OpenZeppelin’s Post

Why Strict Pragma is preferred over Floating? 🤔 When it comes to Solidity in Ethereum, using a strict pragma is like sticking to a set plan, while floating pragmas are a bit more like going with the flow. Pragmas are like instructions for the compiler, telling it which version of Solidity to use when compiling your smart contracts. So, a strict pragma is like saying, "Hey compiler, use version 0.8.20, no ifs, ands, or buts." On the other hand, a floating pragma might say, "Compiler, anything from version 0.8.0 and up is cool, but no 0.9.0 yet, okay?" Now, why pick strict over floating? Well, floating pragmas can be risky. They might accidentally let you deploy contracts with outdated or buggy compiler versions, which isn't great for security. Imagine you're building a house, and you want to use the latest and sturdiest materials. If you're not careful and just go with whatever's available, you might end up with some dodgy old bricks that crumble at the slightest breeze. So, sticking to a strict pragma is like saying, "I want only the best materials, no compromises." It keeps your contracts safer and more stable. Floating pragmas can also cause problems: 1. **Backward Compatibility:** Newer compiler versions might change how things work, making your existing code behave differently or even break. 2. **Accidental Use of New Features:** Floating pragmas might accidentally pick up new experimental features, which could be risky if you're not familiar with them. 3. **Delay in Security Fixes:** If you're floating along, you might miss out on important security updates until you manually update your pragma and recompile your contracts. So, while floating pragmas might seem easygoing, sticking to a strict plan with your pragma is usually the smarter move for keeping your contracts solid and secure. #ethereum #solidity #blockchain #SmartContracts

Never mind a buggy Nethermind? Ethereum validators hit by bug. CoinDesk reports: "A bug in Ethereum's Nethermind client software – used by validators of the blockchain to interact with the network – knocked out a chunk of the chain's key operators on Sunday." The lesson drawn in the cryptoverse? "It was a manageable incident, but the episode revived a long-simmering debate in the Ethereum ecosystem around the need for "client diversity." Some experts took the opportunity to point out how bad things could have been if another client software, Geth, the chain's most popular execution client, had gone out; the question is whether Ethereum could have kept going since Geth stands out as a possible single point of failure for the network. Nethermind powers around 8% of the validators that operate Ethereum, and this weekend's bug was critical enough to pull those validators offline. Ethereum stayed up and running despite the issue, and Nethermind's developers released a patch fixing things within hours. The main consequence of the bug was that modest financial penalties fell onto some Nethermind-based validators, but the Nethermind incident followed a similar outage earlier in January that impacted Besu, the client software behind around 5% of Ethereum's validators." About those "modest financial penalties": its the cost of participating in the cryptoverse, taking a loss for someone else's fault. "The back-to-back outages have reignited a spirited discussion on X, the platform formerly known as Twitter, around Ethereum's persistent problem with client diversity. The idea is that the network becomes more resilient if it's not dependent on any single client software. Around 85% of Ethereum's validators are currently powered by Geth, and the recent outages to smaller execution clients have renewed concerns that Geth's dominant market position could pose grave consequences if there were ever issues with its programming. Geth, which stands for "Go Ethereum," is primarily developed and maintained by the Ethereum Foundation, the main nonprofit that supports Ethereum development. Geth hasn't been totally immune from bugs (no software is), but it has never suffered from a critical outage like the ones that hit Nethermind and Besu. If it did, the consequences would be far more serious for Ethereum." The cryptoverse acknowledges that bugs are inevitable, yet refuses to contemplate that maybe the price of immutability is not worth paying? After all, what's worse than buggy software that causes losses? Buggy software that causes immutable losses! If you thought this problem is peculiar to Ethereum: ""Almost all other chains don't have the type of client diversity that Ethereum has," Hwang told CoinDesk in an interview. "Most are just running on one client."" So much for no single point of failure through decentralisation. https://lnkd.in/gXEh7Fwk

