Developer Mindset - Reading Assignment

1. Why does smart contract development require a different mindset than regular programming?

Because of cost of failure, publicity of contracts and complexity of upgrades.

2. Argue with your own words why clarity in your code is more important than performance.

Because of facilitating of code review process. Not only by team but by you as well. It’s really important to scan code fast and totally understood all the flow and ideas.

3. As the article says, all data and functions are public in a smart contract. What false beliefs might someone have around private data and private functions in a smart contract that could have dangerous consequences?

The private data in a smart contracts is also viewable by anyone. Any of public functions can be called maliciously.

4. Why do you think all the fundamental principles mentioned in the article comes down to tradeoffs?

Because we can’t combine all their edge cases in one smart contract. We always should choose tradeoffs between them. The more convenient way of design usually can consist more potential errors. Less convenient way can be less complex and consists less errors, but it can be very complex for changes.

1. the risk is higher
2. performance use avanced programing technique which the developper need to do the workflow in his head e.g recursive function. So much thing to memorise, to think. Therefore, you can miss potential bugs.
3. Believe that private functions and private data cannot be call by public functions.
4. Performance is more fun than clarity

1. Because regular programming can deploy the software in regular basis, but smart contract is different. The cost of failure can be high and the change can be difficult
2. If our code is clear, it’s easier to track the vulnerabilities / potential code by just looking at the code
3. Commonly private data and functions can be accessed within the class it self, and isolated from being accessed externally. But with smart contract, everything is public
4. Because they need to be tailored according to what best suited for the project

Hi, here’s my answers:

1. Why does smart contract development require a different mindset than regular programming?

• Smart contract deals with real money => financial risk is very high risk
• Smart contract code is public, so code with bugs is deadly dangerous
• The immutability of blockchain and “code is law” make it very hard to fix bugs and upgrade smart contract

2. Argue with your own words why clarity in your code is more important than performance.
Smart contract code is small piece of code on the blockchain and takes care of real money, it’s supposed to be simple, straight-forward and run tasks only if they are required to be decentralized.

Because of high financial risk, the benefit of high performance code is very small compared to clean code.

So clarity in code is essential to make sure the money is safer.

3. As the article says, all data and functions are public in a smart contract. What false beliefs might someone have around private data and private functions in a smart contract that could have dangerous consequences?
They might assume that by creating functions and variables with visibility private will make these functions and variables to be invisible to people.

Without knowing these codes are always visible to people and open to be exploited, they might store sensitive data in smart contract or create important functions like generating randomness using block data which can be manipulated by miners.

4. Why do you think all the fundamental principles mentioned in the article comes down to tradeoffs?

Because these fundamental principles make sure developers create smart contracts with security best practices in mind, they might disregard software engineering best practices to serve the purpose of security, of lowering financial loss.

Tradeoffs are inevitable, so developers should take these practices into consideration depending on specific situations (for example, complexity but upgradeable vs. simplicity but safer) while developing new smart contracts.

!. Smart contract development requires a different mindset because of the huge consequences that come with failure. You are being trusted with a lot of money and imagine if your contract failed with no upgradeability inside of your contract.

2. Clarity in code is more important, to me, because with clear code bugs can be addressed in clear manner with less likely of a chance for errors. when code is clear and modularized it makes for navigating the code and bug fixing that much more simple.

3. A false belief could be that the private data is not viewable by the public, but is.

4.I think fundamental principles come down to tradeoffs mostly because as bugs are discover and the security best practices improve you will have to write your code based on your predictions on what bugs may arrive and what problems you may want to live with solving vs the ones you do not.

1. Why does smart contract development require a different mindset than regular programming?

• There is a lot of money at stake with smart contracts. Many developers are not used to the idea that their code moves hundreds of thousands of dollars, or more.
• Many developers are not used to writing code that can rarely be updated to fix bugs

2. Argue with your own words why clarity in your code is more important than performance.
Having simple, easy to read code is more important because it allows someone else to read the code without much trouble, makes testing easier by not needing to write complex scenarios, and makes finding problems simpler.

3. As the article says, all data and functions are public in a smart contract. What false beliefs might someone have around private data and private functions in a smart contract that could have dangerous consequences?
Using the word ‘private’ doesn’t mean hidden. Your code is still visible to anyone who wants to read it.
4. Why do you think all the fundamental principles mentioned in the article comes down to tradeoffs?
I think finding an appropriate balance for your particular use case is a more accurate description of how we need to view the principles discussed.

