TL;DR: Open and verified code builds trust, verification adds extra safety for users, verified contracts play well with others, and getting expert approval is an extra layer of security.

Okay, no more drama, let’s dive into it! I’m going to start with the worst scenario.

Code Available on GitHub Is Not the Same as Verified Code

Here is a trick from scammers’ point of view. I got scammed and hacked a month ago.

Imagine you are a bad guy (of course, you’re not) who published your malware smart contract code on GitHub to gain trust from others, but you never verified this code on the blockchain. If somebody asks what your code does, you can send them a link to the code published on GitHub.

Don’t get it? Let me explain.

There are still not so many experts or advanced users in web3 (and many of them want to have easy money), and because of that, there are still so many possible ways to get scammed. For non-technical people, it could get crazy because even if one day you hire somebody to analyze the smart contract on GitHub, its deployed code on the blockchain can be 100% another code, which came outside of GitHub.

A Short Example

You find a new amazing dApp (DeFi, GameFi, etc.) that you’d like to use or earn money. You ask your IT friend to explain what is inside (or even ChatGPT), and everything looks great for both of you. You connect your wallet to this application. In a second, you lost your funds, everything, including private keys. It’s how malware apps work.

I’m that guy (with more than 15 years in software development) who lost funds because I didn’t pay a lot of attention to the project codebase that I wanted to help with development. It took me days to restore my laptop, my data, my mental health. I was curious about that project and got hacked.

If you think you are in a safe place – you are not in the safe place. On the Internet (and web3 particularly), you may get hacked using multiple methods, including social engineering. People usually don’t pay enough attention when they are chasing easy money.

To Summarize

Never. Ever. Trust. Unverified. Smart Contracts. And. Applications. Do your own research first. Don’t connect your wallet everywhere before you understand what is going on inside.

Now let’s take a look with a positive vibe.

People Can Understand How It Works Internally

When the code of a smart contract is publicly available and verified, users (frankly speaking, only hackers, engineers, and crypto enthusiasts) can look at it to understand how it works before using your application.

Verified code is equal to open code (but not bug-free), so everyone will be able to get your code and reuse it for their own educational (or even business) needs. It’s all about openness and open source. In open source, we trust! <3

If you think that people may steal your code, and because of this, you are not aware of verifying code just to not expose your smart contracts – you need to immediately get out from blockchain and web3. Web3 is all about transparency and security.

You should know that everything on the blockchain is open and available for everyone. Why not use these benefits and let people learn from your code and be educated? It’s an absolutely amazing experience for everyone! And smart contract code verification is free.

Verified Smart Contracts Help You Build Trust with Your Clients and Community

Why? Because people can see what the contract is designed to do. Most people in Web3 don’t want (and avoid, of course) to work with dApps (or other apps) with unverified code.

If you ask a random guy on Twitter or LinkedIn about the only thing that should be done with a smart contract, what would be the answer? It’s the code verification badge. It’s like a green light for everyone. The second go-to – security audit. And the third would be a GitHub repository. I hope so.

It’s like adding extra layers of security to make sure the contract does what it’s supposed to and nothing unexpected.

Other Projects More Willing to Integrate with Your Smart Contract

Smart contracts that have been checked and verified are like puzzle pieces that fit well with others. If you deployed your code (doesn’t matter, DeFi, GameFi, any kind of applications) on the blockchain, how can people be sure your contract will not steal their money? Only verified and audited codebase.

When I started working with blockchain 2 years ago, the first thing I’ve done was reading the code of popular smart contracts, such as CryptoKitties, CryptoPunks. My learning curve was super exciting because I had everything to start with. I learned a lot from others’ code.

People Are Able to Interact with Your Smart Contracts Without Your dApp

If you are a new developer in web3, you need to know that verification opens you and your clients another way how to use your application – via blockchain explorers. When your smart contract is verified, everyone will have access to its functions.

What does it mean to us? We can use smart contracts directly! We don’t need to use dApps to call or execute smart contract functions. Instead, we can use blockchain explorers because all functions are available there.

It Opens a Door for Smart Contract Auditors

It’s like getting a stamp of approval from industry experts. Big companies that review and audit contracts often require this verification to make sure everything is safe and sound. The more points you earned from the experts, the fewer red/yellow marks in your audit report.

Code is not verified? One more red mark. Or they will charge you more to help you with the verification process, but you can cut this cost by reading my next article about verification.

Conclusion

I hope you guys enjoyed this reading. If so, please share this article with your friends and colleagues. It will help me a lot and motivate me to write more content for you.

Need assistance with developing smart contracts?

I’m ready to help. Book a call with me and ask your questions.