Finding Top Developers to Secure Your Blockchain Apps

Even after several years of community investment and development, Blockchain is fairly new. It can take some time for developers to ramp up and wrap their head around it, although they’re bound to see the similarities to other forms of app development after just a bit of time.

How to Find Blockchain Developers

Great Blockchain devs are out there, but they’re not the easiest to find. During your search, remember that familiarity with Solidity, NBitcoin or Go chaincode is necessary, but not alone sufficient. Any dev you hire needs to nail writing secure smart contracts and testing decentralized code.

We like the nontraditional approaches of recruiting from online cryptocurrency communities like Blockgeeks, Bitcointalk, Coinality, Slack, Gitter, and Reddit; Digital Currency meetups and conferences; and occasionally through freelancing sites like Upwork.

Making a Decision About DApps

Some people are using DApp shorthand to describe any application built on a Blockchain, but it’s not widely agreed upon as there are some specific suggestions for what makes a DApp a DApp. Take a look before you start loosely throwing the term around.

DApps have huge benefits because they can function like autonomous startups. At launch time, they often self-fund with an initial coin offering or ICO (they can also establish themselves through token-mining or incentivize community developers through token “bounties”).

Are Blockchains really secure?

One of the main reasons Blockchain appeals to so many people is due to its decentralization, trust through mass consensus, transparency and security through immutability. That being said, Blockchain-based systems are not perfect.

There are a few ways you can beef up your security from the start for your Blockchain application:

1. Systems are only as good as their underlying technology. A recent security audit revealed serious concerns about Serpent, Ethereum’s original Python-like programming language. Now Ethereum developers are being encouraged to use Solidity. However, hackers stole $50 million of ether due to a Solidity security flaw in 2016 and many are asking for a Solidity security audit.
2. Writing secure code is a critical part of development security. Even if Solidity was bulletproof, Ethereum developers must understand how to write secure smart contracts in order for them to act as such.
3. Even “foolproof” systems have loopholes. Bitcoin and Blockchain have mostly solved the issue of double spending. But, if a merchant doesn’t wait for Bitcoin transaction confirmation, a fraudster could double spend Bitcoins. It’s rarely worthwhile, but still possible. This is why it’s important for Bitcoin merchant apps to follow transaction protocol recommendations.
4. Single points of failure can re-introduce flaws. Poor app design can add hacker-exploitable flaws, even in decentralized systems. For example, web-hosted digital currency wallets often require a username and password. Accounts can still be compromised by hacking or social engineering — this is a vulnerable, single point of failure, even with SSL and two-factor authentication.

That being said — Blockchains are still secure. The Blockchain addresses many fundamental security issues: single middleman vulnerability, data theft and loss, denial-of-service attacks and more. Blockchains are highly encrypted, and their communities are constantly monitoring and improving security. For example, during the major Ethereum coin-theft, the community voted to hard fork the Blockchain and reverse the transaction.

Ultimately, any programming language and platform comes with some risks, Blockchain or not. We believe that Blockchain’s promise and the current level of capital investment are huge incentives for the community to keep making improvements.

How to Squash Blockchain Bugs

Blockchain’s biggest development challenge is arguably debugging, thanks to its perfect storm of decentralization and immutability. To tackle some of those pesky bugs, we recommend:

1. Using a testnet. This is a private Blockchain which runs on your host computer. The goal of a testnet is to debug your blockchain app code without spending real digital currency.
2. Stepping through your blocks. Stepping through code to debug is always a good idea. It’s especially advisable when you’re debugging a smart contract or other Blockchain and trying to visualize how the data is propagating throughout the data structure and network. If you’re using Ethereum, the web-based Remix IDE debugger lets you paste in smart contract code and go through it block by block.
3. Remembering that immutability is great, until it isn’t. Unchangeable data is one of Blockchain’s selling points. But if you deploy a Blockchain with a buggy smart contract and actually write that block, that bug is there forever unless you hard fork. Pro tip: just use a testnet.