1. Because changing contracts can be difficult and failures have high cost since we are responsible for people’s money.

2. Clarity of code is paramount due to different reasons. Firstly, it makes easier for other people reviewing your code to review it minimising the risk something may slip their review. Additionally, complex, unclear or code that is trying to do too much at once may be vulnerable to loopholes or bugs which one may not be aware of because the technology is new. Additionally, it makes testing or implementing incremental contracts and correcting them easier since if something goes wrong it is easier to spot than if the code is complex and unclear thus wasting time for inspection or auditing trying to figure out what is going wrong.

3. One is connecting them with external contracts which may result in malicious code creeping into ours which can have fatal consequences, One may think that private data and functions are not publicly viewable but they are. The only difference is in their execution and who can call, engage or initiate with them. If the function or data is public then anyone can initiate it. If private then it can only be initiated from within or through another public function that is linked to it.

1. It requires different mindset, because smart contracts are new and highly experimental. New bugs, security risks and best practices are developed all the time and change quickly.

2. When we try to create code with better performance, we usually need to make it more complicated and complicated code has a higher chance of having bugs.

3. People may think that just, because function or variable is private it is not visible to anyone, which is wrong. All private functions or variables are still visible to anyone, but they are only restricted by who can call them.

4. We as a developers need to find the best balance possible between security, performance, upgradeability, modularity and other things. If we want to have more secure code it will probably have to have a bit worse performance.

1. Because unlike a standard program, you are dealing with peoples money and an exploit or failure could mean the loss of a lot of money, furthermore if you screw up a smart contract and didn’t implement a way to update it then you cant change it and you are stuck with a faulty contract forever, which is really bad.

2. Because a slow code that is clear to understand and easy to work on keeps the target on focus and helps you get rid of bugs and unexpected behavior, whereas some code that is super fast but really confusing to read and/or work on spreads bugs and increases the chance of making mistakes.

3. If you think like a regular programmer or an outsider you might get the idea of putting as much info as possible directly in the different functions of a smart contract or you might treat data as hidden and private thus causing a major data leak and it might be very dangerous for everyone using that contract.

4. Because there is not a fast, easy, super efficient and safe way to write any piece of code anywhere so you need to have an idea on what you want to accomplish and how to create a better smart contract that people might find reliable and safe.

1. Why does smart contract development require a different mindset than regular programming?
   Failing comes at a high cost, & changing things is harder.
2. Argue with your own words why clarity in your code is more important than performance.
   Clarity in code eliminates complexity (or it’s at least easier to read and understand.). The more clear something is, the easier it will be to figure a problem out if there is a problem.
3. As the article says, all data and functions are public in a smart contract. What false beliefs might someone have around private data and private functions in a smart contract that could have dangerous consequences?
   If it’s on the blockchain it will be (or is) public. If something is in a smart contract, it’s probably publicly available, therefore this could be dangerous for any user/customer of a smart contract if they have false pretenses when using said smart contract.
4. Why do you think all the fundamental principles mentioned in the article comes down to tradeoffs?
   There needs to be a good balance in creating a smart contract, in order to achieve a good balance tradeoffs do need to happen to accomplish the end goal of creating and deploying the smart contract you’re creating.

1. Why does smart contract development require a different mindset than regular programming?
   Quite simply, it comes down to risk and the consequence of failure. Because the ecosystem is new and constantly changing, it’s hard to identify vulnerabilities. Because the code itself can transfer value, the cost of failure is uniquely high.

2. Argue with your own words why clarity in your code is more important than performance.
   Again, it comes down to risk. Clarity in code is synonymous with simplicity, which reduces vulnerability. When the cost of failure is high, it is impractical to focus on performance over security.

3. As the article says, all data and functions are public in a smart contract. What false beliefs might someone have around private data and private functions in a smart contract that could have dangerous consequences?
   Bad actors are out there ready to exploit vulnerabilities that we may have not even considered. Better to operate with the mindset that no data is private.

4. Why do you think all the fundamental principles mentioned in the article comes down to tradeoffs?
   Because we constantly must balance security and performance, and this is particularly difficult in a new ecosystem which is constantly changing, carries high cost of failure, and in which some vulnerabilities cannot even be predicted.

• Why does smart contract development require a different mindset than regular programming?
  Because there is a much higher cost for error in Smart Contract Development. As well as relative immutability of code once the contract is deployed to the blockchain.

