A complete, production-ready boilerplate for building decentralized applications (dApps) on Shardeum EVM Testnet. This project includes an enhanced ERC20 token contract with OpenZeppelin security features and a React frontend with wallet integration.
This is a reference boilerplate only. Security audits, comprehensive testing, and safe deployment practices are the responsibility of the user/developer. Always:
- Conduct thorough security audits before deploying to production
- Test extensively on testnets before mainnet deployment
- Never expose private keys or sensitive information
- Use professional audit services for production applications
- Run security analysis tools (see Security Testing section below)
- β
Enhanced Smart Contract: ERC20 token with OpenZeppelin security features
- ERC20Burnable for token burning
- ERC20Permit for gasless approvals (EIP-2612)
- Ownable for access control
- Mint function for additional token creation
- β React + TypeScript: Modern frontend with Vite and strict type safety
- β Wallet Integration: MetaMask connection with proper event handling
- β Token Interface: View balances, transfer tokens with validation
- β Error Handling: Comprehensive error states and user feedback
- β Transaction Explorer: Direct links to Shardeum explorer
- β Pre-configured: Ready for Shardeum EVM Testnet (Chain ID: 8119)
- β Security Tools: SAST integration with Slither and Aderyn
git clone https://github.com/shardeum/shardeum-dapp-boilerplate.git
cd shardeum-dapp-boilerplate
npm installFollow the complete tutorial in our documentation.
Before you begin, ensure you have:
- Node.js (v18 or later) - Download
- MetaMask wallet extension - Install
- Test SHM tokens - Get from faucet
- Code Editor - VS Code recommended
Create a .env file in the root directory:
cp .env.example .envAdd your wallet's private key to .env:
PRIVATE_KEY=your_private_key_here
.env file to version control!
The project is pre-configured for Shardeum EVM Testnet:
- Chain ID: 8119 (0x1fb7)
- RPC URL: https://api-mezame.shardeum.org
- Explorer: https://explorer-mezame.shardeum.org
- Network Name: Shardeum EVM Testnet
Configuration is in src/config/networks.ts.
shardeum-dapp-boilerplate/
βββ contracts/ # Smart contracts
β βββ MyToken.sol # ERC20 token contract
βββ scripts/ # Deployment scripts
β βββ deploy.ts # Deploy MyToken
βββ src/ # Frontend source
β βββ components/ # React components
β β βββ TokenInterface.tsx
β βββ context/ # React context
β β βββ WalletContext.tsx
β βββ config/ # Configuration
β β βββ networks.ts
β β βββ erc20Abi.ts
β βββ App.tsx # Main app component
β βββ App.css # Styles
β βββ main.tsx # Entry point
β βββ index.css # Global styles
βββ hardhat.config.ts # Hardhat configuration
βββ vite.config.ts # Vite configuration
βββ tsconfig.json # TypeScript config
βββ package.json # Dependencies
An enhanced ERC20 token implementation with OpenZeppelin security features:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts/token/ERC20/extensions/ERC20Burnable.sol";
import "@openzeppelin/contracts/token/ERC20/extensions/ERC20Permit.sol";
import "@openzeppelin/contracts/access/Ownable.sol";
/**
* @title MyToken
* @dev Implementation of a basic ERC20 token with additional safety features
* Uses OpenZeppelin's secure and tested contracts
*/
contract MyToken is ERC20, ERC20Burnable, ERC20Permit, Ownable {
constructor()
ERC20("My Token", "MTK")
ERC20Permit("My Token")
Ownable(msg.sender)
{
_mint(msg.sender, 1_000_000 * 10 ** decimals());
}
function mint(address to, uint256 amount) public onlyOwner {
_mint(to, amount);
}
}Features:
- ERC20: Standard token functionality (transfer, approve, balanceOf)
- ERC20Burnable: Users can burn their own tokens
- ERC20Permit: Gasless approvals using EIP-2612 signatures
- Ownable: Access control for owner-only functions
- Mint Function: Owner can mint additional tokens
- Initial supply of 1,000,000 tokens minted to deployer
Use the convenient npm script:
npm run deploy:testnetOr use Hardhat directly:
npx hardhat run scripts/deploy.ts --network shardeumTestnet⨠The deploy script automatically updates src/config/networks.ts with your contract address!
Verify your contract on the Shardeum explorer:
npx hardhat verify --network shardeumTestnet <DEPLOYED_ADDRESS>npm run devOpen http://localhost:5173 in your browser!
