Smart Contracts
Which platform makes it hardest to write a dangerous smart contract?
DX is the northstar for crypto adoption. Writing safe smart contracts is beyond most developers — too costly, too time-consuming, too dangerous. The chain that engineers risk out at the platform level wins.
Where Work Lives
Smart contract writing is 20–30% of a production Web3 project. The contract is kept minimal by design — smaller surface, lower gas, fewer attack vectors. The heavy lifting migrates off-chain.
| Layer | Share | Tools |
|---|---|---|
| Smart contracts | ~20–30% | Foundry, Anchor, Sui Move |
| Frontend / dApp UI | ~25–30% | React, Next.js, Wagmi, Viem |
| Indexing & data | ~15–20% | The Graph, custom subgraphs |
| Backend & APIs | ~15–20% | Node.js, event listeners |
| DevOps & infra | ~10–15% | RPC nodes, L2, rollup infra |
Off-chain computation cuts gas costs 90–95% versus equivalent on-chain execution. The contract becomes a verification layer — it checks proofs, not does math. DeFi protocols compute complex pricing off-chain and submit only final values on-chain. The work is building trusted pipelines that feed the contract, not the contract itself.
Three layers, distinct failure modes:
| Layer | Role | Where It Fails |
|---|---|---|
| Contracts | Truth anchor — minimal, auditable, immutable | Logic errors are permanent |
| Bridge | ethers.js, Viem, event listeners, oracles | Most integration bugs live here |
| Off-chain | Agents, indexers, APIs | Where value compounds, where scale breaks |
The chain comparison below covers where you spend the 25%. The platform choice shapes the 75% too — composability primitives, indexing tooling, and wallet integration differ significantly across EVM, SVM, and Move.
Intelligent Hyperlinks
Hyperlinks transformed information flow — anyone could connect any document to any other document. Smart contracts do the same for value. A hyperlink says "go here." A smart contract says "if this condition is met, value flows here, measured by these instruments, verified on-chain."
| Invention | What It Pipes | Transformation |
|---|---|---|
| Hyperlink | Information | Anyone can publish → web grows → network effects |
| Smart contract | Value | Anyone can pipe value → mycelium grows → network effects |
Smart contracts are the piping in Agent & Instrument Diagrams. They sit at the Protocols layer of the knowledge stack — sequencing primitives into value streams. Blinks make this tangible: a URL that carries a transaction wherever a link can go.
Quick Comparison
| Dimension | EVM (Solidity) | SVM (Rust/Anchor) | Move (Sui) |
|---|---|---|---|
| Safety | Opt-in (libraries, audits) | Partial (runtime guards) | Structural (compiler-enforced) |
| Onboarding | Days (JS-like, Remix) | Months (Rust learning curve) | Weeks (novel but purpose-built) |
| Speed | 12s blocks, Foundry v1.0 | 400ms blocks, slow deploys | 390ms finality, fast local tests |
| Composability | Flexible but dangerous | CPI (depth limit 4) | PTBs (1,024 ops) + full stack |
| Ecosystem | 31K devs, deepest tooling | 17K devs, fastest growing | 1.4K devs, completing full stack |
Safety
The pit of success question: does the platform prevent vulnerabilities, or does the developer prevent them?
| Vulnerability | EVM (Solidity) | SVM (Rust/Anchor) | Move (Sui) |
|---|---|---|---|
| Re-entrancy | Manual prevention (OpenZeppelin guard) | Runtime restricts CPI depth to 4 | Impossible by design (no recursive calls) |
| Asset duplication | Manual balance management | Runtime prevents same-slot double-write | Linear types: move only, never copy |
| Integer overflow | Checked since Solidity 0.8 | Panics in debug, wraps in release | Always checked at bytecode verifier level |
| Access control | Modifier-based (convention) | Account ownership + manual signer checks | Capability-based (compiler-enforced) |
| Formal verification | Certora, Halmos, Echidna, Slither | Trident (early) | Move Prover + Sui Prover (open-sourced 2025) |
Re-entrancy alone caused $325M in stolen assets in 2025. Move eliminates the class entirely. 5 of the OWASP Smart Contract Top 10 are structurally impossible in Move.
