sia.hackernoon.com

Are you a start-up founder or an enterprise leader with plans to launch a financial services application? You might be wondering whether, and indeed, how to use blockchain for this.

Industry observers highlight the steady growth of blockchain in the financial services market.

A Markets and Markets report states that the FinTech blockchain market will grow from $0.23 billion in 2017 to $6.2882 billion by 2023. The report projects a CAGR of 75.9% during the 2018-2023 period.

You are no doubt wondering how to build blockchain financial services applications? Read on, as I will help answer this question for you.

What Kind of Blockchain You Can Use: Public vs Private

You need to decide the kind of blockchain to use. This depends on your business model. Consider the following scenarios:

1. You plan to restrict your financial products or services to registered customers only

Do you want to restrict your proposed products or services to customers that register with your business? You are likely already following the relevant KYC (Know Your Customer) process to enroll customers. It is likely that you will choose that only such customers can access your new financial services app.

If so, then you need to use a permissioned blockchain in this scenario. Enterprise blockchains fit your bill. They allow you to implement access control, and they allow only trusted parties to view sensitive information.

You can use any of the following enterprise blockchain frameworks/platforms:

Hyperledger Fabric: This is an open-source enterprise blockchain framework from the Hyperledger Consortium. You need to find a blockchain network host like AWS, IBM, etc.
R3 Corda: This is an enterprise blockchain platform from R3.
ConsenSys Quorum: JP Morgan was the company that originally developed Quorum. ConsenSys acquired it, and now the company offers Quorum as an enterprise blockchain platform.

2. You plan to offer your product or services to anyone

This scenario includes even anonymous or pseudonymous users. Anyone can view transactions, and there’s no access control. If you want to launch a decentralized financial services application, you want a public blockchain.

Many entrepreneurs have built DeFi (Decentralized Finance) applications using the Ethereum blockchain platform. Ethereum provides the following for this:

EVM (Ethereum Virtual Machine): This is a decentralized computer. Developers can use this computational engine to build DApps (Decentralized Apps).
Solidity: It’s a language used to code Ethereum smart contracts. Smart contracts are open-source pieces of code with “If-Then-Else” statements. They execute autonomously, and they transfer cryptographic assets based on predefined conditions. Smart contracts are immutable. Their execution results are irreversible.
Ethereum blockchain development tools: The Ethereum ecosystem offers IDEs (Integrated Development Environments), testnets (test networks), APIs, deployment tools, etc. I will talk about them shortly.

Note 1: I provide a quick overview of a DApp here, which is as follows:

DApps are web apps.

You can develop their front-end using any of the standard front-end development technologies.
The back-end of a DApp must consist of smart contracts.
DApps run on a decentralized blockchain network like Ethereum.
DApps store data on a decentralized blockchain. They must adhere to the established cryptographic standard to enable them to do this.
A DApp needs a cryptographic token. You need to create it using the established cryptographic standards.
DApps are open-source programs.
You can’t change a DApp without the consensus of the user community.
No one user can control the majority of the crypto tokens.

Note 2: In this guide, I assume that you will build a DeFi app on Ethereum.

How You Can Build a Blockchain Financial Services App on the Ethereum Network

You need to take the following steps:

1. Hire a software development team and onboard it in a staggered manner

You need the following roles in an Ethereum blockchain development team:

Project manager (PM);
Architect;
Business analysts;
UI designers;
Web developers;
Ethereum blockchain developers;
Testers.

Note 3: I assume that you will offer a web app. You need to hire mobile developers if you plan to offer mobile apps.

I recommend the following:

Hire a PM with considerable experience in leading blockchain development projects.
Find an architect with the ability to incorporate scalability measures in the technical solutions. You need a plan on how to scale your Ethereum blockchain app for when the time comes.
Hire business analysts with a good understanding of the Ethereum DeFi ecosystem.
Hire JavaScript developers to develop the front-end of the web application. Many web developers know JavaScript, and there’s a rich ecosystem of frameworks and libraries.

Why do I suggest you to onboard the team in a staggered manner? The reasons are as follows:

You need sufficient time to define the scope of a blockchain development project.
The planning exercise needs time too.
You should first onboard the PM, architect, and a few business analysts.
They need to define the scope of the project and gather the requirements.
This team also needs to plan the project.
Developers won’t have sufficient work during this period. Blockchain developers can be costly, therefore, hire them when you have enough work for them.

Onboard the other roles before entering the coding phase. You can onboard the development and testing leads during the planning phase.

2. Define the Project Scope and Plan the Project

Specify your goals to your team. Indicate the kind of DeFi you want to build and exactly what it should be able to do.

The following are a few types of DeFis:

Cross-border payment apps: These Apps facilitate payment transactions across the globe.
Stablecoins: These are cryptographic tokens with the objective of maintaining a stable price. The price of a stablecoin is often pegged to a real-world asset like USD.
Decentralized lending apps: These DeFi apps let borrowers borrow money directly from lenders without any 3rd party intervention.
DEXs (Decentralized Exchanges): These are crypto exchanges without a centralized administrator.

There are more types of DeFis.

