You’ve just finished the development of your EOSIO smart contract and you’re ready to release it for the whole world to use. But before you do, take a step back and make sure you have all the bases covered. Deploying your contract to production is a big step with (literally) a lot at stake and can be a scary and daunting task. Especially in the blockchain world, where one regularly reads about smart contract hacks involving millions of stolen funds.
That’s why we’ve put together a checklist on things you should do before releasing your smart-contracts.
1) Follow coding best practices
Make sure that your contract follows coding best practices. This usually leads to cleaner code which in return leads makes spotting bugs easier.
2) Compile production build
If your contract has certain code paths that are only used for testing make sure they are removed or turned off by defining C++ macros for production builds.
3) Implement a safety switch
You never know if and when something will go wrong with your contract. Therefore (depending on your project) it may make sense to add a pause button that will stop all your other actions from executing.
4) Thoroughly unit-test your contract
Code rarely works perfectly the first time. The best way to catch bugs early is by writing unit tests while developing your smart contract. For EOSIO smart contracts our tool Hydra can help you with this.
5) Beta-test on a testnet
Before deploying your smart contracts to production on a main-net, roll them out to beta testers on a test-net. You'll get valuable feedback that isolated unit tests cannot provide.
6) Run automated vulnerability scanners
Running automated vulnerability scanners on your smart contract code doesn’t require much effort and results in a fast security check that can detect common vulnerabilities.
7) Code audit
If you are building a decentralized finance application or any other application that manages a lot of user funds, receiving a security audit by a team of professional security auditors is highly recommended.
8) Check account permissions and secure private keys
EOSIO account permissions can be complex. Double-check that your desired permission structure is set up on all the accounts and that you used fresh private keys.
9) Sufficient resources?
Make sure your smart contract accounts have enough CPU/RAM available. Consider borrowing resources from EOS Rex or automated resource management like @ChintaiEOS ARM.
10) Keep track of smart contract versions
When working on a new feature or maintaining the contract, its very important to know the exact code that is currently deployed. So tag the contract version in git.
11) Be careful when you deploy
It’s advisable to deploy early in your workday so that there’s enough time to test your system on production and fix potential problems that might occur.
Pushing the button to deploy your smart contracts to production doesn't have to be a scary task as long as you are sensible and follow pre-deployment best practices.
For a more in-depth look into the pre-deployment best practices download the PDF version here.