How to Create Secure Smart Contract on NEAR Protocol with Rust

By Pavlo Horbonos
04.05.2023

The growing adoption of blockchain technology and decentralized applications (dApps) highlights the importance of security in smart contract development. Developers and users alike face the challenge of ensuring that smart contracts are reliable and secure. In this article, we aim to help you understand how to create secure and dependable smart contracts on the NEAR Protocol platform using the Rust programming language. Blaize team has extensive experience in dealing with these challenges and has successfully developed secure smart contracts on the NEAR Protocol.

NEAR Protocol today is 750 active projects, 125 DAOs, and 550 thousand community members. NEAR platform nowadays isn’t the most popular network to create a smart contract with Rust but it definitely has several reasons to reckon it: low transaction cost, strong community, and, surely, a high level of security. How to reach the maximum secureness for your smart contract on Rust might be the most important answer while speaking about NEAR. Let’s take a closer look at its advantages.

We have already discussed the topic of how to choose the right blockchain for dApp development – the expert article is available.

Understanding Smart Contracts on NEAR Protocol

NEAR contract base is one of the most suitable for development. All core functionality is covered with macros, making working with memory relatively easy. Although scalability is not its strongest suit, it is an option if required. From a security perspective, there are no major vulnerabilities, except for the default ones present in any blockchain. Additionally, NEAR is capable of using the sharding mechanism, which facilitates the safe distribution of data storage requirements.

Sharding

The principle of sharding underpins the structure and development of the NEAR Protocol. Sharding is a method that breaks down a network’s design into multiple distinct nodes to lessen the computational burden on the system. Each node in the platform is responsible for handling a certain quantity of the platform’s transactions. Due to the segmentation of network nodes, data can be rapidly accessed and scaled in a decentralized network, replacing the conventional approach of requiring each node to execute the network’s code. This enables efficient data retrieval and scalability.

Low Transaction Fees

Compared to other blockchains, NEAR Protocol boasts low transaction fees, making it more accessible for developers and users alike.

User&Developer friendly Environment

The NEAR Protocol provides a developer-friendly environment, complete with comprehensive documentation and a supportive community, to facilitate a seamless development process.

Robust Tooling

Developers can take advantage of a wide range of tools and libraries provided by the NEAR Protocol, allowing for efficient and effective smart contract development.

Interoperability

The NEAR Protocol is designed to be compatible with other blockchains, which enables developers to create dApps that can interact seamlessly with various networks.

Security

Security is a top priority for the NEAR Protocol, making it an excellent choice for developers looking to create secure smart contracts.

Why Rust for Smart Contract Development

Rust is a powerful and versatile programming language, well-suited for smart contract development. Its safety and performance features make it a popular choice among developers working on blockchain projects. One of the key advantages of Rust is its ability to be used as a low-level language, allowing developers to work directly with memory.

Many other blockchains can allow themselves to avoid spending time on writing polished interfaces and instead provide developers with an unfinished API because it’s faster for them. We can see this trend in other chains like Solana, Terra, Aptos, and many others. However, NEAR is one of the minority that has invested time and effort into creating a good API for development. The core team’s dedication to providing a well-crafted interface is one of the reasons why working on NEAR is a pleasurable experience most of the time.

In addition to NEAR’s commitment to providing a high-quality API, Rust programming language offers several advantages for smart contract development, such as:

  • Strong safety guarantees, which help prevent common programming errors and vulnerabilities.
  • Excellent performance, enabling fast and efficient execution of smart contracts.
  • A supportive community and a rich ecosystem of libraries and tools.

These features make Rust an excellent choice for developers looking to create secure and reliable smart contracts on the NEAR Protocol.

Creating a Secure Smart Contract on NEAR Protocol with Rust

Using Rust programming language for smart contracts on the NEAR Protocol involves a series of steps. You’ll need to prepare your development environment and tools to get started. Here’s a step-by-step instruction on how to create and deploy a smart contract using Rust on NEAR:

