Avoiding Vendor Lock‑in: Our Approach to Open Source Delivery

---

So, you just sent out a proof of concept along with this really cool demo... but it’s all locked up tight in a closed box.

Hey, just a heads up! If you're thinking about diving into a DEX engine or settlement contracts, remember that they’re covered by something called a Business Source License (BUSL). Just thought I’d share that little tidbit! So, it looks like you won’t have full open-use rights for a bit longer. So, here's a quick rundown: Uniswap v3 kicked off using the BUSL license but later made the switch to GPL. Now, as for v4, it's still rocking the BUSL, but there’s a change coming up on June 15, 2027. Just something to keep in mind! This could definitely be a deal-breaker for many enterprise RFPs and local projects. (support.uniswap.org).

• With the zk stack, you’re tied to just one prover runtime. So, basically, you can't just move things around, swap out verifiers, or redeploy without getting the go-ahead from the vendor. Oh, and we can’t overlook the changes in protocols! You know, with Ethereum rolling out its Pectra upgrade in 2025, they’re bringing in a BLS12-381 precompile (that’s EIP-2537 for those keeping score). This is going to shake up the verification economics on EVM chains quite a lot! If your systems are stuck using other curves or special verification tools, you’re definitely going to notice the squeeze. (blog.ethereum.org).

Thinking about upgrading your system? No worries, that’s all handled off-platform. Absolutely, there are proxies out there, but if your admin happens to be a third party or a SaaS bot, then any upgrades are really in their hands, not yours. OpenZeppelin is now recommending that you go with UUPS paired with ERC-1967 slots. Just a heads-up, it’s super important to have governance set up right from the start! (docs.openzeppelin.com).

Hey, just a heads up! Keep an eye out for infra coupling that might slip in through those APIs. Execution clients use a standard JSON-RPC setup, which means your app should be able to easily swap between Erigon, Nethermind, self-hosted options, and managed providers without needing to tweak any code. It's pretty cool how that works, right? If that's not an option, you could end up stuck with just one RPC vendor. (ethereum.org).

The real price we pay often shows up in missed deadlines and lost opportunities.

• Procurement delays: Legal teams can’t give the thumbs up without having clear IP rights, SPDX identifiers, and a solid Software Bill of Materials (SBOM) ready to go. That's where OpenChain ISO/IEC 5230 really shines--it simplifies the licensing process during procurement, making everything a whole lot easier! If you skip this step, you're basically just prolonging the deal process. Also, CycloneDX v1. Great news! Version 6 has officially been recognized as an Ecma International standard, and now there’s a ton of interest from buyers. It seems like everyone is on the hunt for it! (iso.org).

Sure! Here’s a more casual and relatable version of the text:

• Regulatory and security drift: So, here’s the scoop on the guidance from the U.S. Federal folks are really leaning more on NIST’s SSDF these days. The White House has actually asked NIST to roll out an update for the SSDF in 2025. And guess what? They’re already working on the draft for SSDF 1. Number 2 is already out and about! If you can’t support your claims with SLSA-style provenance and signed artifacts, be prepared for some longer audits and maybe even a few exceptions along the way. (whitehouse.gov).
• Engineering rework: If your zk verifier is locked into the wrong curve or precompile, get ready for some serious gas fees that just won’t budge. It's a real headache! So, remember how EIP-1108 made alt_bn128 a lot more affordable way back? Well, around that same time, Pectra also rolled out those cool BLS12-381 precompiles. Pretty neat developments, right? If you didn’t take these into account for your zk verification plan, you might end up scrambling to make changes when time’s running out. (eips.exposed).
• Operational Fragility: So, when a vendor has the upgrade rights, is using a non-portable RPC, and depends on off-chain data tied to location instead of content, it creates a bit of a mess. You end up with a release that your Site Reliability Engineers just can’t completely take charge of. It’s frustrating, right? If you're looking to handle portable assets, you definitely want to get familiar with stuff like IPFS CIDs and permaweb gateways, like Arweave. Seriously, avoiding these means you're relying on someone else's server being up and running, which isn’t exactly ideal, right? So, embrace the tech and keep your assets safe and sound! (docs.ipfs.tech).

7Block Labs’ Open-Source Delivery Methodology (Made for Enterprises)

7Block Labs has created a really cool open-source delivery method designed just for businesses. This approach offers a really flexible and efficient way for companies to embrace the latest tech trends while making sure everything stays streamlined and collaborative.

