What are you putting in your box?

Algorand’s new unlimited Smart Contract storage

The developers I work with sometimes say “anything’s possible to build.” This is a thrilling aspect of software development and one of the big reasons people fall in love with programming — it allows you to build whatever you can imagine.

Unfortunately, blockchain engineers are more likely to say “anything’s possible to build…

…but it’s hard.
…but it’s risky.
…but it’s going to be expensive to run.”

Smart Contracts in blockchain are a nascent technology. They fulfill their primary goal of allowing people to build distributed applications, but it remains a challenging path to true success.

For these reasons, many supposedly decentralized applications in blockchain are unfortunately reliant on off-chain services for part of their implementation. The birth of “web 2.5” rather than “web 3.0”, as the world inches its way towards true decentralization.

At Algorand, this challenge is top of mind, and every update to the Algorand Virtual Machine (AVM) serves the developers building upon our blockchain. Our goal is to make it easy to develop secure, performant, fully decentralized applications. Full stop.

The AVM 8 Release

Our latest release of the AVM is no exception. We have introduced a new flexible form of storage for Smart Contracts: boxes. A Smart Contract can create as many boxes as it needs, of the size that it needs (up to 32K), when it needs them.

For example, let’s say Alice wants to offer an oracle service for token prices. She creates a Smart Contract that users can call to get a token’s current price.

Given the ever-expanding set of tokens available on Algorand, whether native or bridged over, Alice’s oracle contract will need an increasing amount of persistent storage over time.

Boxes are the perfect solution: Alice’s smart contract allocates one box per token it tracks.

When CoolCoin is created, a new “CoolCoin” box can be created by the oracle contract. This box will store the price of CoolCoin. This value can be read and updated by Alice’s oracle contract thereafter. Users who want to know the price of CoolCoin call the oracle contract to get the price.

Hopefully this sounds just as straightforward as it is. Boxes offer a direct way to implement a map to store all your key-value pairs.

Before boxes, Smart Contract devs who needed more storage had to resort to hacks like creating dummy applications or accounts just to be able to use their state, carefully managing permissions to avoid introducing vulnerabilities in the process.

How much do boxes cost?

Of course, digital storage has a cost, and on blockchain it is more expensive because of its distributed (and duplicative) nature.

A simple illustrative example: Alice and Bob just got married, and they want to store a little photo of their wedding on-chain. They can create a storage managing smart contract that allows them to create a box and store the photo in it. They can rekey the smart contract to one of their accounts so that only they can control the box.

If they store the max size photo they can (32K), it’ll cost them about 13 Algo, roughly $3–4 at time of writing.

Algorand storage is paid for by an increase to an account’s minimum balance requirement. In other words, Alice needs to keep at least 13 Algo in her contract account to continue storing the image there. If in the future Alice and Bob get divorced and Alice wants to digitally burn their wedding photograph, she can delete it and free up her 13 Algo for other uses.

What else can we do with boxes?

Just about anything. Boxes present such a flexible and powerful paradigm that it is likely the majority of Smart Contracts will use boxes going forward.

One compelling example of box usage is replay protection for bridges. Crypto bridges are a powerful technology that allows value to be transferred across blockchains — making the crypto world truly borderless. However, because of the complexity of dealing with multiple chains, bridges have to be carefully designed lest they be subject to hacks. One type of bridge hack is a replay attack.

A replay attack is when an attacker submits the same transaction twice. The duplicate message looks correct, but only one of them should make it through.

At a high level, a bridge locks an asset on the sending blockchain and mints a corresponding asset on the receiving blockchain. A successful replay attack on a bridge would duplicate the minting assets on the receiving blockchain for a single locked asset on the sending blockchain.

To protect against replay attacks, the minting Smart Contract on the receiving blockchain needs to track every transaction it has already processed, and check any new transaction against all the old transactions to make sure it’s not a duplicate. Remembering what has already been executed defeats the attack.

Tracking every transaction requires storage proportional to the number of transactions a bridge processes. This can become a huge number if the bridge is successful. Boxes are perfectly suited to unlimited storage needs like this: One box per transaction.

Another use case of interest for boxes is a governance system, as is planned to be adopted by xBacked.

Say a protocol is controlled by a set of governors who can propose updates to be voted on by all the governors. There may be many governors, and an individual governor may make several proposals, so there may be many active proposals at any given time.

The data in this situation is not naturally mapped to local or global state. It would not be possible to store all the proposals in an app’s global state, since it is of limited size. It would not be possible to store each proposal in the proposer’s local state, since a proposer may make several proposals which could exceed the size of their local state.

With boxes, the solution seems simple enough: one box per proposal, e.g. “Anne’s Do Good Proposal”. The box contains the proposal verbiage and vote options.

But where should the votes themselves be stored? The contract needs to track who has already voted to make sure they don’t vote again. It can thus create one box per vote, e.g. “Alice’s vote for Anne’s Do Good Proposal”. This would be a very small box, and there would be many of them (as many as there are votes).

Without boxes, developers would have been forced to make compromises like allowing only one open vote at a time — such that the information fit in the contract’s global state. These constraints are no more, and the technical possibilities opened up by boxes are stimulating new ideas across the ecosystem.

Boxes not only strengthen existing dapps by simplifying their architecture, but also enable new use cases and secure interoperability operations. Boxes are a game-changer for Algorand. The number of projects that have been relentlessly banging on my door to ask me when boxes are being released is just the latest indicator.

The AVM was built from the get go with secure and performant Smart Contract development in mind: native atomic swaps, assets, smart contracts — and now unlimited Smart Contract storage. The AVM has become one of the most powerful and versatile Smart Contract platforms in the business.

For all the technical details about boxes and how to use them, please see the developer portal article: https://developer.algorand.org/articles/smart-contract-storage-boxes/

What are you putting in your box? was originally published in Algorand on Medium, where people are continuing the conversation by highlighting and responding to this story.