Business analysts need to talk to the business stakeholders and gather requirements. The PM and architect need to plan the project, and they need to focus on the following:

Development tools;
Scalability solutions;
Project tasks and schedule;
Resource loading;
Development, review, testing;
Other project management aspects like communication, risk management, etc.

3. Install the Required Development and Testing Tools

You can now onboard the rest of the development team. The team needs to install and configure the following tools:

3a. MetaMask

MetaMask is a crypto wallet. It also provides a simple way to connect to blockchain-based apps. You can use it to connect to the Ethereum blockchain network.

MetaMask is available as a browser extension and mobile app. Your development team needs to download the browser extension.

You can buy and store Ether (ETH) in your MetaMask wallet. For testing your Ethereum blockchain app, you need dummy Ether. You can get them on MetaMask.

3b. Ganache

Ganache is a blockchain client. You can use it for Ethereum DApp development, and it’s a part of the larger Truffle suite of tools. Programmers can use it to run tests and execute commands.

You can use the Ganache UI. It’s a desktop application. You can also use the Ganache CLI (Command Line Interface), which was earlier known as TestRPC. Read the Ganache documentation to use it.

3c. Web3.js

Web3.js is an Ethereum JavaScript API. It’s also a collection of important libraries. Ethereum blockchain developers can use Web3.js to interact with a local or remote Ethereum node. Install and configure it by using the Web3.js documentation.

3d. Truffle suite

Truffle suite is a collection of tools for Ethereum blockchain development. It includes a development environment and testing framework. You can deploy Ethereum smart contracts using Truffle, and there’s extensive Truffle documentation.

Note 4: You need to use more tools for Ethereum DApp development. However, you don’t need to install them. These are as follows:

Remix IDE (Integrated Development Environment): You need to code Solidity smart contracts using the Remix IDE. It’s a DApp, therefore, you don’t need to install it.
Ropsten: It’s a testnet (test network) for testing Ethereum smart contracts. You need to use dummy Ether to test smart contracts on Ropsten.

4. Configure the Tools

You now need to configure the tools.

Note 5: I suggest you read two detailed articles that show how to configure these Ethereum blockchain development tools. Alex Miller wrote the first one. It’s a guide to Ethereum DApp development. I refer to it as the “reference article 1”. Merunas Grincalaitis wrote the second one, which is a guide to convert web apps to DApps. Let’s call it the “reference article 2”.

Do the following:

4a. Configure the MetaMask crypto wallet and browser extension

You need to take the following steps:

Create an account and secure your keys.
Connect to the Ethereum blockchain in “developer mode”.
Set up a connection to the Ropsten testnet.
Use the MetaMask guide and the “reference article 2” for more information.

4b. Configure Ganache, Web3.js, and Truffle

Take the following steps to configure Ganache, Web3.js, and Truffle:

Read the Ganache GitHub documentation to configure it. Open a Ganache instance.
Follow the Web3.js “getting started” guide to configure it.
Read the Truffle documentation to configure it.
Check the “reference article 2” for more guidance.

5. Design and Develop the Front-End of the DApp

Having installed and configured the tools, you can start coding. Design and develop the front-end of the DApp first. Do the following:

Follow the established user interface (UI) design guidelines.
Use JavaScript, HTML, and CSS to develop the front-end of the UI. Alternatively, you can use front-end web frameworks like Angular or React.js.

6. Code Smart Contracts

Now’s the time to code your smart contracts, the building blocks for the back-end. Take the following steps:

6a. Review relevant smart contracts to get useful ideas

Ethereum DApp development projects are open-source. Software engineers can review smart contracts of other projects to get ideas, which is an advantage.

You can also review smart contracts of relevant projects. Choose DApp projects that are similar to your project, e.g.:

Review the Dai stablecoin smart contracts if you plan to build a stablecoin.
Study the Uniswap DeFi protocol smart contracts if you want to a create DeFi protocol.
Check out the Aave protocol smart contracts if you plan to build a decentralized lending platform.

6b. Code smart contracts

Use the Remix IDE to code smart contracts. I recommend you keep the code simple. I say this due to the following reasons:

Costs: A smart contract with complex logic requires more computation. You pay more “gas fees” if your smart contracts have complex processing logic. By keeping the logic simple, you can control your costs.
Maintenance: Debugging smart contracts with complex processing logic is harder. You can improve the maintainability of your smart contracts by keeping the logic simple.

Document your smart contracts well. Organize them using Truffle.

7. Implement a Structured Smart Contract Audit Process

You need thorough audits of your smart contracts. Remember that you can’t modify a smart contract after deploying it. This makes testing and code review doubly important.

However, testing can’t catch all bugs. This makes code review of smart contracts very important. You can find bugs earlier if you implement a structured code review process.

Finding experienced code reviewers can be hard in any project. An Ethereum DApp development project involves niche skills, therefore, finding expert reviewers can be harder.

Have a sufficient budget. Plan for a high lead time to engage independent smart contract auditors.