- Click "Connect Wallet" button
- Approve the connection in MetaMask
- If prompted, approve adding and switching to Shardeum Testnet
- Network will be added automatically
Visit the Shardeum Faucet to get test SHM tokens.
- View your token balance
- Enter recipient address and amount
- Click "Transfer" and confirm in MetaMask
- View transaction on explorer
npm run buildThe production build will be in the dist/ folder.
Vercel:
npm install -g vercel
vercel --prodNetlify:
npm install -g netlify-cli
netlify deploy --prod --dir=distIPFS (Decentralized):
npm install -g ipfs-deploy
ipfs-deploy dist# Install dependencies
npm install
# Run dev server (frontend)
npm run dev
# Build for production
npm run build
# Preview production build
npm run preview
# Deploy smart contract
npm run deploy:testnet
# Or: npx hardhat run scripts/deploy.ts --network shardeumTestnet
# Compile contracts
npx hardhat compile
# Run Hardhat console
npx hardhat console --network shardeumTestnetUnderstanding your smart contract's security posture is critical before deployment. This boilerplate recommends using industry-standard SAST (Static Application Security Testing) tools:
Slither is a Solidity static analysis framework that detects vulnerabilities and suggests code improvements.
Installation:
pip3 install slither-analyzerRun Slither:
slither .Slither will analyze your contracts and provide:
- Vulnerability detection (reentrancy, integer overflow, etc.)
- Code quality suggestions
- Gas optimization recommendations
- Best practice violations
Example Output:
MyToken.mint(address,uint256) (contracts/MyToken.sol#27-29) should emit an event for:
- _mint(to,amount) (contracts/MyToken.sol#28)
Aderyn is a fast, Rust-based static analyzer designed for Solidity smart contracts.
Installation:
cargo install aderynOr use with cargo-binstall:
cargo binstall aderynRun Aderyn:
aderyn .Aderyn provides:
- Fast analysis with detailed reports
- Security vulnerability detection
- Code quality metrics
- markdown report generation
Generate detailed report:
aderyn . --output report.md- Run both tools - Slither and Aderyn complement each other and may catch different issues
- Fix critical issues - Always address high and medium severity findings
- Review warnings - Even low-severity warnings can indicate code quality issues
- Run before deployment - Make security analysis part of your deployment checklist
- Professional audit - For production applications, consider professional security audits
Before deploying to production:
- Run
slither .and address all findings - Run
aderyn .and review the report - Test all functions on testnet
- Verify access control (onlyOwner functions)
- Check for reentrancy vulnerabilities
- Validate input parameters
- Review token economics (mint, burn, supply)
- Ensure private keys are secure
- Consider professional security audit
This boilerplate teaches you:
- β Smart contract deployment with Hardhat
- β ERC20 token implementation
- β React with TypeScript
- β MetaMask wallet integration
- β Reading blockchain data with ethers.js
- β Sending transactions
- β Network switching
- β Error handling
- β Transaction tracking
- Never expose private keys - Use environment variables
- Validate user input - Check addresses and amounts before sending
- Handle errors gracefully - Display user-friendly error messages
- Test thoroughly - Always test on testnet before mainnet
- Cache contract instances - Don't recreate on every render
- Debounce user input - For real-time updates
- Use event listeners - Instead of polling
- Optimize bundle size - Use code splitting
- Show loading states - Let users know transactions are processing
- Display transaction links - Link to block explorer
- Handle disconnection - Gracefully handle wallet disconnecting
- Mobile responsive - Test on mobile devices
if (!window.ethereum) {
alert('Please install MetaMask!');
}The app automatically prompts users to switch to Shardeum Testnet.
- Check you have enough SHM for gas
- Verify recipient address is valid
- Ensure you have enough token balance
Make sure you've deployed the contract and updated TOKEN_ADDRESS in src/config/networks.ts.
- Full Tutorial - Step-by-step guide
- Shardeum Documentation
- Shardeum Discord
- Hardhat Documentation
- ethers.js Documentation
- React Documentation
- Vite Documentation
- OpenZeppelin Contracts
- Slither Documentation
- Aderyn Documentation
We welcome contributions! Whether you're fixing bugs, adding features, or improving documentation, your help makes a difference.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
- Built with Hardhat
- Powered by OpenZeppelin
- Frontend with Vite and React
- Network interactions via ethers.js
- Shardeum Discord - Community support
- GitHub Issues - Report bugs
- Documentation - Complete guides
Happy Building on Shardeum! π