Enable Contract Deployments on EVM accounts

This article is for Administrators only.

Overview

Along with sending transactions, interacting with contracts, and signing messages, we now enable users to deploy smart contracts directly from their workspace. This comprehensive functionality allows our enterprise and institutional clients to perform virtually any operation on EVM networks.

Smart Contracts have brought new opportunities and interesting use cases to Corporates & Financial Institutions:

For Corporates and Brands , smart contracts enable the creation and management of new digital products, such as NFTs. These new assets can be leveraged as digital twins (Dior B33 snearkers, Nike CryptoKicks), collectibles, digital certificates of authenticity... They can also enable new marketing strategies for Brands looking to engage and connect with their audience in a more meaningful fashion.
For Financial Institutions , smart contracts offer the ability to tokenize various asset classes, automate settlement processes, and create decentralized financial products, enhancing liquidity, security, and transparence.

A smart contract is simply a program that runs on the Ethereum blockchain. It can define rules, like a regular contract, and automatically enforce them via the code without the need for intermediaries or manual intervention. Smart contracts cannot be deleted by default, and interactions with them are irreversible. To learn more abour Smart Contracts, you can refer to the official Ethereum documentation.

Smart Contract deployment is the process of taking a written smart contract and getting it deployed and available to users on a network. Once deployed, it becomes a permanent part of the blockchain, and the rules and conditions encoded in it start functioning. The lifecycle of a Smart Contract can be defined as:

Creation : the smart contract is written, containing all the rules and conditions that need to be met based on the purpose of the contract; you can learn more on how to create Smart Contract is the dedicated article
Deployment : the smart contract is sent to the blockchain, where it's stored permanently: learn more here
Execution : once deployed, the smart contract can be interacted with, and it will automatically execute the coded actions when the predefined conditions are met; Ledger Enteprise also lets you interact with contracts

Ledger Enteprise supports the deployment of any smart contract, and enables Operators to review the bytecode hash of their contract on the Trusted Display of their Personal Security Devices. Administrators can enable contract deplpoyments for any Ethereum or EVM account. The step 4 web3 rules of the account creation or edition procedure now lets you activate and configure a rule to govern contract deployments for the account. Activate the feature by clicking on the Toggle button, and configure your Contract Deployment governance rule according to your needs.

Deploying contracts can put funds at risk. We advise users to educate themselves about the risks of deploying contracts, before activating the feature.

Instructions

scd governance

Select creator to define which operators can create contract deployment requests. You can select up to 20 operators or a single group. The selected operators will be able to initiate a contract deployment process. See Deploy Smart Contracts for details.

Contract Deployment requests con only be initiated via our Public API for now. This means that only API Operators can initiate a contract deployment request, and therefore be selected as Creators in the Smart Contract rule.

(optional) Click Add amount range . Note that Ether can be sent during a contract deployment transaction. This can trigger a specific action (e.g. transfer the sent ETH to another address) based on the behaviour defined in the contract contrstructor .
(optional) Use the approval workflow section to define which Operators must review and approve contract deployment requests. You can define up to three steps.
- Click Add approval step .
- Select up to 20 Operators or a single group.
- Operators and groups pending to be created, edited, or deleted aren't listed.
- Click the chevrons to define the number of approvals required from these Operators.
- Click Add approval step .
Confirm the creation of your Contract Deployment rule and review the rule on your Personal Security Device. Once you've reviewed the rule on your PSD and confirmed, an account creation or edition request is created.
Once all required Administrators have reviewed and approved the account creation or edition request, according to your workspace's admin rule , the Contract Deployment rule will be effective for the account.

General best practices

Contract Deployment process

Once an account has been set up with Contract Deployment capabilities, authorized Operators can leverage it to deploy any contracts.

Implement Strong Governance: Establish clear governance protocols regarding the creation and approval of smart contract deployment requests within the institution.

Audit & Test Extensively: Smart contracts are not risk-free; rigorously review the contract code for any potential vulnerabilities, and utilize test networks to run simulations and ensure the contract behaves as intended under various scenarios.

Monitor & track: Continuously monitor the performance of deployed smart contracts to ensure that they work as expected. Specifically, make sure to review and double-check the contract configuration options, such as gas limits and contract owner accounts, to ensure that they are set correctly.

Web3 Risk Management

Do not enable Contract Deployment for an account holding higher amounts of funds than what you intend to use to deploy contracts.

Try segregating contract deployment accounts per project or use cases:

One account dedicated to deploying tokenized assets

One account dedicated to deploying NFT projects

One account dedicated to deploying on-chain treasury managers

We encourage you to carry out security reviews and audits before deploying your contracts