Key Features

• Transparency: We keep things open and honest--nothing's hidden! You’ll get a behind-the-scenes look at how decisions are actually made and really grasp what goes into the whole process.
• Collaboration: This approach really highlights the importance of teamwork. By encouraging people from different departments to work together, it helps to break down those pesky silos and sparks creativity along the way.
• Customization: It’s super flexible! You can adjust the processes to match your unique needs and how you like to work.
• Community Support: Connect with a friendly network of contributors and experts ready to lend a hand as you get started with the methodology.

Benefits of the Methodology

• Speedy Delivery: Launch your projects faster than ever with a smoother process that cuts down on delays.
• Better Quality: With ongoing feedback, you can spot problems early on and keep those standards high.
• Cost Efficiency: Save some cash by taking advantage of open-source tools and platforms. They can really help cut down on those overhead expenses!

Getting Started

If you’re eager to get started, head over to the full documentation and resources we’ve got waiting for you at 7Block Labs. There's a lot to explore! This guide has got all the info you need to set your enterprise up for success with open-source delivery.

Conclusion

If you start using 7Block Labs’ approach, it could really change how your company handles project delivery. By prioritizing teamwork, personalization, and building connections, you'll be more than ready to tackle the challenges that come with today's tech landscape.

Hey, why not go for it? Your team might really appreciate it!

We bring together Solidity and ZK implementations to deliver real-world solutions that tick all the boxes for procurement standards. We do this using a simple, “open by default” approach that keeps things easy and accessible. Our goal is super straightforward: we want to give you tools that your team can easily handle on their own. Whether it’s managing, auditing, forking, or upgrading, we want you to be totally self-sufficient--no need to call us for backup!

1) Licensing, IP, and Compliance That Procurement Can Approve

When you're diving into procurement, getting a grip on licensing, intellectual property (IP), and compliance is crucial. It’s kind of like having a solid roadmap--you really don’t want to get lost in all the legal jargon! Here's a quick rundown of what you should keep in mind:

• Licensing: It’s super important to get a good grip on the various licenses that might come into play for the products or services you’re looking to buy. This can cover things like software licenses, content licenses, and a bunch of other stuff too.
• Intellectual Property (IP): It's super important to keep your IP safe. Just a heads up, keep an eye out for any patents, trademarks, or copyrights when you're going through the procurement process. It's always good to be aware of these things! You really want to avoid any legal headaches later on.
• Compliance: Make sure you're keeping tabs on the rules and regulations that impact your industry. It’s super important to stay informed! When it comes to things like data protection laws, environmental rules, or labor regulations, staying compliant is super important if you want to dodge those hefty fines.

When you keep these key elements in mind, procurement can really run like a well-oiled machine! Don’t forget to check in on and tweak your processes every now and then. It’s a great way to keep up with any changes that come your way!

• Permissive licensing: Whenever we whip up some new code, we go with Apache-2. It's our go-to choice! We're all about using MIT as our main license. You can easily spot the SPDX short identifiers right in each source file. Plus, you'll see a LICENSE/NOTICE at the repository level. We usually avoid using BUSL/SSPL for our production components unless we get a clear go-ahead from Legal for a specific exception. (spdx.org).
• REUSE conformance: To make everything simple, we slap on some SPDX file-level headers and throw in a REUSE manifest (you know, REUSE.toml or dep5). With this approach, you can trust that license scanning will hold up well during vendor reviews. (reuse.software).
• OpenChain alignment: We always put together a compliance folder that meets the OpenChain ISO/IEC 5230 standards. It’s our way of making sure everything's in line with the latest requirements. This folder has everything your procurement team needs to hit the ground running. You’ll find all the important policies, third-party notices, and attributions in one place, so they've got the right evidence right from the get-go. (iso.org).
• SBOM and provenance: We’ve rolled out CycloneDX v1. Here are six SBOMs (Software Bill of Materials) that you might find useful for smart contracts, services, and CI build images.
  Oh, and by the way, we sign our release artifacts and container images using Sigstore cosign. What’s cool is that it’s keyless thanks to GitHub OIDC, and we also include SLSA v1 for added security. Just to be safe, let’s grab a few provenance attestations. (cyclonedx.org).
• Security posture signals: In our Continuous Integration (CI) process, we run the OpenSSF Scorecard and share the results. We even make sure to pin our workflow actions for easy access! To check out the Scorecard findings, just head over to the Security tab in your repo. (github.com).

