Prepare for deployment to the mainnet

  • 2 minutes

Before you deploy to the Ethereum mainnet, you need to fully test and audit your code. Working in the mainnet requires real ether, which costs real money and can add up quickly!

After you develop, test, and audit your code, run the project on at least one testnet and resolve any problems. Most projects follow a comprehensive process before they're deployed to the mainnet. The process includes auditing, testing, security, and governance. This process minimizes the risks and costs of things going wrong in the mainnet.

The process for preparing for and deploying to the Ethereum mainnet involves a series of steps:

  1. Audit smart contracts.
  2. Verify source code.
  3. Manage keys.
  4. Handle project governance.

The following sections describe these steps in detail.

Audit smart contracts

It's imperative to audit and assess the security of smart contracts before you deploy to a public network. After a smart contract is deployed, anyone on the network can send a transaction directly to your contracts by using any payload. All of your contract source code and the state of the contract is publicly available.

Because transactions on blockchains are immutable, after they're committed, the transactions are permanent. Transactions can result in stolen funds and other malicious activity. So audit smart contracts before deployment.

Verify source code

Immediately after you deploy your contract to the mainnet, verify the smart contract source code by submitting the Solidity code to a third party. Public services such as Etherscan compile your contract code and verify it against the deployed assembly. This process enables users who view your contract code in a block explorer to confirm the contract corresponds to the assembly running at that address.

To verify and publish your Solidity source code, first enter the contract source code. If the generated bytecode matches the existing creation-address bytecode, the contract is verified. Then the contract source code is published, and anyone can publicly verify it.

Manage keys securely

It's imperative to securely manage private keys when you deploy to the mainnet. This step requires serious precautions so that your private keys can't be compromised, lost, or stolen.

Mismanaged keys have resulted in several major thefts and losses. The accounts you'll use to deploy and interact with smart contracts hold real ether. They're targets for hackers. Common ways to store private keys securely include hardware wallets and cold storage, which are computers that never connect to any network.

Handle project governance

Decentralized projects are managed in different ways, depending on the community and user base. Organizations are often created to determine how to manage updates and other aspects of the running decentralized system.

Project governance can be managed in several ways. A small group of trusted administrators can provide the management, or perhaps a public vote by all project stakeholders. There's no right answer here. The decision comes down to the solution you're building and who your community and users are.