Task: Build an Algorand Smart Contract

TestNet
,
30

The code there is related to opting into a stateful application.

Opting into an asset is just an asset transfer of 0 to and from the account opting in. Here is what the opt-in transaction structure looks like for assets: Structure - Algorand Developer Portal

Since I don’t have all context of your app, please take the following suggestions with that in mind as a heavy disclaimer and make sure to do your own security audits…

The asset opt-in scenario could be weaved in under the onetx scenario (because you want to make sure only a single transaction is permitted) and it would look something like:

// asset transaction type
txn TypeEnum
int 4 
==
&&

// opt-ins are transfers of 0 amount
txn AssetAmount
int 0
==
&&

// the sender must be equal to the receiver for opt-ins. And the sender for contract accounts is the contract account.
txn Sender
txn AssetReceiver
==
&&

// make sure it is opting in to the right asset
txn XferAsset
int 127494380
==
&&

// Add any checks to restrict unintended loopholes - this is important; make sure I'm not missing any!
txn AssetSender
global ZeroAddress
==
&&

txn AssetCloseTo
global ZeroAddress
==
&&

// Add an expiration round if you can as a best practice
txn LastValid
int EXPIRATION_ROUND
<
&&

Then next steps would be:

  1. Send algos to contract to initialize it on chain (201,000 microAlgos to cover minimum balance for Algos and one asset holding, plus money for a fee).
  2. Send opt-in transaction from contract account to opt it into asset: 127494380.
  3. If you want, and you’re super paranoid like me, wait until the expiration round has passed and then add more funds to cover fees. That way you can eliminate any unforeseen attack vectors through that additional code :slight_smile:
  4. Fund the account with the asset and let the trades begin!

By the way, I didn’t see any checks for rekeying in your code which is very important. See some more related guidelines here. Relevant line:

Always verify that the RekeyTo property of any transaction is set to the ZeroAddress unless the contract is specifically involved in a rekeying operation.

Edit (2/28): Wrong field name; changed Receiver to AssetReceiver.

1 Like