• Argue with your own words why clarity in your code is more important than performance.
  Simplicity is best especially in terms of using libraries and proven code resources instead of reinventing things oneself. The more we ‘create’ where not necessary, the more room for error.

• As the article says, all data and functions are public in a smart contract. What false beliefs might someone have around private data and private functions in a smart contract that could have dangerous consequences?
  To somebody uneducated, the comparison between public and private keywords can be very misleading. Public can be perceived to be available to anyone and private can be perceived to be available to potentially only developers and the core team. We know however, that a private variable stored on the blockchain is not private at all.

• Why do you think all the fundamental principles mentioned in the article comes down to tradeoffs?
  In an evolving technology, I think developers are still discovering balance between the core concepts mentioned in the article. We want to be very conscious of security but not too rigid that we leave no room for growth, and not too open that we invite more risk of error and attack, for one example.

1. Because smart contracts handle funds and the blockchain ecosystem is rapidly evolving.
   2.A cleaner implementation is less prone to errors than a complex one, making it easier for the developer to fix additional bugs due to better understanding of the code.
   3.“Private” usually means something known or used only by a person/a restricted number of people. When it comes about smart contracts though, the data that we consider “private” can be actually viewed by anyone.
2. Because at the end of the day it matters what you want to achieve, therefore you should choose a smart contract system that suits your requirements.

1. Of course, smart contracts handle money so hackers are very motivated to look for vulnerabilities. This makes security and testing as a blockchain developer ultra important.

2. Clear code will help you understand all the functionality of your contract and its potential bugs. While it is great to have high performance, that performance should be achieved with simplicity and security in mind.

3. Private functions might lead someone to believe that the code itself, and the data that it manages, is hidden from the public. This is false of course, and while private functions are great for clamping down on what the function can do, they should still be tested and scrutinized for vulnerabilities just as a public function would be. This is especially true since public functions within your contract can call private functions, which can lead to vulnerabilities.

4. Like in question 2, malleability (or flexibility) of the contract can cause complications, especially with security. The two need to be properly balanced as too much of one will probably result in too little of the other.

1. Why does smart contract development require a different mindset than regular programming?

Security is paramount in smart contract development as opposed to other programming paradigms, where it is more of an afterthought. This is because once a smart contract is deployed, it is challenging and expensive to change. As a result, developers must take extra care to ensure that their contracts are secure and bug-free before deployment.

Another key difference is that smart contracts are immutable - once deployed, they cannot be changed. This means that developers must think carefully about every aspect of the contract before deploying it. They also need to account for future changes and make sure that the contract can be easily upgraded if necessary.

Finally, smart contracts run on a decentralized network (usually Ethereum) which brings its own challenges. For example, developers need to account for network congestion and high transaction fees.

In summary, smart contract development requires a different mindset because of the extra security considerations, the immutability of contracts, and the decentralized nature of the Ethereum network.

2. Argue with your own words why clarity in your code is more important than performance.

The clarity in code is more important than performance for smart contracts because of the immutable nature of contracts. Once a contract is deployed, it cannot be changed. This means that if there is an error in the code, it will be extremely difficult and expensive to fix. As a result, it is essential that smart contract code is clear and easy to understand. Performance is secondary to clarity because even if a contract is not the most efficient, it can still function correctly as long as the code is clear. In contrast, if a contract has errors in the code, it may not work at all or could lead to security vulnerabilities.

3. As the article says, all data and functions are public in a smart contract. What false beliefs might someone have around private data and private functions in a smart contract that could have dangerous consequences?

There are a few false beliefs about private data and functions in smart contracts that could have dangerous consequences. Firstly, some people believe that they can create truly private data or functions by using encryption. However, this is not the case - all data and functions on the Ethereum blockchain are public. As a result, any information that is encrypted can be decrypted by anyone with the right tools. Secondly, some people believe that they can hide information by storing it off-chain. However, this is also not possible - all data stored on the Ethereum blockchain is public. As a result, any information stored off-chain can be easily accessed by anyone. Finally, some people believe that they can create truly private contracts by using a permissioned blockchain. However, this is also not the case - all smart contracts on Ethereum are public. As a result, anyone can access and view the code of a smart contract, even if it is stored on a permissioned blockchain. In summary, any information that is stored on the Ethereum blockchain is public and can be easily accessed by anyone. This includes data, functions, and smart contracts. As a result, it is important to be careful about what information is stored on the Ethereum blockchain.

