using Brownie.

These tools will help you develop smart contracts by providing better compilation, testing and creation of custom scripts. You can test all the smart contract functions with JavaScript, TypeScript, Python or even Solidity. Using a framework with good test coverage is essential to avoid deploying smart contracts with security breaches – which brings us to the next topic.

Security

I bet you already saw lots of news about people getting hacked and losing millions of dollars worth of cryptocurrencies, that's why security must be your main concern when delivering code for blockchains. As the blockchain works around cryptocurrency transactions, in essence, all methods in your smart contracts (that change state) will result in moving assets from one wallet to another(s).

There are a lot of best security practices you must be tuned into before deploying your first production smart contract. One of them (probably the easiest to commit when starting with blockchain development) is the reentrancy vulnerability. Because of how the EVM will run your smart contract code, it's possible to call the same function from your contract from another contract while the function is still running, and that's why it's called reentrancy. That can be a huge issue if your smart contract performs external calls before changing its state (see CEI pattern). If you want to know more about it, click here.

To avoid delivering unsafe code, good testing habits will be your best friend in this journey. Please test everything and think outside the box. Every mistake can cause losses of funds for lots of people.

Yet another Re-entrancy attack - What's keeping us from being a better Smart  Contract Developer? - DEV Community

Market

Blockchain is a very promising area for tech people. There are a lot fewer professionals in the market than what the market needs. You can work developing smart contracts, auditing, managing communities, doing consulting, trading... The possibilities are near to infinite.

There are new projects every day and lots of people want professionals to fulfill their needs. You can even create your own project and earn money. If it's considered useful for people, I swear to you, people are going to pay for it. Most of the projects launching today are either useless or will fail unfortunately due to bad management or technical debt.

Final thoughts

I strongly recommend you follow the Hardhat stack. It's the most complete framework today and will help you a lot as a blockchain developer. For helping you to find vulnerabilities, there are a lot of automated tools like Slither and Mythril. But remember, having real professionals from good auditing companies like Hacken will help you to secure your code and keep funds safe.