2) Solidity Upgradeability and Governance You Control

When you're diving into blockchain development, it's super important to make sure your smart contracts can be upgraded and that you keep a handle on governance. Having the ability to tweak things down the line and maintain control is key to making everything work smoothly. Alright, let’s dive into how you can make that happen using Solidity!

Why Upgradeability Matters

Once you launch a smart contract, there’s no going back - you can’t change it. That's why it's super important to have a solid plan for upgrades. So, if you're looking to tackle some bugs, roll out new features, or get in line with fresh regulations, you'll definitely want a smooth way to update your contracts. It’s all about making those changes without losing any data or throwing a wrench in your services.

Common Patterns for Upgradeability

1. Proxy Pattern: So, this is a pretty well-known technique that helps you keep the logic of your contract separate from the actual data. It’s a great way to manage things! So, you set up a proxy contract that basically directs everything to your logic contract. When you're ready for an upgrade, all you need to do is update the address in the proxy to point it to your new logic contract. It's pretty straightforward!

2. EIP-1967: This is a smart way to handle upgradeable contracts, making them a lot safer to manage. It lays out specific storage slots for upgradeable contracts, which really simplifies the process of using proxy patterns. This way, you can avoid those annoying storage conflicts that can pop up.

3. Eternal Storage: This is where you store the state of your contract in a different contract. You can upgrade the logic contract without messing with the stored data. This makes it a lot safer to implement any changes!

Governance You Control

Being able to manage your smart contracts is just as crucial as keeping them up to date. Governance structures are super helpful when it comes to making decisions about things like updating contracts, allocating funds, and a bunch of other important stuff. They really keep everything organized and running smoothly! Check out these governance models you might want to think about:

• Multi-Signature Wallets: So, these wallets are pretty cool because they need a bunch of signatures to make any changes or send funds. This extra step really bumps up the security, making it harder for anyone to mess with your stuff.
• Decentralized Autonomous Organizations (DAOs): With these, everyone involved gets a chance to weigh in on proposals, so it's like having a say in how the contract develops over time. It's pretty cool because it makes the whole process feel more collaborative!
• Timelocks: You have the option to implement a waiting period before any big changes go live. This way, everyone involved gets a chance to review things and share their thoughts before any decisions are finalized.

Conclusion

When you’re diving into upgradeability and governance for your Solidity projects, it’s a good idea to keep these strategies in your back pocket. Creating a solid system is key to adapting and really thriving in the fast-changing world of blockchain. If you want to dive deeper into Solidity and learn about upgradeability, definitely take a look at the Solidity Documentation. It's packed with useful info!

• Proxy pattern: We’re using UUPS proxies (ERC‑1822) and are setting them up with the ERC‑1967 storage slots. By doing it this way, we make sure that upgrade authorization is built right into the contract, using role-based checks. This keeps the proxies nice and lean while sidestepping those common headaches that come with “admin-only proxy” setups. Take a look at this link: (eip.directory). You’ll find some interesting stuff there!
• On-chain governance: So, when it comes to upgrades, we've got a system in place that ties into a TimelockController and a multisig (or Safe) setup. We’ve set a clear threshold for what needs to happen. So, proposals chill in this time-lock until one of the executors steps in to wrap them up after a little waiting period. No need to worry about outside custodians or anything like that! Learn more at: (docs.openzeppelin.com).
• Key management: We’ve got a super useful runbook that guides you through the process of migrating your deployer EOAs to hardware-backed multisig owners. It also helps you set the right thresholds and maps out emergency pause options just in case you need them. So, what this really means is that you’re in charge of the audit and recovery processes--it's all on you, not your vendor. Take a look at this: docs.safe.global. You'll find some pretty cool info there!
• Tooling: Before we roll out any deployments, we always double-check our storage layout upgrades with OpenZeppelin Upgrades Plugins (you know, whether we're using Hardhat or Foundry). We also take a careful look for any changes that might not be safe. It’s all about keeping things secure! If you want to dive deeper into this topic, just check it out here: docs.openzeppelin.com. Happy reading!