🚀 BlockDB Roadmap Update 🚀 We’re excited to share the journey we’re on at BlockDB! Our mission is to empower Web3 builders by providing fast, reliable on-chain data. Here's how we’re getting there: 🔧 Now - December: We’re hard at work building the infrastructure for our project. 👩💻 December: Global Beta Testing begins! We’re inviting Web3 developers to test our #MVP. This is your chance to help us shape the future of decentralized data. Your feedback—positive or critical—will be vital as we adjust and improve. 🛠 January/February: Adjustments based on your feedback. This stage is all about fine-tuning our product to make sure it meets your needs. 🚀 March/April: Product Launch with a Free Trial! Builders, this is your moment. We’re offering a global free data trial for your projects. All you need to do is chat with us about your idea, and you’ll gain free access. 🔄 Ongoing: Continuous improvements—we’re committed to adjusting and growing to deliver the best data services in Web3. 💡 Join us on this journey! Follow us to stay up to date, and don’t miss the chance to join our Global Beta Tests or try our free data trial! #Web3 #Blockchain #Developers #BetaTesting #DecentralizedData #BlockDB #Builders #FreeTrial #DataProvision

As a conscientious backend developer or blockchain expert, it is imperative to recognize the paramount importance of security and scalability, particularly in the realm of web3 technologies. Amidst my exploration into the intricacies of web3, I have come to a profound realization: security and decentralization stand as foundational pillars, fundamentally shaping the landscape of this emerging domain. In light of this revelation, I feel compelled to share with fellow developers a commitment—a pledge, if you will—toward upholding the highest standards of security practices within our development endeavors. Allow me to articulate this commitment as follows: "I solemnly swear to adhere to rigorous security protocols in my development practices, recognizing the inherent risks associated with handling private keys, secret phrases, or mnemonics within .env files, especially those linked to real funds. Henceforth, I vow to confine the storage of private keys within .env files exclusively to those associated solely with testnet cryptocurrencies, such as ETH or LINK. Furthermore, in the pursuit of rigorous testing and development, I pledge to utilize distinct wallets for experimentation, separate from those housing my real funds. I acknowledge the grave consequences of inadvertent exposure, understanding that even a momentary lapse, such as an accidental push to GitHub or inadvertent disclosure online, could compromise the security of my assets. In instances where uncertainty arises regarding the presence of real funds within an account, I pledge to err on the side of caution, presuming the account to indeed contain real funds and refraining from utilizing it for developmental purposes. Moreover, I recognize the nuances surrounding the generation of accounts within wallets like MetaMask, wherein the creation of additional accounts shares a common secret phrase or mnemonic. Armed with this awareness, I commit to exercising utmost prudence in managing and safeguarding these essential components of account security." Let us collectively embrace this commitment to fortify the integrity of our web3 applications, ensuring that security remains paramount in our pursuits of innovation and decentralization. #Web3Security #DecentralizationCommitment #CryptoDevelopment #SecureCoding #BlockchainEthics #ApplicationIntegrity #SoftwareDevelopment

Wow, what a journey, started this course few weeks (months) ago and I've finally finished it... What I learned during this Cyfrin Updraft journey: - DeFi: coded my first stablecoin and learned key features - DAO : what is a governor and voting system... - Security: Unit, fuzzing stateless/statefull, formal verification (happy to know what is a symbolic execution) - NFT: coded my first dynamic NFT (so cool) - Upgradeable SC & proxy: Woot, be careful how you use delegate call ;) - and a ton of interviews, links and tips... I can only recommend this course and many thanks to the legend Patrick Collins and his team for this incredible content... Let's jump in Smart Contract Security and Auditing course 🚀 #Cyfrin #web3 #blockchain #security

Stellar Network Introduces Smart Contracts The Stellar Development Foundation (SDF) has introduced smart contracts on the Stellar network, aiming to revolutionize its tech stack. The Stellar Development Foundation (SDF) has announced the implementation of smart contracts on the Stellar network. According to the SDF, this would help to usher in “a new era” for its respective technology stack. Stellar network validators successfully implemented the “Protocol 20” upgrade, which enabled additional smart contract capabilities and initiated the progressive distribution of the SDF’s smart contract platform, which […] Stellar Network Introduces Smart Contracts #blockchain #DeFi #SmartContract

