NFT Smart Contract Security Audit: Ultimate Guide
Smart contract vulnerabilities in NFTs lead to security issues. Regular NFT smart contract audits migitate the risks of hacks.
🇺🇦 Hacken stands with Ukraine!Learn more
A comprehensive and in-depth guide to Aptos blockchain, the most trendy Move-based chain brought by former Facebook Diem engineers.
Aptos is a layer 1 blockchain with resource objects and Move programming language. Aptos newly released crypto project aims for safe, scalable, and upgradeable proof-of-stake infrastructure.
The Mainnet was launched in October 2022 with a mission to redefine the Web3 user experience, but the project’s history goes back to 2019.
Diem and Facebook. What’s now called Aptos chain started with a technology company Diem. Meta (aka Facebook) was fascinated with the idea of creating a stablecoin Libra. In an effort to lead digital currencies, Meta acquired Diem blockchain initiative. Things didn’t go as planned, and in late 2021, Facebook’s blockchain saga came to halt. Diem was sold to Silvergate Capital for $182 million. After the sale, some employees decided to continue an open-source quest for a blockchain and founded Aptos Labs.
Here comes Aptos. In December 2021, Aptos arose as a breakaway project that combines passionate leaders and engineers who believe in decentralized blockchain technology. They secured millions from Andressen Horowitz and other Web3-focused VC funds – enough for a successful devnet and a series of testnets.
Mainnet. Aptos road to mainnent took less than a year. On October 17 2022, Aptos “Autumn” Mainnet came online. A few days later, the layer 1 project added Names Services, and struck a tentative deal with Google Cloud. The next steps in Aptos roadmap are (1) attracting new Web3 projects, (2) delivering higher TPS, and (3) making configurations and upgrades.
Aptos Labs, the team behind the layer 1 project, is not exactly a newcomer in blockchain technology. Aptos Labs’ roster includes former leaders and engineers from Meta’s blockchain Diem, Meta’s wallet Novi, and Move programming language. The CEO Mo Shaikh has a diverse background in capital markets, accounting, and consulting.
During the first seven months of the devnet stage, Aptos raised $350 million. The first investors onboard were Andreessen Horowitz, a16z, and Multicoin. They brought in around $200 million.
By July 2020, Aptos Labs had secured an additional $150 million from Apollo, Griffin Gaming Partners, Franklin Templeton, Circle Ventures, and Temasek. Notably, the funding round was led by Jump Crypto and … FTX Ventures (Hacken coverage of the FTX saga). Binance has also invested an unspecified amount in March and September 2022.
From a high-level standpoint, Aptos chain works as follows:
Source: Aptos white paper
From an architectural standpoint, Aptos chain is a set of validators that receive and process transactions using Byzantine fault tolerance (BFT) and Proof of Stake (PoS). Holders stake tokens in validators. Voting consensus power depends on the stake amount. Validators can be active and inactive. It’s noteworthy that Google Cloud runs a validator. Clients can be full nodes or light. Full node clients replicate transactions and blockchain state, while light clients (e.g., wallets) only maintain the current set of validators.
Conduct a Smart Contract Audit to guarantee the security of your Aptos project.
As of December 2 2022, the current rate of transactions is 8 TPS with 102 active validators. This is far cry from a promised 160,000 TPS but comparable with other blockchains. In the 30 days of November 2022, the peak rate of transactions in Aptos blockchain was 2,107 TPS.
For those interested in a technical side, let’s get behind the scenes of Aptos blockchain with our Smart Contract Auditor SteMak.
Aptos is a Move-based L1 Blockchain. Move is a verifiable Rust-based programming language developed by Diem blockchain initiative and inherited by Aptos chain. As its name implies, Move is very flexible and allows custom transactions and contracts.
The two key elements in the architecture are Move modules and singer objects. A module (i.e., the script of code on blockchain) doesn’t have storage but can modify resources. Modules can call each other directly without signing transactions. Signer is a resource object created when signing a transaction. Because the Signer object registers resources to an account and verifies user credentials, thus is vital for Aptos chain security.
Aptos’ main feature is resources. Resources are objects that cannot be copied or dropped. Module (contract) calls don’t waste resources by default. Each user account stores resources, which enables decentralization. Only the user can register resources to their account, thus making it impossible to spam tokens.
APT token is the best example of how Move-based resource objects work. Before making transfers and using modules, all coins belonging to a new account are first registered using the signer object. Aptos coin is not ERC20-compatible, which excludes allowance functionality. However, modules call each other directly.
APT is a native Aptos token. The newly released L1 blockchain has secured its position in the Top100 cryptocurrencies. A few days after the ICO, APT reached a market cap of more than $1 billion. In the following days, its valuation stabilized at around $690 million.