3) Portable ZK Designs Across Curves, Provers, and L2s

When we talk about Zero-Knowledge (ZK) designs, portability really matters. Let's chat about how simple it is to adapt these designs across various curves, provers, and Layer 2 solutions. Let’s break it down:.

• Curves: There are all sorts of cryptographic curves out there that can boost either your security or your performance. Having designs that can easily adapt to different curves gives us way more flexibility and makes things work together better.
• Provers: There are all sorts of proving systems out there, and each one has its own cool perks. Having a design that can easily work with different providers means developers can pick the one that suits their needs best without the hassle of starting all over again. Pretty convenient, right?
• L2s: So, Layer 2 solutions really focus on making things faster and more efficient. If we make sure that ZK designs work well across various L2s, we can really boost adoption and spark some exciting new ideas in the field.

What we're really aiming for is to develop ZK frameworks that are both super strong and flexible. This way, developers can dive into creating incredible projects without getting stuck on any technical hurdles.

• Curve strategy: So, after Pectra rolls out, EVM chains are going to include a cool new BLS12-381 precompile, joining the current BN254 (alt_bn128) precompiles already in place. We're working on setting up circuits to focus on either BN254 or BLS12-381, depending on what we need. Plus, we're also planning to create verifier contracts for each chain to help keep those gas costs low. (blog.ethereum.org).
• Prover optionality: We really love libraries that are flexible with their licenses and come with a lively ecosystem. A great example of that is gnark, which is licensed under Apache-2. 0), Halo2 forks (MIT/Apache‑2. You’re up to speed with data that goes right up to October 2023, including stuff about RISC Zero (which is under the Apache 2.0 license). 0/MIT). This lets you effortlessly switch backends without needing to rewrite all your business logic from scratch. (github.com).
• Verifiers and keys: We take care of verifying keys and parameters by treating them as content-addressed artifacts (CIDs). This means we use pinned hashes and keep track of versioned migrations to ensure everything runs smoothly. Any changes need to pass through governance and timelocks, which really helps keep those annoying “shadow” verifier swaps at bay. (docs.ipfs.tech).
• Bench hygiene: We’ve got some solid benchmarks ready to go, plus a straightforward plan for moving verifiers around if the gas economics take a turn (you know, like changing curves or batching pairings due to the latest updates from EIP‑1108/2537). (eips.exposed).

4) Portability at the Interface Layer: RPC, Data, and Indexing

When we're talking about portability, we really can't ignore the interface layer. It's such an important piece of the puzzle! This is where all the magic really goes down! Let’s take a closer look at three important areas: Remote Procedure Calls (RPC), how we handle data, and the nitty-gritty of indexing.

• Remote Procedure Calls (RPC): With RPCs, you can call functions on remote systems just like you would on your own machine. It’s pretty cool how it makes remote interactions feel so seamless! This really simplifies accessing services on various platforms without getting lost in the technical details of network protocols. They're totally into keeping everything easy and laid-back!
• Data Management: When we talk about portability in data, it basically means making sure that your data can be easily shared and used in different places. This includes using common formats and ways to serialize data. No matter if you're dealing with JSON, XML, or anything in between, keeping a consistent approach to managing your data is super important. Plus, it keeps you from dealing with those annoying compatibility problems down the road.
• Indexing: Getting the indexing right is super important for quickly fetching data, especially when you're dealing with distributed systems. With portable indexing methods, you can keep your performance steady no matter where your data is stored. This approach helps you ensure your apps stay speedy and responsive, regardless of the infrastructure they're built on.

With all these factors in mind, making the interface layer truly portable is way more achievable. This means your apps can become a lot more flexible and easier for users to navigate.

• RPC Independence: We follow Ethereum's JSON-RPC specs, which means you can smoothly transition between managed endpoints and self-hosted clients. Just a bit of tinkering with the configuration, and you’re all set! Make sure your dapp can smoothly connect with geth, Nethermind, Erigon, or reth instead of locking it down to just one provider's SDK. Keeping it flexible is the way to go! If you want to dive into the details, just click here.
• Content Addressing: So, when we're dealing with off-chain assets--think front-end bundles, metadata, and proofs--we rely on IPFS CIDs to keep everything organized. When we want things to stick around for the long haul, we turn to Arweave gateways rather than relying on those pesky location-based URLs. This way, we get to keep everything as is, plus it means we’re not locked into any specific vendor. If you want to dive deeper, feel free to check it out here.