Stellar Foundation Plans Smart Contract Upgrade Stellar Foundation disarmed validators to delay Protocol 20 vote acknowledging a discovered bug on January 25. In response to the discovery of a flaw in Stellar Core version 20.1.0, the Stellar Development Foundation (SDF) has scheduled an upgrade of the smart contract capabilities on the Stellar blockchain by the end of the month. Stellar Foundation explained in a blog post published on January 27 that they deci ded to disarm their validators to support the postponement of the Protocol 20 […] Stellar Foundation Plans Smart Contract Upgrade #Altcoin #Payments #SmartContract

For you who are interested in Blockchain coding the following could be of interest. The documentation is clear and concise, the goals are admirable. Rust based. Check it out https://lnkd.in/dp9jQRYt

🚀 Are you building a web3 game on Arbitrum and in need of reliable Random Number Generation (RNG)? Look no further! API3 provides a robust oracle service for RNG. Seamlessly integrate it into your project with the following resources: 🔗 Arbitrum RNG Oracle: https://lnkd.in/gEBWiWvT 🔗 API3 RNG: https://lnkd.in/gzcXhS3R Supported on multiple chains: - Ethereum - Arbitrum - Avalanche - Base - Blast - BNB Smart Chain - Fantom - Gnosis Chain - Metis - Optimism - Polygon Enhance your game's randomness with trusted support across these platforms! 🎮✨ #Web3 #Blockchain #Gaming #RNG #API3 #Arbitrum #DeveloperTools #BlockchainDevelopment

Hey everyone, I'm absolutely thrilled to share a moment of joy with you all – my first ever merged pull request (https://lnkd.in/grRZz45C) in an open-source project! 🚀 The project in question is the Chainlink Documentation (https://docs.chain.link/), and let me tell you, it's a milestone I'm proud of. Now, this wasn't your run-of-the-mill documentation grammar fix (though there's nothing wrong with those – every contribution counts!). Nope, this was a bug fix. You see, the Chainlink documentation's search bar had a shortcut for Ctrl/Cmd + K as an accessibility option. But here's the catch – the displayed shortcut was Cmd + K, without consideration for the user's OS platform. A small bug, sure, but fixing it felt like scaling a mountain for me, especially as a beginner diving into such a significant project. This bug came to my attention while I was using the Chainlink documentation for my personal blockchain project on my macOS. I noticed that the search bar's shortcut was displayed as Cmd + K, which I found neat and handy. However, being a fan of my Windows setup with multiple screens for efficiency of certain tasks, I opened it on my Windows system. To my surprise, the shortcut still showed Cmd + K, which sparked my curiosity and led me to discover this issue. For those of you itching to dive into open-source contributions yourselves, here's a roadmap I found helpful: 1. Understand the Architecture: Get familiar with the code architecture of open-source projects you're interested in. 2. Identify Bugs and Features: Scout GitHub repositories for bugs or features that need attention. 3. Check Existing Issues: Ensure the bug or feature you want to tackle isn't already being addressed by someone else. 4. Read the Docs: Take time to read through README.md and CONTRIBUTING.md (if available) to understand contribution guidelines. 5. Fork and Modify: Fork the repository, make the necessary changes in your own repository. 6. Adhere to Conventions: Respect the code owner's architecture conventions – what seems like just code to you could be precious to them. 7. Raise a PR: Follow all conventions for raising a Pull Request, and if you've done a good job, your contribution might just get merged. Celebrate! 🎉 Enjoy the satisfaction of making a meaningful contribution to an open-source project. Here's to the joy of collaboration and the spirit of open source! 🌟 Let's keep building and learning together. #opensource #firstpr #codecontribution #chainlink #contribution