The creation of this list of Ethereum Development Tools, Frameworks, and Libraries came from a need to organize my arsenal of Blockchain Development weapons. This organization will help new and experienced Ethereum developers better understand what tools and frameworks to use and how to use them.
Frameworks
Frameworks are used to speed Smart Contract development and automate certain tasks.
Most popular Ethereum Smart Contract development, testing, and deployment framework.
So, to install truffle, it is important to make sure that Node.js and npm are installed by using the Node Version Manager (nvm).
Once nvm is installed, run the following command to install node.js
$ nvm install --ltsTo confirm that node.js was successfully installed, run
$ node -v
v8.9.4
$ npm -v
5.6.0To install truffle, run
$ npm install -g truffle
+ truffle@4.0.6
installed 1 package in 37.508sTo Unbox a specific truffle project named BOX_NAME, run
$ truffle unbox BOX_NAME
Go to the Truffle Boxes webpage to find a list of boilerplates available to bootstrap any Smart Contract development project.
Project Initialization
To initialize a basic truffle project, inside a working directory (Project) run
Project $ truffle initThis command will create a file structure similar to this
Project
+------ contracts
| `----- Migrations.sol
+------ migrations
| `----- 1_initial_migration.js+------ test
+------ truffle-config.js
Truffle Configuration
To configure truffle, open the truffle-config.js file and paste the following code:
module.exports = {
networks:{
localnode: { // Whatever network our local node connects to
network_id: "*", //Match any network ID
host: "localhost",
port: 8545
}
}
}In the configuration above, we set up a default Ethereum network named “localnode”. This configuration tells Truffle to communicate with “localnode” over RPC via port 8545. This configuration will also use any network the node is connected to (mainnet, Ropsten, Rinkeby, etc.)
Let’s create a Smart Contract called “Project.sol” and add it to our contracts folder
Project
+------ contracts
| ----- Project.sol
| `----- Migrations.sol
+------ migrations
| `----- 1_initial_migration.js+------ test
+------ truffle-config.js
Truffle Compilation
To compile our Smart Contract, let’s run
Project $ truffle compile
Compiling ./contracts/Project.sol...
Compiling ./contracts/Migrations.sol...
Writing artifacts to ./build/contractsTruffle Deployment/Migration
Smart Contract deployment is referred to as Migration in truffle and many other development frameworks. The migrations directory is where we will write our deployment/migration scripts.
Project
...
+------ migrations
| `----- 1_initial_migration.js...Let’s take a look at 1_initial_migration.js
var Migrations = artifacts.require("./Migrations.sol");
module.exports = function(deployer){
deployer.deploy(Migrations);
}To deploy our Project.sol, we will need a second migration script. We will call it 2_deploy_project.js
The migrations folder will look like this.
Project
...
+------ migrations
| `----- 1_initial_migration.js
| ----- 2_deploy_project.js...The content of 2_deploy_project.js will be similar to this:
var Project = artifacts.require("./Project.sol");
module.exports = function(deployer){
deployer.deploy(Project);
}To migrate/deploy our contracts, let’s run
Project $ truffle migrate --network localnode
Using network 'localnode'.
Running migration: 1_initial_migration.js
Deploying Migrations...
... 0x800705369a9244e399250574B7f8Fa41F81CbcCc
Migrations: 0xbE896b86C5c293bc7fB2186B2bd04C21D481f199
Saving successful migration to network...
... 0xbE896b86C5c293bc7fB2186B2bd04C21D481f199
Saving artifacts...
Running migration: 2_deploy_project.js Deploying Project...
... 0x800705369a9244e399250574B7f8Fa41F81CbcCc
Project: 0xbE896b86C5c293bc7fB2186B2bd04C21D481f199
Saving successful migration to network...
... 0xbE896b86C5c293bc7fB2186B2bd04C21D481f199
Saving artifacts...