5) Security Engineering: Tests That Survive Handover

In the world of security engineering, it’s super important to make sure your tests can handle the handover process without a hitch. So, once you've put your security measures in place, it's super important to make sure they keep working well and stay trustworthy, even if someone else steps in to manage things. Here are a few important things to keep in mind:

Why It Matters

• Continuity: It's super important that your security tests stay consistent, regardless of who's running the show. This really helps keep your systems running smoothly and securely.
• Trust: It’s super important for new team members to have confidence in the tests we already have in place. When they can grasp how to use and understand things easily, their confidence really starts to soar.

Key Strategies

1. Documentation: It’s super important to put together some clear and detailed docs. They should explain what each test is all about, give a simple rundown on how to run it, and show you how to make sense of the results. Don’t skip the details!.

2. Standardization: Whenever you can, stick to the tools and frameworks that are widely accepted in the industry. It just makes things easier! This really helps anyone new to jump right in and catch up quickly, without feeling overwhelmed by a big learning curve.

3. Training: Hey, don't overlook the importance of knowledge transfer! It’s a great idea to hold some training sessions or put together resources that explain the thought process behind your tests. This way, new team members can really get what you’re doing and why it matters.

4. Version Control: Make sure to use a version control system for your test scripts and any documentation you have. It really helps keep everything organized and in check! With this method, you can keep an eye on how things change over time and easily go back if you ever want to.

5. Regular Reviews: Make it a habit to check in on your tests every now and then. This way, you can keep them fresh and make sure they’re still doing their job effectively. This is a great opportunity for the new team to share their thoughts and ideas.

Conclusion

Getting your security tests ready for a handover really comes down to being well-prepared and keeping the lines of communication open. If you really want to set your team up for success--regardless of who's leading the way--it's all about nailing the basics. Think documentation, standardization, training, version control, and regular reviews. When you get these elements right, you’re creating a solid foundation that everyone can rely on.

• Static + fuzz: We’ll get Slither running in your CI, and on top of that, we can mix in some property-based fuzzing with either Echidna or Foundry. This covers invariant suites that focus on things like keeping values consistent, managing permissions, and ensuring everything is running smoothly. Your SRE team can totally keep running these checks even after we pass everything off to them. (github.com).
• Upgrade guards: We’ve added “post-audit diff checks” and storage-gap tests to help prevent any sneaky layout drift. Before you hit that promote button, just know that OpenZeppelin’s upgrade checks will give it a once-over. (docs.openzeppelin.com).
• Audit pipeline: If you're looking for a third-party review, we've got you covered! We'll handle all the coordination and ensure that their findings are seamlessly integrated into the CI gates. Plus, we'll put together a nice evidence pack for procurement, so you're all set!

Proof: GTM Metrics We Commit To and How We Measure Them

When it comes to figuring out how well our go-to-market (GTM) strategies are performing, we really value being open and taking responsibility. Let’s dive into the main metrics we keep an eye on and how we go about tracking them.

1. Customer Acquisition Cost (CAC)

What it is: This metric tells us how much we shell out to bring a new customer on board. It covers all sorts of things, like marketing costs and the salaries for the sales team.

How we measure it:
To figure out Customer Acquisition Cost (CAC), we use this formula:

CAC = Total Sales and Marketing Expenses / Number of New Customers Acquired

2. Customer Lifetime Value (CLTV)

What it is: So, CLTV basically helps us figure out how valuable a customer is throughout their whole journey with us. It's really important for us to get a grip on how our business will perform in the long run.

How we measure it:
To calculate CLTV, we use this formula:

CLTV = Average Purchase Value x Average Purchase Frequency x Average Customer Lifespan

3. Monthly Recurring Revenue (MRR)

What it is: This metric measures the steady income we can count on each month from our subscription services. It's all about that reliable cash flow! This helps us get a better idea of what our revenue might look like down the road.

How we measure it:
To figure out your MRR, you can use the following formula:

MRR = Total Number of Subscribers x Average Revenue Per User (ARPU)

4. Churn Rate

What it is: Churn Rate shows us the percentage of customers who decide to stop using our service over a specific period. Keeping this low is really important for our growth.