Aptos native token with a total supply of 1 billion has the following distribution:
Detailed distribution schedules and token supply estimations are available on Aptos Foundation website.
Buy through exchanges. CoinGecko offers a full list of all the markets where you can buy APT. On Dec 6, only five exchanges provided APT/USDT or APT/BUSD pairs. Always check cybersecurity and solvency ratings of exchanges before investing your money.
Buy for fiat. Since November 29, 2022, people can buy APT for fiat currency thanks to the integration with MoonPay. The MoonPay integration enables buying Aptos tokens with Visa, MasterCard, Apple Pay, and Google Pay. There’s also a native Petra Wallet implemented as a free Chrome extension. This web interface supports APT storage and transfer, NFT creation and viewing, and dApp interaction. Petra Wallet also supports the MoonPay fiat off-ramp.
A blockchain is as strong as its ecosystem. The most popular projects on Aptos are NFTs and marketplaces, DeFi, launchpads, wallets, and infrastructure tools. Here, the biggest names are AUX Exchange, PancakeSwap, LiquidSwap, Tortuga, Ditto, Thala Labs, and Race Capital.
The CEO Mo Shaikh shared a few numbers a week after Aptos’ main launch:
Aptos ecosystem is easy to hop on. Users can check transactions, blocks, and validators with Aptos Explorer, a block explorer with a sleek-looking UI. Having individual and business creators onboard is vital for Aptos’ long-term future. For creators, there’s detailed and comprehensive white paper and Developer documentation. Developers can also apply for the Aptos Foundation Grant program with a 5 million APT total budget. Partnership with Google Cloud is an important pull factor for new Web3 developers.
Aptos and Sui are both very recent blockchains, so it makes sense to compare them first. The two Layer-1 ecosystems are the closest competitors also because they share the same Move-based origin. They have similar BFT consensus, objects, permissionless validators, parallel execution, and segmentation into full node and light clients. With so many similarities, it all comes down to market adoption. Aptos is heading the way right now in these metrics.
Some crypto observers bullishly predict that Aptos will be the next Solana’s killer. They have a similar vision – quick layer 1 blockchain. Right now, Solana’s position remains unchallenged. Indeed, compare Aptos current 9 TPS with Solana average throughput of more than 3,500 TPS. Solana capitalization is around $5 billion vs. $600 million of the challenger’s. They aren’t even close. The two blockchains will certainly co-exist, but Aptos may offer something better in the future. Right now, Aptos is way ahead. Sui is still in the testnet stage with fewer validators, a smaller ecosystem, and lower transaction volume.
In terms of comparison, Avalanche blockchain is a more traditional and more established platform. Avalanche is an EVM blockchain protocol compatible with Solidity. AVAX is the 20th largest cryptocurrency in the world. Its market cap is Right now, Avalanche has a higher throughput with an average of 24 TPS and 2 million daily transactions. Both platforms have a compelling vision for the future.
Ethereum is the biggest cryptocurrency after Bitcoin. They are incomparable regarding numbers, ecosystem, transactions, and assets. As things stand right now, the new chain can only hope to get a small bite of Ethereum’s market with quick transfers, higher throughput, lower fees, and secure private key recovery. Therefore, things are only getting started for the new Move-based blockchain.
The most crucial downside is the failure to deliver what it has promised. The founders teased a mind-blowing number for the throughput and claimed that the layer 1 protocol hits 2,500 TPS “with ease.” However, the throughput has been decreasing every week. The current rate of 9 TPS leaves many fans bewildered. Aptos hyped up the community but didn’t achieve the claimed results. How solid are their current and future promises?
On the one side, a somewhat shaky start has revealed organizational, preparedness, and incident response cracks. On the other hand, the blockchain may be a victim of its own high publicity. They used to work for Facebook. It’s no wonder the entire market is watching them. Too much attention might have caused unwanted chaos. For example, APT Airdrop wasn’t available to everyone because the company closed its Discord servers at peak attendance. Aptos Labs claimed protection from scammers, but this is something that could have been predicted and mitigated.
Cybersecurity is a pillar of blockchain’s viability. The October launch has attracted many scammers causing disruptions to Aptos Airdrop. The only way to avoid costly errors and ensure that the code is without any vulnerabilities is to conduct a professional third-party review.
Learn more about Smart Contract Audit for Aptos projectsHacken’s flagship Smart Contract Audit and dApp Audit are available for all Web3 projects building on Aptos.
The simple Move language and modular design are very audit-friendly. On top of that, Move is based on Rust, and Hacken has a dedicated team of engineers for this programming language.