4. Why do you think all the fundamental principles mentioned in the article comes down to tradeoffs?

The tradeoffs mentioned in the article come down to the different goals of smart contract development. The first goal is clarity, which is more important than performance. The second goal is security, which is more important than functionality. The third goal is decentralization, which is more important than scalability. These tradeoffs exist because each goal has different priorities. Clarity is more important than performance because errors in code can be extremely costly to fix. Security is more important than functionality because smart contracts can hold large amounts of money and need to be secure to avoid theft or fraud. Decentralization is more important than scalability because Ethereum is a decentralized platform and needs to be able to handle a large number of transactions without centralized points of failure. In summary, the tradeoffs mentioned in the article come down to the different goals of smart contract development.

1. Why does smart contract development require a different mindset than regular programming?

• because we manage a lot of other people and institutions assets, one simple mistake can cost hundreds of millions.

2. Argue with your own words why clarity in your code is more important than performance.

• if the code is clean, and if developer is not able to detect a bug, the chances are much higher that someone else will find the bug before the release of the code into production if the code is clean.

3. As the article says, all data and functions are public in a smart contract. What false beliefs might someone have around private data and private functions in a smart contract that could have dangerous consequences?

• if developer thinks that he/she can store some secrets by using private modifiers or anything other construct in smart contracts, it is completely false, since by default all information is public, and will be discovered sooner or later by hackers/exploits.

4. Why do you think all the fundamental principles mentioned in the article comes down to tradeoffs?

• malleability characteristics such as Killable, Upgradeable or Modifiable come with additional risks and more attacks surfaces.
• modular does not mean secured
• best practices of software engineering does not equal to security eather.

Because in a smart contract development there are constant changes, new bugs and security risks are discovered and new best practices are developed. That’s why, the mindset should be different. Contracts are public, it’s very difficult to change code and because there is high cost of failure since the contract manages real money.

I think is more important because when you want to fix a bug, it will be much easier to find the errors because variables, functions are well named. Also for other programmers will be useful especially when they re-used a code. The would rapidly identify what the code is about.

Is to think that you can store personal information, key’s ID, addresses, passwords or any other sensible information and anybody can’t see them.

Because there must be a balance between structure or performance of the contract but also security.

1 - SC programming is a new area that changes rapidly and smart contracts tend to directly manage funds. As such, developers need to be alert to new changes in the technology we use and to new bugs and exploits that are discovered every day. In addition to this, smart contract upgrading can only be done under certain circumstances and making a contract upgradeable diminishes the appeal of the inmutability offered by the blockchain, so in cases where upgrading code is not an option, testing needs to be especially extensive.
2 - Both clarity and performance are important, but in SC development, clarity is vital not only for good practices and mantaining code, but for auditing as well. Clear code allows auditors to easily detect errors often hidden under layers of unreadable code. Also, properly communicating the intent of our code is incredibly important because it allows the auditor to find errors in the code that can be hidden if the intent is not clear.
3 -
a) Private data structures are hidden: They are only for other contracts, but anyone can easily find the value of any private variable by checking the contract storage.
b) External functions can only be called by people and not by contracts: External functions can be called from anything outside of the contract, contracts and people alike.
4 - Some principles are opposed to each other (like gas optimization and code clarity, or ). Our aim must always be to find a healthy balance that does not leave any visible weaknesses.

1. Smart contract development requires a different mindset because the landscape of smart contract development such as the solidity languages, libraries and practices are relatively new. This landscape has not gone through the decades of use and best practice development of traditional type of programming and software development.

2. Clarity in your code is more important than performance because of maintainability and future use. In the situation where you have an issue with your contract or other contracts that import yours or interact with your contract, clarity is important so that these other stakeholders and maintainers of the contract can easily understand, isolate any issues so that they can be resolved. Additionally, simplicity and clarity is important if you wish to have other developers adopt or integrate into your contract.

3. Because there are certain ways to permissions or access controls to functions or state variables , there are dangerous consequences where secrets or other sensitive data may be stored on chain which could be readable by malicious actors. Its best assume that if the data should never be viewable then it should not be on chain.
   4.The fundamental principles mentioned in the article all come down to tradeoffs because it all depends on the use case and the risk. Depending on what you are trying to do with your contract and the risk associated with what could go wrong will drive you to where you want to be on the spectrum of risk vs functionality.