How we measure it:
So, here’s how we figure out the churn rate:

Churn Rate = (Customers at Start of Period - Customers at End of Period) / Customers at Start of Period

5. Net Promoter Score (NPS)

What it is: NPS, or Net Promoter Score, is a tool we use to find out how loyal our customers are and how satisfied they feel. It gives us an idea of how likely our customers are to recommend us to their friends and family.

How we measure it:
We collect feedback using a straightforward survey question.

"Hey, if you had to rate us from 0 to 10, how likely are you to recommend us to your friends or coworkers?"

Next, we sort the respondents into three groups: Promoters, Passives, and Detractors. This helps us figure out the score.

Conclusion

When we keep an eye on these metrics, we get a clearer picture of how we're doing, which helps us make smarter choices. It's really about making sure we're staying on course and always finding ways to enhance our go-to-market strategies. Let’s keep pushing forward!.

We're not just about going with the flow and trusting the vibe. "Instead, we like to kick things off with some clear, measurable goals during a 90-day pilot. We keep a close eye on these goals, just like we would with any major program."

• Getting Approval Time (Procurement): It usually takes under 30 days to get the green light on IP and licensing documents when you’re using OpenChain-aligned materials. This includes stuff like the license matrix, REUSE headers, and THIRD_PARTY_NOTICES, plus a CycloneDX SBOM. OpenChain is all about making procurement easier by setting clear, standardized compliance expectations. (iso.org).
• Release Integrity (Security): We take security seriously! That's why we make sure that every single one of our release artifacts is signed using Sigstore with keyless signatures. Plus, they all come with SLSA v1 to keep everything nice and secure. 1 provenance. Also, we make sure to publish a Software Bill of Materials (SBOM) for every single component. This setup really hits the mark with the latest SSDF expectations and has us all geared up for what’s coming in 2025! (slsa.dev).
• Governance Control (Ops): When we go live, we make sure that there are no upgrade keys held by the vendor. All the upgrade options are handled by the TimelockController and Safe, and don’t worry, everything’s laid out clearly with documented roles and service level agreements (SLAs). It's all set up to keep things smooth and organized! (docs.openzeppelin.com).
• ZK Portability (Eng): So, we’ve got two provers up and running in our CI environment, kinda like gnark and a zkVM path. Plus, we made a change with one of our EVM verifiers, switching from BN254 to BLS12-381 on the testnets. Exciting stuff! We actually share updates on gas and runtime deltas too! (github.com).
• RPC Portability (SRE): Thanks to our blue/green deployment strategy, we can easily switch between at least two RPC providers and one self-hosted client without needing to tweak any code. How cool is that? We’ve double-checked this with some integration tests that are based on Ethereum’s JSON-RPC. (ethereum.org).

What This Looks Like in Practice (Short Examples)

Example 1: A Simple To-Do List

Picture this: you’ve got this super simple to-do list app that’s just perfect for helping you stay on top of everything you need to tackle each day. Here’s a little glimpse of what that could look like:

const todoList = [];

function addTask(task) {
    todoList.push(task);
}

function displayTasks() {
    todoList.forEach((task, index) => {
        console.log(`${index + 1}: ${task}`);
    });
}

// Adding tasks
addTask("Finish homework");
addTask("Go grocery shopping");

// Displaying tasks
displayTasks();

This code lets you easily add tasks to your list and gives you a clear view of everything at once!

Example 2: Fetching Data from an API

Imagine you want to pull some info from an API. Here's an easy way to tackle that:

fetch('https://api.example.com/data')
    .then(response => response.json())
    .then(data => {
        console.log(data);
    })
    .catch(error => {
        console.error('Error fetching data:', error);
    });

With this, you can grab some cool info from an API and tackle any bumps in the road as they come up.

Example 3: User Input Form

Check this out! Here’s a quick example of a user input form that’s designed to grab someone’s name:

<form id="userForm">
    <label for="name">Enter your name:</label>
    <input type="text" id="name" name="name">
    <button type="submit">Submit</button>
</form>

<script>
document.getElementById('userForm').addEventListener('submit', function(event) {
    event.preventDefault();
    const name = document.getElementById('name').value;
    console.log(`Hello, ${name}!`);
});
</script>

So, when someone fills out this form and hits submit, it’s actually going to greet them by name. How cool is that?

