Security Practices in Move Development (1): Hello World

TL;DR

This article will tell you:

  • how to create and develop an Aptos application;
  • what a module (i.e., smart contract in Move) looks like;
  • how to compile and publish a module on your local network;
  • how to interact with the module and check the emitted event in the browser.

0x1. About Move and Its Ecosystem

Move is an inheritance from Diem (the previous name was Libra before Dec 2020), designed for smart contract development. It is claimed to be safe, fast, and flexible, aiming at becoming the next-generation language. However, the newly introduced projects like Aptos and Sui do not adopt the original Move directly, while some modifications have been made to serve their needs.

0x2. Prepare the Environment

0x2.1 Aptos Toolchain

Aptos has already integrated Move in its CLI. Therefore, it is recommended to follow the CLI installation to install the corresponding toolchain. Once the installation is completed, type aptos in the terminal, and you should see the following output:

$ aptos
aptos 1.0.1
Aptos Labs <opensource@aptoslabs.com>
Command Line Interface (CLI) for developing and interacting with the Aptos blockchain
USAGE:
aptos <SUBCOMMAND>
OPTIONS:
-h, --help Print help information
-V, --version Print version information
SUBCOMMANDS:
account Tool for interacting with accounts
config Tool for interacting with configuration of the Aptos CLI tool
genesis Tool for setting up an Aptos chain Genesis transaction
governance Tool for on-chain governance
help Print this message or the help of the given subcommand(s)
info Show build information about the CLI
init Tool to initialize current directory for the aptos tool
key Tool for generating, inspecting, and interacting with keys
move Tool for Move related operations
node Tool for operations related to nodes
stake Tool for manipulating stake and stake pools

0x2.2 Local Testnet and Account

Aptos provides several networks (i.e., mainnet, testnet, devnet and local testnet) for development and deployment. In this article, we’ll use the local testnet.

$ aptos node run-local-testnet --with-faucet --force-restart
......
Aptos is running, press ctrl-c to exit
Faucet is running. Faucet endpoint: 0.0.0.0:8081
$ aptos init

0x3. The First Hello World Program

Hello World program is always used as the first step in learning to write code. We’d like to follow this convention to demonstrate the way to develop Move applications.

0x3.1 Prepare the Package

Choose a directory you like and type the following command:

$ aptos move init --framework-local-dir "../../aptos-core/aptos-move/framework/aptos-framework" --name hello
[package]
name = 'hello'
version = '1.0.0'
[dependencies.AptosFramework]
local = '../../aptos-core/aptos-move/framework/aptos-framework'
[addresses]
BlockSec="c0d8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx14bd"

0x3.2 Prepare the Module

Below is a simple but complete sample module, which can be directly put into the move file (e.g., hello.move). In the following, we’d like to go through the code to illustrate the difference between Move and other programming languages. You may skip this section if you are pretty familiar with them.

module BlockSec::hello{
use aptos_framework::account;
use aptos_framework::event;
use std::signer;
use std::string::{String, utf8};
struct SecEventStore has key{
event_handle: event::EventHandle<String>,
}
public entry fun say_hello_script(account: &signer) acquires SecEventStore{
say_hello(account);
}
public fun say_hello(account: &signer) acquires SecEventStore{
let address_ = signer::address_of(account);
if(!exists<SecEventStore>(address_)){
move_to(account, SecEventStore{event_handle: account::new_event_handle(account)});
};
event::emit_event<String>(&mut borrow_global_mut<SecEventStore>(address_).event_handle, utf8(b"Hello World!"));
}
}
/// Emit an event with payload `msg` by using `handle_ref`'s key and counter.
public fun emit_event<T: drop + store>(handle_ref: &mut EventHandle<T>, msg: T)
struct EventHandle<phantom T: drop + store> has store {
/// Total number of events emitted to this event stream.
counter: u64,
/// A globally unique ID for this event stream.
guid: GUID,
}
struct SecEventStore has key{
event_handle: event::EventHandle<String>,
}
event::emit_event<String>(&mut borrow_global_mut<SecEventStore>(address_).event_handle, utf8(b"Hello World!"));
if(!exists<SecEventStore>(address_)){
move_to(account, SecEventStore{event_handle: account::new_event_handle(account)});
};

0x3.3 Compile and Publish the Module

When the module is ready, we can compile it with the following command:

$ aptos move compile
Compiling, may take a little while to download git dependencies...
INCLUDING DEPENDENCY AptosFramework
INCLUDING DEPENDENCY AptosStdlib
INCLUDING DEPENDENCY MoveStdlib
BUILDING hello
{
"Result": [
"c0d8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx14bd::hello"
]
}
$ aptos move test
INCLUDING DEPENDENCY AptosFramework
INCLUDING DEPENDENCY AptosStdlib
INCLUDING DEPENDENCY MoveStdlib
BUILDING hello
Running Move unit tests
Test result: OK. Total tests: 0; passed: 0; failed: 0
{
"Result": "Success"
}
$ aptos move publish --package-dir ./ --profile default
Compiling, may take a little while to download git dependencies...
INCLUDING DEPENDENCY AptosFramework
INCLUDING DEPENDENCY AptosStdlib
INCLUDING DEPENDENCY MoveStdlib
BUILDING hello
package size 1271 bytes
Do you want to submit a transaction for a range of [672200 - 1008300] Octas at a gas unit price of 100 Octas? [yes/no] >
yes
{
"Result":
...
}

0x3.4 Interact with the Module

To make the module emit the event, just type the following command:

$ aptos move run --function-id default::hello::say_hello_script
Do you want to submit a transaction for a range of [34500 - 51700] Octas at a gas unit price of 100 Octas? [yes/no] >
yes
{
"Result": {
"transaction_hash": "0x9af16532de5e79803c823fe28e3251703927d93809274b76972d8e83c6fcd433",
...
}
}

0x4. What’s Next?

The Hello World program is just one small step for developing Move applications. In the coming series of articles, we will introduce more about developing safe and secure Move applications on Aptos. Stay tuned!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
BlockSec

BlockSec

1K Followers

The BlockSec Team focuses on the security of the blockchain ecosystem and the research of crypto hack monitoring and blocking, smart contract auditing.