0

Shipping your first dApp

By now, you are likely to have consumed some of the content from the Learn section, or maybe even participated in your first hackathon. Participating in workshops is great, but taking the leap to building your first dApp can be difficult.

Why now? The world is slowly realizing the importance and benefits of permissionless data—that is, data that is not owned by a few large players, but is rather decentralized and transparent. While it’s still early in the world of blockchain development, building applications is the best way we can help the community and ecosystem move forward, and give you the chance to participate in Web3.

Here are some pointers to keep in mind:

  • Play to your strengths. If you are particularly skilled in one area, focus on that. For example, if you are backend-focused and don’t have a ton of frontend experience, choose tools that have out-of-box boilerplate templates, such as Moralis. This will help you iterate faster and ship sooner. You can brush up on other skills later.

  • Build your team. If you are participating in an event, seek out teammates in the event’s forums. Like you, other participants will look for complimentary skills to strengthen their efforts. If you are building outside of an event, create a project roster to attract others. Places like devpost are great for this.

  • Use boring solutions. Dan McKinley has some wise words for us in his Choose Boring Technology post. If you come across a problem while building your dApp, it’s likely that others before you have come across it and have found a solution that works well. To iterate faster, choose those solutions. The Blockchain Ecosystem is a great place to learn about all the products in the blockchain space.

#

Stack

Before choosing the stack for your project, in addition to your specific strengths and end-goals, you will also want to consider important factors such as community size, support, and documentation. Generally, you will want to choose the stack that allows you to iterate and ship faster. You can focus on optimizations later.

For smart-contract coding, you should choose the language you feel most comfortable with. Use this reference table to get started. markdown: extra: true

EVM ChainsSolana
LanguageSolidity - (based on javascript)Rust
C
C++
Common frameworksHardhat - (javascript)
Brownie - (python)		Anchor
StorageIPFS
AWS
Azure
GCP		Arweave
AWS
Azure
GCP
Popular starter kitsMoralisdapp-scaffold
Common frontendsAngular
Chakra UI
React
Vue		Angular
Chakra UI
React
Vue
#

Security

Smart contracts (regardless of the specific blockchain they are on) are extremely flexible. They have the ability to hold large amounts of value (often millions of billions of USD) and execute immutable code. There are countless advantages from both the transparency and decentralization of the system, however, the high value held by these contracts also attracts countless attacks. Attackers look to profit both from the vulnerabilities found in smart contracts as well as the blockchains they run on.

Smart contracts are different from other software programs in that once created, they cannot be changed to patch security flaws. This is the nature of the immutability of the blockchain. Once attacks occur, value extracted by the attacker cannot be recovered by its original holders. As of this writing, over $1.85 billion USD has been extracted by attackers across blockchains.

As is the case with any software workflow, you must ensure that your smart contracts are tested thoroughly in both development and test environments (testnets), but in addition, you must be aware of common attack types and the solutions and best practices that can be used to mitigate attacks and help you deploy secure smart contracts.

In addition to the tools listed in the Blockchain Ecosystem, it’s important to be familiar with the most common attack types. These include;

  • Re-entrancy
  • Source of randomness
  • Oracle manipulation

Get familiar with these attacks and read more at the Consensys Smart Contract Known Attacks page.

#

Auditing

While security starts with the first line of code written by developers, having a third party audit your smart contracts prior to shipping them is always a good idea. While this is not a replacement for development best practices, it has become a must before deploying to a mainnet.

Some of the most popular auditing teams include

#

Examples and Inspiration

If you’ve made it all the way here, you are likely thinking about what to build. Here are some great projects that started with a simple idea and built a full-fledged dapp.

  • Rupya - Zero collateral lending platform with a focus on seamless lending for agriculture. 🧑🏽‍🌾
  • NUSIC: NFT Music Bonds - Royalty bearing NFT music bonds, powered by a streaming data oracle network.
  • Crypto Adventure - Choose Your Own Adventure (CYOA) game platform written to take advantage of Web3.
  • SavePanther - Mint exclusive NFT collectibles for raising funds to protect endangered panthers.
  • Meta Capsule - Infrastructure for fashionb rands and merchandisers interested in bringing their physical collection to life in the metaverse.
  • Soleil - A way to incentivise both growths of the entire solar industry with one transaction and of a decentralised off-chain public feed of solar energy production data for all to use

Find even more inspiration over at Devpost.

nextnext icon
Go to "Learn"