Example 4: A Basic Calculator

Check out this easy-to-use calculator that can do addition!

function add(a, b) {
    return a + b;
}

console.log(add(2, 3)); // Outputs: 5

This simple little function lets you easily add two numbers together. Simple but effective!.

Example 5: Styling with CSS

Looking to spice up your webpage? Why not give CSS a try! Here’s a quick example:.

body {
    background-color: lightblue;
    font-family: Arial, sans-serif;
}

h1 {
    color: navy;
}

With this look, your page is going to feel super fresh and welcoming! A bit of CSS can really transform things!

• DEX engine with forward-thinking licensing: We’ve just launched our matching engine along with pool contracts, and we're using the Apache-2 license for that. You've got a 0 license ready to go, and it comes with all the necessary SPDX headers and a REUSE manifest. Our team managed to navigate around the BUSL issues that have caught some other AMM projects off guard--just think about Uniswap's switch from BUSL to GPL/MIT. We got everything legally sorted out in less than three weeks, which feels like a pretty awesome accomplishment! Check it out here.
• zk Verifier Migration after Pectra: So, one of our clients was using a verifier that ran on BN254. Once Pectra rolled out the BLS12-381 precompiles, we decided to mix things up a bit. We took the plunge and compiled a halo2-based circuit to work with BLS12-381, and then we updated the verifier on an L2 staging network. It was an exciting move! This change not only helped cut down on verification costs but also made sure that the BN254 path was still accessible for the older chains. If you want to dive deeper into this topic, check out the details here. It’s a great resource!
• Enterprise front-end and data: We created our assets in a way that's easy to reproduce, tying them to IPFS CIDs. Plus, we even mirrored them on Arweave for that added durability.
  Every release artifact includes Software Bill of Materials (SBOMs) and SLSA attestations, all securely signed with cosign. With this setup, our AppSec team can easily verify that the supply chain is all good--no extra exception tickets needed! Want to learn more? Check it out here for a deeper dive!

Why This Matters for ROI (Beyond Engineering Neatness)

When you're trying to figure out ROI, it's not just about having neat and tidy code. There's a lot more to consider! Sure, keeping things tidy in engineering is super important, but let’s take a moment to explore why it actually affects your profits.

1. Maintenance Costs

Clean code makes it so much easier to maintain things! When your code is clean and easy to follow, it makes it a lot easier for other developers to step in and fix issues or add new features. This helps keep maintenance costs down in the long run. When your code gets messy, it can really start to eat up your time and money just trying to keep everything running smoothly.

2. Scalability

When you stick to good engineering practices, you’re setting yourself up for scalable solutions. It's all about making sure your work can grow and adapt as needed! When your first design is organized and neat, it makes it a lot simpler to tweak things as your business expands. Having this kind of flexibility helps you keep development costs in check as you grow, which, in turn, really gives your ROI a nice boost. On the bright side, if your code is clean and organized, scaling up can be a breeze. But if your code’s a jumbled mess, getting it to scale could mean a total redo, and trust me, that’s going to cost you a pretty penny.

3. Time to Market

The tidier your code is, the quicker you can push out updates or roll out new features. When you iterate quickly, you can get things to your users faster, and that can really boost your revenue. If you're stuck in a never-ending development cycle because of messy code, you're wasting valuable time and money.

4. Team Morale

You might be surprised, but having tidy code can really boost team morale! When developers are dealing with clean and easy-to-manage code, they tend to enjoy their work more and feel a sense of achievement. It's amazing how much a little organization can make a big difference! When a team is happy, they tend to work more efficiently, which can boost productivity and, in the end, result in a healthier return on investment.

5. Customer Satisfaction

Last but certainly not the least, clean code can really make a difference when it comes to the user experience. When apps and systems are built on a strong foundation, you're way less likely to run into downtime or pesky bugs. When your customers are happy, they’re more likely to come back for more and spread the word about you. This not only boosts your repeat business but also leads to great referrals, which can really give your return on investment a nice boost.

So, here’s the deal: it might be easy to think that keeping things neat is just a little detail that doesn’t matter much, but honestly? It can really make a big difference in your overall return on investment. It's all about making things simpler when it comes to maintenance, making it easier to scale up, and speeding up delivery. And of course, we want to keep both your team and your customers really happy along the way! Hey, let’s not forget how important clean coding practices really are!