Onboarding
How fast from zero to deployed contract?
| Dimension | EVM (Solidity) | SVM (Rust/Anchor) | Move (Sui) |
|---|---|---|---|
| Language curve | Days (JS-like syntax) | Months (ownership, borrowing) | Weeks (novel but purpose-built) |
| Concepts before deploy | ~5-6 | ~8-10 | ~6-7 |
| Zero-install path | Remix (browser IDE) | Solana Playground | CLI required |
| IDE support | Mature (Hardhat LSP, Foundry) | Excellent (rust-analyzer) | Growing (Move LSP, trace debugger) |
| Documentation | Massive corpus | Strong, improving | Smallest, growing fast |
| Test framework | Foundry v1.0, Hardhat | LiteSVM + Anchor | sui move test (built-in) |
| Tests in contract language | Yes (Foundry) | No (TypeScript/Rust separate) | Yes (Move #[test]) |
Iteration Speed
| Metric | EVM | SVM | Move (Sui) |
|---|---|---|---|
| Testnet block time | ~12 seconds (Sepolia) | ~400ms (Devnet) | Sub-second (Testnet) |
| Mainnet finality | ~15 minutes | ~13 seconds economic | ~390ms (Mysticeti) |
| Local test speed | Foundry: 2-5x faster than Hardhat | LiteSVM: in-process SVM | Fast compilation, no validator needed |
| Fuzzing | Foundry built-in + Echidna (production) | Trident (early) | Move Prover + Belobog |
Sub-second finality changes what you can build. Real-time agent workflows, on-chain IoT, HFT-style DeFi — these require ~400ms or less.
Composability
Can agents compose transactions without middleware?
| Primitive | EVM | SVM | Move (Sui) |
|---|---|---|---|
| Transaction batching | Multicall + EIP-7702 (2025) | Instructions in one tx, CPI depth 4 | PTBs: 1,024 ops with data flow between |
| Native identity | None (ERC-4337 account abstraction) | None (SPL Name Service) | zkLogin (protocol-level, 7.6M txs) |
| Off-chain storage | IPFS, Arweave (fragmented) | Shadow Drive, Arweave | Walrus (same-stack, $140M raised) |
| Programmable access | — | — | Seal (identity-based encryption) |
| Verifiable compute | — | — | Nautilus (TEE attestations on-chain) |
Sui's extended stack (Walrus + Seal + Nautilus) means identity, storage, encryption, and verifiable compute ship as one platform — not glue code across five vendors.
Ecosystem
| Metric | EVM | SVM | Move (Sui) |
|---|---|---|---|
| Monthly active devs | ~31,900 | ~17,700 | ~1,400 |
| New devs (2024-25) | 16,181 added | 11,534 added (+83% YoY) | 219% growth (H1 2024) |
| Audit cost | Baseline | +25-40% premium | +30-45% premium |
| Production DeFi | Uniswap, Aave, Compound | Raydium, Jupiter, Orca | DeepBook, Cetus, Navi |
| Token standards | ERC-20/721/1155 (mature) | SPL Token, Token-2022 | Sui Coin/NFT (standardizing) |
Smallest ecosystem, fastest percentage growth, highest developer commitment (>50% single-chain). The thesis: DX quality predicts developer migration. Developer activity is the leading indicator.
Standards War
Who controls what "standard" means?
| Dimension | EVM | SVM | Move (Sui) |
|---|---|---|---|
| Governance | EIP/ERC — community-driven, anyone submits | SIMD — foundation-managed, 66.67% validator vote | SIP — Mysten + community, fast-track option |
| Token philosophy | Standard interface, any implementation | Shared program library, foundation-maintained | Language-embedded (compiler IS the standard) |
| Fungible | ERC-20 (each token deploys own contract) | SPL Token (single shared program) | sui::coin (typed object) |
| Non-fungible | ERC-721 (interface standard) | Metaplex NFT standard | Any object with key ability |
| Extensions | ERC-1155, ERC-4337 (AA), ERC-3643 (RWA) | Token-2022 (extensions on shared program) | Composable objects + PTBs |
| Maturity | Thousands of EIPs, battle-tested | Foundation-curated, growing | Smallest — language does the work |
EVM standardizes the INTERFACE — define the shape, let anyone implement. Solana standardizes the PROGRAM — one shared implementation, everyone calls it. Sui standardizes at the LANGUAGE level — there's no separate NFT standard because every object with key is already uniquely identified, owned, and transferable. Three philosophies. The question is whether making standards unnecessary beats having mature ones.
Standard Fittings
Language-level safety handles objects and ownership. It does not handle access choreography or overflow-safe arithmetic. OpenZeppelin Contracts for Sui proves the point — even Move needs a standard fittings library.