Experienced smart contract auditors should focus on the following:

7a. Conducting a structured smart contract audit

A smart contract audit shouldn’t be ad-hoc. Independent reviewers should follow a systematic approach. They need to do the following:

Auditors should insist on getting a locked-down version of the source code.
Reviewers must understand the project thoroughly.
They need to review the project documentation systematically.
Smart contract reviewers should conduct a preliminary code review.
A static code analysis should follow.
Auditors should conduct a code quality analysis.
Reviewers should look for known smart contract vulnerabilities.
They should analyze whether the code will deliver the right functionality.
Auditors should identify code optimization opportunities.
Smart contract reviewers should track all issues and report them systematically.

You need to ensure the closure of any issues found in the smart contract audit.

7b. Identifying the known smart contract vulnerabilities

Reviewers should keep their eyes open for known smart contract vulnerabilities. The following are examples of prominent smart contract vulnerabilities:

Reentrancy: This is also known as the “recursive call vulnerability”. It happens when an external smart contract call can make new calls to the calling contract.
Access control: Access control issues can impact all kinds of software systems. Smart contracts can have this issue when they implement functions that allow privileged roles to take unilateral actions. E.g., a privileged user can withdraw funds from the contract.
Arithmetic bugs: Programmers may code unsigned integers in smart contracts. These might result in bugs like “integer overflow” and “integer underflow”.
The smart contract might not check the return values for low-level calls: Solidity allows low-level function calls. During execution, such calls might return a boolean value of “false”. Smart contracts that don’t check for this will continue to run. This can create vulnerabilities.
“Denial of Service” (DoS): Hackers can review smart contracts and find vulnerabilities for launching a DoS attack. Take the example of a “for” loop. Hackers can feed too large a number to such a smart contract. Gas-related limitations of the Ethereum network will prevent such a contract to iterate so many times. As a result, the smart contract will stop functioning. Hackers can launch different types of DoS attacks to permanently prevent smart contracts from functioning.
Incorrectly coded functions to generate random numbers: Hackers can exploit the functions and variables in Solidity to create random numbers. They can predict the random numbers that will be created by a smart contract. Hackers can then manipulate the DApp.
Front-running: Smart contracts might publish sensitive information. Hackers might copy it and submit a transaction with higher fees. This will prioritize the transaction, and hackers will get to manipulate the system.

8. Test Smart Contracts

You now need to test your smart contracts. At the outset, you should create a comprehensive test plan. The test plan should have enough test cases to cover all paths and branches of the smart contracts. You need a structured review of the test plan.

Subsequently, do the following:

Buy dummy Ethers using MetaMask. Visit the Test Ether Faucet on MetaMask for this.
You have already connected MetaMask to Ropsten. Check if the connection is still open.
Navigate to the Remix IDE. Use the relevant menu options to deploy your smart contracts to Ropsten.
Confirm this action using MetaMask.
Test the smart contracts by following your test plan.

Check out the “reference article 1” for more information.

9. Deploy Smart Contracts

Now that you have tested the smart contracts, you need to deploy them. Do the following:

Buy real Ether from a crypto exchange like Binance. Store them in your MetaMask wallet. You need real Ether to deploy smart contracts on the Ethereum mainnet.
Check the Ganache instance to ensure that it’s still running.
Navigate to Truffle. Navigate to the Truffle directory where you organized the smart contracts.
Use the “truffle deploy” command to deploy your smart contracts on the Ethereum mainnet.
Note the smart contract addresses after deploying them.

Refer to the “reference article 1” for detailed instructions.

10. Connect Your Smart Contracts to the Web App Front-End

You have already coded the front-end of your web app, and you now need to connect the smart contracts to it. Take the following steps:

Open the web app project in an IDE of your choice.
Create an empty file and assign the name “web3.min.js” to it. You will need this file to connect smart contracts to the front-end with the help of Web3.js.
Visit the Web3.js ChainSafe repository on GitHub. Copy the “web3 min code”.
Paste the entire code into the web3.min.js file that you created in the web app project.
Save the web3.min.js file.
Import it into the main HTML file of your web app project.

Read “reference article 1” if you need more guidance.

11. Initialize Your Smart Contracts

You now need to initialize the smart contracts that you have deployed. This involves the following steps:

11a. Getting the contract ABI (Application Binary Interface)

Ethereum uses data encoding schemes called ABIs to communicate with smart contracts. Do the following to get the ABIs:

Navigate to the Remix IDE “compile” tab. Navigate to the ABI section, and note the ABI information in a text file.
You need to clean up the ABI information. It’s in JSON format, and it has spaces. Use JSON minify to remove spaces. For this, paste the ABI information in the JSON minify panel. Subsequently, click the “JSON minify” button.
Copy the output data.
Paste it in the “const contractABI” variable in your code.

Consult “reference article 1” for more guidance on this.

11b. Getting the contract address

Navigate to the “Run” tab of the Remix IDE. Get the contract address, and paste it in a variable called the “const contractAddress” in your code.

11c. Updating the different functions of the web app to use smart contracts

You have coded your smart contracts to cater to different functions in your DApp. You coded the front-end in JavaScript, and now you need to update the functions with the corresponding smart contracts.