Truffle Console
To activate the truffle console, run
Project $ truffle console --network localnode
truffle(localnode)>
To check our wallet and list all accounts associated, via the web3 object, run
truffle(localnode)> web3.eth.accounts
['0x800705369a9244e399250574B7f8Fa41F81CbcCc',
'0xbE896b86C5c293bc7fB2186B2bd04C21D481f199']
To check the balance of the first account, run
truffle(localnode)> web3.eth.getBalance(web3.eth.accounts[0]).toNumber()
191198572800000000
truffle(localnode)>
To check the address of the Smart Contract, run
truffle(localnode)> Project.address
'0x800705369a9244e399250574B7f8Fa41F81CbcCc'
truffle(localnode)> web3.eth.getBalance(Project.address).toNumber()
0
truffle(localnode)>
To send some ether to the Project Smart Contract, run
truffle(localnode)> web3.eth.sendTransaction({from:web3.eth.accounts[0],
to: Project.address, value:web3.toWei(0.5, 'ether')});
'0xbE896b86C5c293bc7fB2186B2bd04C21D481f199'If we check back the balance of the contract,
truffle(localnode)> web3.eth.getBalance(Project.address).toNumber()
500000000000000000
truffle(localnode)>To withdraw some test ether from the contract, run
truffle(localnode)> Project.deployed().then(instance => { instance.withdraw(web3.toWei(0.1, 'ether'))}).then(console.log)
truffle(localnode)> 400000000000000000
OpenZeppelin is a combination of frameworks and libraries used to build standardized and secured blockchain applications. This development framework is suited for Smart Contract development on the Ethereum Blockchain, is licensed under an MIT license, and provides all the building blocks for any Ethereum project.
This Ethereum development Framework provides libraries of secured, tested, ready-to-use Smart Contract standards, in various categories: access, finance, governance, metatx, proxy, security, and of course token. (ERC20, ERC721, etc.)
Quick Start With OpenZeppelin Framework
Let’s expand on our previous truffle project called “Project” and create an ERC20 token Smart Contract using the OpenZeppelin framework.
To install OpenZeppelin Contracts, CD into the “Project” directory, and then run
cd Project
Project $ npm install @openzeppelin/contractsNow, let’s create a new smart contract called MyToken.sol inside the “Project/contracts” directory
Project $ touch contracts/MyToken.solInside that file, paste the following code
pragma solidity ^0.8.0;
import "@openzeppelin/contracts/token/ERC20/MintableToken.sol";
contractMyToken isMintableToken {
string public name = "MY TOKEN";
string public symbol = "MYT",
uint8 public decimals = 18;
}The advantage of using OpenZeppelin lies in the fact that a Smart Contract developer can easily implement a mintable token feature, by simply importing the battle-tested MintableToken.sol from the library (line 2) and using inheritance to transfer its functionalities to MyToken (line 3).
Embark is a framework for building Decentralized applications. It integrates nicely with Ethereum, Whisper, Swarm, IPFS, etc.
To install Embark, run
$ npm install -g embark
0xcert is a Javascript framework for building decentralized applications.
Blockchain Development Languages
Solidity is an object-oriented language for implementing smart contracts on the Ethereum blockchain.
Vyper is a New experimental pythonic programming language.
Bamboo is a morphing Smart Contract Language built to reduce side effects and increase auditability of Smart Contracts.
LLL is a low-level Lisp-like Language written with Python-like syntax.
Ethereum Development Environments
Remix is a Web IDE environment that allows developing, deploying, and administering Smart Contracts for the Ethereum Blockchain.
Visual Studio Code
Visual Studio Code is a code editor for building and debugging web and cloud-based applications. The visual Studio Code Extension adds support for Solidity
Pragma
Pragma is a very simple web IDE for solidity that generates Smart Contracts interfaces automatically.
Libraries
Web3.js is a JavaScript API for communicating with Ethereum clients via JSON-RPC.
Eth.js is an alternative to Web3.js
Web3j is a Java and Android library for integration Ethereum clients and Smart Contracts.
Nethereum is a .Net integration library for Ethereum.
Web3.py is a python library for communication with the Ethereum network. It is maintained by the Ethereum Foundation.