In A&ID nomenclature: standard fittings are instruments. In P&ID: ANSI-rated valve assemblies and certified pressure relief devices. You specify them by code. You do not build your own.
| Fitting | P&ID Equivalent | What It Does |
|---|---|---|
two_step_transfer | Two-key safety interlock | Ownership handoff requires initiate + accept. Hot-potato guards enforce return. |
delayed_transfer | Time-delay relay | Time-locked wrapper. Schedule, wait, execute. Minimum delay enforced. |
mul_div | Flow computer | (a * b) / c without intermediate overflow. DeFi's core calculation. |
decimal_scaling | Unit converter | Safe precision conversion between token decimal scales. |
u512 | Extended-range gauge | 512-bit intermediate math. Prevents precision loss in tokenomics. |
Lindy Effect
The Lindy Effect applies to standard fittings: the longer a pattern survives without exploit, the more trust it accumulates. OpenZeppelin's EVM contracts are Lindy — battle-tested since 2016, hardened by a decade of audits and attacks. When they port patterns to Move, the implementation is new but the design is not. Trust transfers across platforms when the pattern is proven.
| Trust Layer | What | Lindy Age |
|---|---|---|
| Language (Move) | Linear types, capability-based access | Young, structurally sound |
| Standard Fittings (OpenZeppelin) | Access patterns, safe math | Patterns Lindy from EVM, implementation new |
| Application | identity, mandate, tokenomics | Inherits both layers |
Each layer's survival compounds into the application's trustworthiness. Standards that get safer with age are the opposite of Wirth's Law — where software gets slower faster than hardware gets faster. Standard fittings are the exception. Time is their ally.
Depth: ERC Standards | SPL Token | Sui Development
Learning Path
Where do you start, and what's the sequence?
| Stage | EVM (Solidity) | SVM (Rust/Anchor) | Move (Sui) |
|---|---|---|---|
| Setup | Node + Foundry | Rust + Solana CLI + Anchor | Rust + Sui CLI |
| Browser IDE | Remix (zero install) | Solana Playground | — (CLI only) |
| First contract | forge init → forge test | anchor init → anchor test | sui move new → sui move test |
| Mental model | Global state + msg.sender | Accounts + PDAs + CPIs | Objects + ownership + capabilities |
| Tokens | ERC-20 / ERC-721 / ERC-1155 | SPL Token / Token-2022 | sui::coin / objects with key |
| Testing | Foundry (same language) | LiteSVM (TypeScript) | sui move test (same language) |
| Frontend | ethers.js/viem + wagmi | @solana/web3.js + wallet-adapter | @mysten/sui + dApp Kit + zkLogin |
| Advanced | Upgrades, AA, DAO, Merkle | NFTs, DePIN, AI agents | PTBs, Walrus, Seal |
| Auditing | Slither + Echidna + Certora | Trident (early) | Move Prover (built-in) |
| Deploy | forge script --broadcast | anchor deploy | sui client publish |
| Best course | Cyfrin Updraft | Bootcamp 2024 | Move Book |
| Time to productive | Weeks | Months | Weeks |
Depth: EVM Development | Solana Development | Sui Development
Dig Deeper
🗃️ EVM Contracts
6 items
🗃️ SVM Programs
4 items
🗃️ Sui Move
5 items
Context
- Smart Contract Standards — Standard fittings catalog: Lindy libraries, safety comparison, DeFi primitives
- Essential Algorithm — Smart contracts bridge ROUTE → SETTLE: algorithms that enforce protocols on-chain
- Protocols — Algorithms decide the route; protocols enable the handshake; smart contracts execute both
- Matrices — Disruption scoring: actuator potential measures how directly predictions trigger on-chain action
- Knowledge Stack — Primitives → Protocols → Standards → Platform: where smart contracts sit
- Value Stream Map — The factory blueprint that smart contract piping makes executable
- A&ID Template — Pipe = smart contract in the Agent & Instrument nomenclature
- Developer Experience — DX scoring framework and crypto comparison methodology
- Sui Technical — Object model, Move language, agent economy primitives
- Crypto Problems — What keeps going wrong and why
- Blockchain Decisions — Which chain for which use case
- Agent Commerce — The standards war for agent transactions
- Hacker Laws — Lindy Effect, Gall's Law, Wirth's Law — the laws that govern standard fittings
- Pipe Dreams — Smart contracts as intelligent hyperlinks: the piping that makes pipe dreams buildable
Links
- Ethereum EIP Process — Community-driven proposal lifecycle
- SIMD Repository — Solana's governance proposals
- SIP Repository — Sui improvement proposals
- Blockchain ISO TC 307 — International standards body
- ITSA Global — Token standardization and classification
- Cyfrin Foundry Course — Full EVM development curriculum
- DeFi Developer Road Map — Comprehensive DeFi learning path
- Panaverse DeFi DApps — Solidity practice contracts
- OpenZeppelin Contracts for Sui — Production access and math primitives for Move — standard fittings arrive on Sui
Questions
Does the platform that makes standards unnecessary win against mature community-driven processes?
- How do you weigh onboarding speed against safety depth when choosing a first chain?
- What breaks when language-embedded standards need to evolve faster than the language itself?
- If 95% of smart contract operations become commodity, does the standards layer commoditize too?
- Which governance model — community EIP, foundation SIMD, or language SIP — produces better standards faster?
- If standard fittings get safer with age (Lindy), does the chain with the oldest audited library always win on trust — even if a younger chain is structurally safer?