Safeheron MPC Wallet Facilitates Secure Smart Contract Deployment
Smart contracts have become essential in the thriving Web3 ecosystem. A common method for deploying these contracts involves using a private key on a server in the production environment or on a developer’s workstation. While this approach is simple and easy to implement, it also poses the significant risk of a single point of failure on the private key. If the private key is lost or stolen, the consequences can be disastrous.
Common development frameworks for smart contracts, such as Hardhat and Truffle Suite, simplify the processes of development, testing, and deployment. However, these frameworks typically require private keys to be placed in configuration files or environment variables, using them for smart contract deployment. This introduces a significant single-point-of-failure risk on the private keys.
To enhance the security of smart contract deployment, Safeheron leverages the scalability of Hardhat and Truffle Suite plugins to launch the Safeheron Hardhat Plugin and Safeheron Truffle Plugin. These plugins enable the secure and efficient deployment of smart contracts through the Safeheron MPC wallet and can be paired with a Policy Engine to customize the approval process for deploying smart contracts. This approach not only eliminates the single-point-of-failure risk associated with private key management but also strengthens the control over the smart contract deployment process.
In line with the open-source spirit of the blockchain community, Safeheron has published the plugin-related code on our GitHub repository. This article will provide a detailed guide on how to use these two plugins. Before you begin, please ensure that you have activated the Safeheron Open API service.
Use Hardhat-Safeheron
Install Hardhat
You can skip this section if you already have Hardhat installed or are familiar with Hardhat.
Install the Hardhat package.
npm install --save-dev hardhatInitialize a new Hardhat project using the basic Hardhat template.
npx hardhat initAfter executing the above command, this message appears in the console:
npx hardhat init
888 888 888 888 888
888 888 888 888 888
888 888 888 888 888
8888888888 8888b. 888d888 .d88888 88888b. 8888b. 888888
888 888 "88b 888P" d88" 888 888 "88b "88b 888
888 888 .d888888 888 888 888 888 888 .d888888 888
888 888 888 888 888 Y88b 888 888 888 888 888 Y88b.
888 888 "Y888888 888 "Y88888 888 888 "Y888888 "Y888
👷 Welcome to Hardhat v2.22.3 👷
? What do you want to do? …
❯ Create a JavaScript project
Create a TypeScript project
Create a TypeScript project (with Viem)
Create an empty hardhat.config.js
QuitThen,
- Select
Create a JavaScript projectand selectEnter. - Select the current folder as your project path.
- Install this project’s dependencies with npm.
Now, you have a new Hardhat project.
Integrate with Safeheron
By utilizing the Safeheron Hardhat Plugin, you can directly connect to a specific Safeheron Web3 wallet for deploying smart contracts. Leveraging the MPC-TSS technology and approval policies of the Safeheron wallet, this method effectively mitigates the risk of single-point private key exposure and enhances control over the smart contract deployment process.
Install the Safeheron Hardhat Plugin.
npm install @safeheron/hardhat-safeheronImport the plugin into your hardhat.config.js or hardhat.config.ts file and modify the relevant configuration.
import "@safeheron/hardhat-safeheron";
const safeheronConfig = {
baseUrl: '<https://api.safeheron.vip>',
apiKey: '<your open api key>',
rsaPrivateKey: 'file:/to/your/private/key/path',
safeheronRsaPublicKey: "<your safeheron platform public key>",
requestTimeout: 8000,
web3WalletAccountKey: "<your web3 wallet account key>",
web3WalletEVMAddress: "<your web3 wallet address>"
}
const config = {
networks: {
sepolia: {
url: '<https://1rpc.io/sepolia>',
safeheron: safeheronConfig
}
}
}The plugin extends HttpNetworkUserConfig with an optional attribute safeheron to the network configuration.
The above code is a sample configuration. Modify the relevant settings in the safeheronConfig variable as instructed and add the safeheron field to the network you are using.
Deploy Contract
Your Hardhat project is now integrated with Safeheron. You can proceed with development, testing, and deployment.
Take a basic Hardhat template as an example to demonstrate the deployment process.
npx hardhat ignition deploy ./ignition/modules/xxx.ts --network sepoliaRun the above command, and you will receive a request to review and approve the transaction through the Safeheron App on your mobile device. If your team has set up any advanced policies, please inform the relevant approvers to review the transaction.
[hardhat-safeheron]request eth_signTransaction success, please review and approve on safeheron mobile appAt the same time, your console will continuously output the following log every three seconds, indicating that the transaction is pending signature. Keep the console open until the transaction has been approved and successfully signed.
[hardhat-safeheron]Waiting for signature...
[hardhat-safeheron]Waiting for signature...
[hardhat-safeheron]Waiting for signature...
...Once the transaction has been approved and signed in the Safeheron App, your console will display a message indicating that the signature has been received. Hardhat will then broadcast the transaction on-chain using the rpc url defined in your configuration file, completing the contract deployment.
This process may take approximately one minute. Upon successful deployment, your console will display a message similar to the following:
[<Contract Module> ] successfully deployed 🚀
Deployed Addresses
<Contract Module>#<Contract_Name> - <contract_address>Use Truffle-Safeheron
Install Truffle
npm i -g truffleYou can create a project without any smart contracts using truffle init. However, for beginners, it is recommended to use a template from Truffle Boxes to quickly set up a Truffle project. We will use the MetaCoin Box as an example.
Create an empty menu and download the MetaCoin Box.
mkdir truffle-demo
truffle unbox metacoin ./Integrate with Safeheron
Install Safeheron Truffle Plugin.
npm install @safeheron/truffle-safeheronEdit the truffle-config.js file.
const SafeheronProvider = require("@safeheron/truffle-safeheron");
const safeheronConfig = {
baseUrl: '<https://api.safeheron.vip>',
apiKey: '<your open api key>',
rsaPrivateKey: 'file:/to/your/private/key/path',
safeheronRsaPublicKey: "<your safeheron platform public key>",
requestTimeout: 8000,
web3WalletAccountKey: "<your web3 wallet account key>",
web3WalletEVMAddress: "<your web3 wallet address>"
}
modules.exports = {
networks: {
sepolia: {
provider: () => new SafeheronProvider('<https://1rpc.io/sepolia>', safeheronConfig),
network_id: "11155111",
networkCheckTimeout: 10000,
// This property must set to true!
skipDryRun: true
},
}
}Deploy Contract
truffle migrate --network sepoliaRun the above command, and you will receive a request to review and approve the transaction through the Safeheron App on your mobile device. If your team has set up any advanced policies, please inform the relevant approvers to review the transaction.
[hardhat-safeheron]request eth_signTransaction success, please review and approve on safeheron mobile appAt the same time, your console will continuously output the following log every three seconds, indicating that the transaction is pending signature. Keep the console open until the transaction has been approved and successfully signed.
[truffle-safeheron]Waiting for signature...
[truffle-safeheron]Waiting for signature...
[truffle-safeheron]Waiting for signature...
...Once the transaction has been approved and signed in the Safeheron App, your console will display a message indicating that the signature has been received. Truffle will then broadcast the transaction on-chain using the rpc url defined in your configuration file, completing the contract deployment.
