This document outlines the standards and best practices for blockchain and Web3 development projects at Bayat.
- Ethereum: Primary platform for DeFi and NFT projects
- Solana: For high-throughput applications requiring low transaction fees
- Polygon: For Ethereum-compatible projects requiring lower gas fees
- Other EVM-compatible chains: Based on specific project requirements
- Solidity: Primary language for Ethereum and EVM-compatible chains
- Rust: For Solana development
- Move: For specific use cases on supported chains
-
Audit Requirements:
- All production contracts must undergo at least one professional audit
- Internal security review before external audit
- Automated analysis using tools like Slither, Mythril, or Echidna
-
Secure Patterns:
- Use the Checks-Effects-Interactions pattern to prevent reentrancy
- Implement access control using OpenZeppelin's AccessControl or similar
- Never use tx.origin for authentication
- Always check function return values
-
Gas Optimization:
- Pack variables to minimize storage slots
- Use memory instead of storage where appropriate
- Optimize loops to reduce gas costs
- Consider batch operations for multiple state changes
-
Coverage Requirements:
- Minimum 95% code coverage for all smart contracts
- Include unit, integration, and scenario-based tests
- Test edge cases and potential attack vectors
-
Testing Environment:
- Use Hardhat/Foundry for Ethereum development
- Use Anchor for Solana development
- Implement mainnet forking tests for DeFi interactions
-
Wallet Connections:
- Support multiple wallets (MetaMask, WalletConnect, etc.)
- Implement proper error handling for failed transactions
- Provide clear transaction status feedback
-
Transaction Management:
- Implement proper nonce management
- Handle gas estimation and potential gas price fluctuations
- Provide transaction acceleration options
- Clear separation of concerns between on-chain and off-chain components
- Minimize on-chain storage and computation to reduce costs
- Document hybrid architecture decisions and trade-offs
- Default to immutable contracts when possible
- For upgradeable contracts, use the proxy pattern (EIP-1967 or similar)
- Document upgrade procedures and governance processes
- Follow standards (ERC-20, ERC-721, etc.) for maximum compatibility
- Document cross-chain interaction patterns when applicable
- Standardize interface implementations
- NatSpec comments for all public and external functions and state variables
- Architecture diagrams showing contract interactions
- Clear description of state machine transitions when applicable
- Clear explanations of transactions and their implications
- Gas cost estimates for common operations
- Security considerations for end-users
- Multi-signature requirement for production deployments
- Deployment verification and post-deployment testing
- Contract verification on block explorers
- Development: Local blockchain or testnet
- Staging: Public testnet (Goerli, Mumbai, etc.)
- Production: Mainnet
- Event monitoring for critical contract events
- Price monitoring for oracles and assets
- Gas price monitoring for transaction optimization
- Documented incident response procedures
- Circuit breaker patterns for emergency situations
- Communication templates for security incidents
- Guidelines for DAO implementation when applicable
- Voting mechanism standards
- Proposal and execution flows
- Region-specific compliance requirements
- KYC/AML integration standards when required
- Data privacy considerations