Step:Description:Result:
Gather necessary tools:Ensure you have the following tools required for deploying smart contracts on the NEAR Protocol:Rust toolchain for compiling smart contractsA NEAR account to deploy and manage your smart contractsNEAR command-line interface (CLI) for interacting with the NEAR blockchainYou have all the required tools to deploy smart contracts on NEAR Protocol.
Install the Rust toolchainFollow the Rustup installation documentation to install Rust on your machine. The Rust toolchain is essential for compiling smart contracts into WebAssembly (WASM) format.The Rust toolchain is installed on your device, enabling you to compile smart contracts.
Configure your shellEnter the appropriate command to configure your shell to use the Rust toolchain. This step ensures that your system is properly set up to work with Rust.Your shell is configured to use the Rust toolchain, ensuring seamless interaction with Rust.
Integrate the WASM targetAdd the WASM target to the Rust toolchain, allowing Rust to compile code specifically for the blockchain network.The WASM target is added to the Rust toolchain, allowing you to compile code for the blockchain network.
Sign up for a NEAR accountCreate a NEAR account using the NEAR wallet. This account will be used to deploy and manage your smart contracts on the NEAR network.You have a NEAR account to deploy and manage your smart contracts on the NEAR network.
Install the near-cliInstall the near-cli tool based on your operating system (Linux, MacOS, or Windows). The near-cli is used for interacting with the NEAR blockchain and managing smart contracts.The near-cli tool is installed, enabling interaction with the NEAR blockchain and smart contract management.
Create a new project repositoryUse Cargo, Rust’s package manager, to create a new project repository. Run the necessary commands in the directory where you want to store your project files.A new project repository is created using Cargo, with the necessary directory structure and files.
Locate the main file for NEAR smart contractsThe main file for NEAR smart contracts is located at ./src/lib.rs. This file will contain the smart contract logic and will be compiled into WASM.You have identified the ./src/lib.rs file, which will contain the smart contract logic.
Edit the Cargo.toml fileUsing a text editor, access and modify the Cargo.toml file. This file is used to configure the project and manage dependencies.The Cargo.toml file is updated with the necessary project configuration and dependencies.
Create the lib.rs fileWrite the provided contents into ./src/lib.rs using a text editor. This file will hold the smart contract logic, functions, and unit tests.The lib.rs file is created, containing smart contract logic, functions, and unit tests.
Update the dependenciesIn the Cargo.toml file, update the dependencies section with the specified package names. These packages are required for working with the NEAR blockchain.The lib.rs file is created, containing smart contract logic, functions, and unit tests.
Use the struct on NEARExecute the provided commands to set up the struct in a NEAR-compatible manner. This step is crucial for creating smart contracts that work with the NEAR Protocol.The struct is set up in a NEAR-compatible manner, ready for smart contract development.
Create unit testsFollow the instructions to create unit tests that run within the lib.rs file. Unit tests ensure the smart contract logic behaves as expected.Unit tests are created and included in the lib.rs file, ensuring the smart contract logic behaves as expected.
Develop a custom testCreate a test scenario for your specific use case. Use the examples provided to build a tailored test that suits your smart contract’s requirements.A custom test is created for your specific use case, tailored to your smart contract’s requirements.
Compile the smart contractAfter thorough testing, compile the smart contract into a WASM release binary. This binary will be used for deployment on the NEAR platform.The smart contract is compiled into a WASM release binary, ready for deployment on the NEAR blockchain.
Test the smart contract codeRun cargo-based tests on the smart contract code to ensure that everything works as expected. This step verifies that the smart contract is ready for deployment.The smart contract code has been tested with cargo-based tests, ensuring proper functioning.
Ensure all tests passBefore deploying the smart contract, ensure that all tests have been completed and passed successfully.All tests have been completed and passed successfully, verifying the smart contract is ready for deployment.
Deploy the smart contractWith a compiled .wasm file, use the near-cli and the testnet linked to your NEAR account to deploy your smart contract. This step places your smart contract on the NEAR blockchain.Your smart contract is deployed on the NEAR blockchain using the near-cli and the testnet linked to your NEAR account.

By following these detailed steps, you can successfully create, test, and deploy a smart contract on NEAR Protocol.

Remember to adhere to best practices for ensuring security in smart contract development and leverage Rust and NEAR Protocol tools to test and audit your smart contract. Blaize team uses the most efficient instruments to provide our clients with the highest level of secureness.

How to Achieve The Security of Smart Contracts on the NEAR Protocol

Achieving maximum security for smart contracts on the NEAR Protocol requires addressing several specific issues. By being aware of these concerns and taking appropriate measures, you can ensure a higher level of security for your smart contracts. So to create a secure smart contract on NEAR protocol, one needs to follow these recommendations:

Managing Gas in Cross Contract Invocations

For any cross-contract invocation, you need to manually put gas into the call. This can lead to situations where gas is incorrectly counted, causing the invocation to fail. It is important to be aware of this issue, as local tests with simulations may pass with a specific gas amount, but fail on a real node. Make sure to accurately estimate gas requirements and allocate sufficient gas for cross-contract invocations.

Handling Storage Prefixes

NEAR requires you to pick a unique prefix for each container within a smart contract. This is necessary for the blockchain to detect which bits of data (all data in chains is stored in bit arrays) belong to which container inside the smart contract. There was even a public incident where an NFT was stolen because an existing prefix was used for another container. To avoid such issues, always use unique storage prefixes.

Addressing Cross Contract State Fallback

This issue is somewhat inherent to the nature of cross-contract invocations. In case of an error in a chain of cross-contract invocations, the fallback will occur only for the call where the error occurred, while previous changes in the call chain will remain. It is important to be aware of this issue and always check if a call leads to an error, making sure to revert actions as needed.

By addressing these specific concerns and following best practices for smart contract development, you can create secure and reliable smart contracts on the NEAR Protocol. Additionally, make use of Rust and NEAR Protocol tools to test and audit your smart contract to ensure its security and robustness.

Blaize Experience

Blaize is a Ukrainian blockchain development and security company with a track record of success in the NEAR ecosystem. Our accomplishments include:

  • Two wins in the Near Hack 2021, with the lending protocol for NEAR and DAO protocol for source reputation validation.
  • Omomo protocol: A complex TradeFi platform for spot trading. Platform with three functional modules: lending pools, limit orders over Ref.Finance and margin trade built upon previous modules. Within the framework of cooperation with OMOMO, Blaize team has won two hackathons representing our attainments in developing and deploying leverage trading systems and limit orders.
  • A series of audits for NEAR, including auditing of several modules from the Rainbow Bridge.

More Blaize development cases are available here. Take a closer look at it to get deeper into Blaize expertise and experience.

Conclusion

Creating secure smart contracts on the NEAR Protocol with Rust is a crucial skill for developers in the blockchain space. This article has provided an overview of the process, from understanding smart contracts on the NEAR Protocol to implementing best practices for security. With the right tools and knowledge, you can create secure, reliable smart contracts that meet the needs of your dApp and its users.At Blaize, we have extensive experience in secure smart contract development with NEAR Protocol, and we’re always ready to help you dive deeper into this topic.

Post Author:
Pavlo Horbonos Image
Pavlo Horbonos
Head of Security
Department

Get in Touch

Your blockchain dreams deserve top-tier security. Let's secure them together with our team of certified blockchain security professionals. Get consulting on WEB3 security from top-tier security researchers and auditors. Contact us, and let's fortify your decentralized future.