Top 5 Web3 Tools for Developers
1. Language: Solidity or Vyper
Image from defillama
Solidity remains the dominant language, with about 94% of all smart contract value flowing through Solidity. This is actually up about ~7% from last year, which is a bit surprising considering all the advancements rust, huff, and Vyper made this past year.
As far as languages go, these two continue to dominate, and I expect Vyper to gain a lot of traction this year. Last year, they had an unfortunate event with an issue with reentrancy locks, but it’s resulted in a massive turnout by the community to show up for Vyper to improve it. We’ve seen some PRs introduced for stateful modules, they have started doing competitive audits, and other major jumps for the language seem to be in the works.
I also heard some rumblings of a Vyper course on Cyfrin Updraft…
2. Framework: Foundry and Hardhat
Foundry is on a warpath.
Foundry and Hardhat return from last year as our top 2 frameworks. Brownie is still a fantastic framework, but it has slowed down to being in maintenance mode. Apeworx is working on gaining feature parity to be the new pythonic framework but isn’t quite at Brownie’s level yet.
Hardhat still has the most repos using it, but this year, we saw most new projects come out of the gate with Foundry. Why?
- Faster testing by a factor of 20
- Built-in fuzz tests
- Deployment improvements
But really, the speed of Foundry is pushing it to the top. At Cyfrin, we’ve seen most new projects looking for security reviews using Foundry, and most projects looking for competitive audits also using Foundry.
Foundry is going to be the go-to tool for new projects in 2024. For both developers and security researchers.
For Vyper buffs, I expect to see more adoption out of Titanoboa, which you can think of as “The Foundry of Vyper.” Built by the Vyper core team themselves, it offers testing and execution much in the same way Foundry does, but for Vyper.
And of course, Truffle finally said goodbye to us this year. RIP Truffle. You will not be missed, but you will be remembered as being the starting framework for many people in web3.
3. Smart Contract Essentials: Chainlink and OpenZeppelin Contracts
Original image from IncrediVFX from Getty Images
Chainlink and Openzeppelin continue to be tools every developer should be aware of. They both continued to ship great products this past year:
- Openzeppelin v5.0 recently dropped
- Chainlink CCIP (bridging)
- Chainlink Data Streams (low-latency oracles)
- Chainlink Functions (Custom API calls)
And continue to be the go-to resources for solidity extendable contracts (OZ) and oracles (CL). Chainlink CCIP in particular should be paid very close attention too, as it’s going to bring about a new age of cross-chain dapps.
Solady has been building for over two years for other essentials, and should not be discounted. While their contract library is smaller than Openzeppelin’s, they have a ton of gas-optimized contracts that new projects should check out as an OZ alternative.
We are also seeing an uptick in:
- rust-based contract excitement on Solana and Arbitrum stylus
- ZK tooling/languages like Cairo and Noir
And I expect to see more development here as well.
Some honorable mentions in this category would be:
- Tenderly: Transaction visualizer
- Otterscan: Open sourced block explorer
4. Wallets
Image from Cyfrin Web3 Wallet Guide
Web3 wallets have been getting an upgrade, for dapp developers, too. The Paradigm team came out with Rivet this year which allows for developers to interact with their front-ends MUCH easier than with a traditional wallet. You can watch the video here to learn more:
Not only that, we are seeing wallets really level up in general:
- Metamask launched snaps this year, enabling customization of the wallet
- Rabby has been a wallet I’ve been enjoying more and more due to how many checks it seems to have on my transactions
- Trezor being one of the only open-sourced hardware wallets in the game launched its Trezor 3
Wallets are really leveling up.
And finally, everyone should use a multi-sig like Safe. If you want to read more on the Cyfrin team’s high level recommendations on wallets for you, you can check it out here.
5. Security
CodeHawks announcement thumbnail
This year, we saw massive strides in security.
Competitive audit platform CodeHawks launched with Developer and Security course Cyfrin Updraft to level up everyone’s knowledge of web3 security, give auditors a place to level up, and give protocols a place to squash bugs! They join the ranks of platforms like Code4rena to empower the competitive audits scene.
Additionally, we saw a lot of tooling in certain techniques get more exposure.
Fuzzing
Security researcher Dacian did a deep dive on fuzzing tools, you can view the results of his research:
The top tools (in order) according to Dacian are:
- Medusa (experimental)
- Echidna
- Foundry
And are a requirement for all web3 projects in 2024. If you don’t have any fuzz tests, your codebase is not done.
Formal Verification
We see formal verification get the love it deserves, with tools like:
- Kontrol
- Certora (Who transitioned into a freemium model!)
- Halmos
- HEVM
And we are seeing projects start to use FV and treat smart contracts like hardware. If they break, it’s not ok!
Learning attack vectors
And of course, to stay up to date with the latest attack vectors, Solodit is your go-to tool to see everything top firms and competitive audits are reporting so you know what to look out for.