Decentralized Storage
IPFS stands for InterPlanetary File System and is a decentralized file storage system. IPFS-Store expands IPFS to offer search capabilities.
Swarm is a distributed storage platform and content distribution service.
Decentralized Messaging
Whisper is a communication protocol that allows Decentralized Applications to talk to each other.
Blockchain Testing Networks
Ganache is a local test blockchain that developers can use to deploy and test smart contracts. It comes with a CLI
To install its CLI, run
$ npm install -g ganache-cliOnce ganache-cli is installed, you can spin an instance of the blockchain, like this
$ ganache-cli \
--networkId=3 \
--port="8545" \
--verbose \
--gasLimit=8000000 \
--gasPrice=400000000 \Kaleido is a permissioned blockchain platform that spins up a consortium blockchain network. It combines the simplicity of SaaS with performance and global reach.
Blockchain Security Tools
MyThril is a Security analysis tool for EVM bytecode. Supports smart contracts built for Ethereum, Hedera, Quorum, Vechain, Roostock, Tron, and other EVM-compatible blockchains. It detects security vulnerabilities in smart contracts and uses a symbolic execution.
Installation
$ docker pull mythril/myth
//or you can do
$ pip3 install mythrilExecution
$ myth analyze <solidity-file>
//or$ myth analyze -a <contract-address>Below is an example of an output to expect
> myth project.sol
==== Unprotected Selfdestruct ====
SWC ID: 106
Severity: High
Contract: Projecct
Function name: commencekilling()
PC address: 354
Estimated Gas Usage: 574 - 999
The contract can be killed by anyone.
Anyone can kill this contract and withdraw its balance to an arbitrary address.
--------------------
In file:project.sol:22
selfdestruct(msg.sender)
--------------------
Transaction Sequence:
Caller: [CREATOR], data: [CONTRACT CREATION], value: 0x0
Caller: [ATTACKER], function: killerize(address), txdata: 0x9fa299ccbebebebebebebebebebebebedeadbeefdeadbeefdeadbeefdeadbeefdeadbeef, value: 0x0
Caller: [ATTACKER], function: activatekillability(), txdata: 0x84057065, value: 0x0
Caller: [ATTACKER], function: commencekilling(), txdata: 0x7c11da20, value: 0x0
Slither is a static analyzer framework for Solidity, written in Python3.
It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses. – Slither
Installation
//Using Python3+
$ pip3 install slither-analyzer
//Using Git
$ git clone https://github.com/crytic/slither.git && cd slither
$ python3 setup.py install
//Using Docker
$ docker pull trailofbits/eth-security-toolbox
Execution
// To run Slither on a Truffle/Embark/Dapp/Etherlime/Hardhat project
$ slither .
//To run Slither on a single file
$ slither contracts/Project.sol
SolGraph Visualise Solidity control flow for smart contract security analysis. it generates a DOT graph that visualizes function control flow of a Solidity contract and highlights potential security vulnerabilities.
Installation
$ npm install -g solgraph
// Depending on your permission, you may need to add unsafe-perm flag
$ sudo npm install -g solgraph --unsafe-perm=true --allow-rootExecution
Let’s use the following contract
contract Project {
uint balance;
constructor() {
Mint(1000000);
}
function Mint(uint amount) internal {
balance = amount;
}
function Withdraw() {
msg.sender.send(balance);
}
function GetBalance() constant returns(uint) {
return balance;
}
}To generate the DOT Graph, run
$ solgraph Project.sol > Project.dot
strict digraph {
Project
Mint [color=gray]
Withdraw [color=red]
UNTRUSTED
GetBalance [color=blue]
constructor -> Mint
Withdraw -> UNTRUSTED
}To render the DOT file as an image,
$ brew install graphviz
$ dot -Tpng Project.dot -o Project.pngNodejs Module
import { readFileSync } from 'fs'
import solgraph from 'solgraph'
const dot = solgraph(fs.readFileSync('./Project.sol'))
console.log(dot)
/*
Foo
Bar
Foo -> Bar
*/