• Lower exit costs: Saying you're "exit-ready from day one" is more than just a clever tagline--it's a real game changer when you're negotiating renewals.
• Speedy procurement cycles: When you have clear license terms, a Software Bill of Materials (SBOM), and a way to trace where everything came from, it really cuts down on those never-ending back-and-forth chats. We're talking weeks saved here!
• Save on future gas costs: By choosing your verifiers and curves as the EVM evolves, you can really keep your spending in check. It's a smart move that puts you ahead in terms of expenses! You can totally see how this all unfolds with EIP-1108 and EIP-2537. You can take a look at them right here: eips.exposed. Enjoy exploring!
• Operational resilience: By managing governance and infrastructure in-house and utilizing content-addressed artifacts, you can reduce the risk of single points of failure. This approach helps ensure that your operations remain smooth and reliable.

How We Engage (And Where to Start)

Connecting with others doesn’t have to be a hassle! Let’s simplify things and go through some straightforward steps you can start using right now.

Understanding Engagement

Engagement really comes down to making connections. No matter if you're hanging out with friends, catching up with family, or working alongside colleagues, having those deep, meaningful conversations can really strengthen our connections and help build a supportive community around us.

The Importance of Listening

One of the most important things about connecting with others is being a good listener. It's pretty incredible what you can pick up when you really focus and tune in. Here are some tips:.

• Make eye contact
• Nodding along or throwing out a "yeah" or "totally" here and there.
• Avoid interrupting

When you really listen, it shows the other person that their thoughts and feelings matter to you.

Ask Open-Ended Questions

You know, asking questions is a great way to keep the conversation flowing. It really gets things going! Try to ask questions that require a bit more thought rather than just a quick "yes" or "no." This way, you'll get richer, more detailed answers. For example:.

• "What’s your favorite thing about your job?" “So, what got you into that hobby?”

Asking questions like these really helps spark a deeper conversation.

Finding Common Ground

Try to find common interests or experiences you both share. This can really help build a connection and keep the conversation going effortlessly. Hey, feel free to share a bit about yourself as well! It helps make the conversation feel more even and personal.

Where to Start

If you're feeling a bit lost on how to get started, here are some ideas to help you out:

1. Start Small: Kick things off by chatting with folks you run into on the regular, like your coworkers or neighbors. It’s a great way to ease into conversations! 2. Get Involved with a Group: Dive into clubs or activities that spark your interest. It's a great way to meet new people and have some fun! This is an awesome way to connect with new folks! 3. Get on Social Media: Sites like Twitter and Facebook can really help you connect with people. Feel free to drop your thoughts or leave a comment on any posts that really speak to you!

Conclusion

Just keep in mind that engagement really comes down to making genuine connections with others. Whether you’re striking up a conversation with someone new or looking to strengthen a friendship, just be yourself and enjoy the moment!

• 90-day pilot: We're kicking off an exciting project that’s both achievable and impactful. Picture this: we'll be working with one Solidity domain, teaming it up with a zk verifier and adding some governance elements in the mix. It’s all about keeping it simple but making it count! Here’s what we’ve got lined up for you:
• We've got an open repository that's completely accessible to everyone, and it's under the Apache-2 license! You’re looking at something that's either under the MIT license or has similar standards, which means it comes with the right SPDX/REUSE headers, LICENSE/NOTICE files, and THIRD_PARTY_NOTICES. Give it a look over at reuse.software! You won't want to miss it. We’ve got this awesome Continuous Integration (CI) setup that incorporates a bunch of cool tools. First off, there's Slither, which helps us analyze security. We also do fuzzing to catch any bugs, and we make sure our test coverage is on point. Plus, we use the OpenSSF Scorecard to keep track of our security posture. To top it all off, we generate CycloneDX Software Bill of Materials (SBOM) and utilize Sigstore for signing with SLSA compliance. It's a solid way to ensure everything is running smoothly and securely! More details here: (github.com). Alright, here’s the deal with governance: We’re planning to roll out UUPS upgrades that will be managed by the TimelockController and Safe. Plus, we’ll be putting together some handy runbooks to help with key rotations and any emergency situations that pop up. If you're looking for more info, check out the docs at docs.openzeppelin.com. They’ve got everything you need! So, when we talk about RPC and making data easily portable, we've got some cool features coming your way! We’ll be introducing the ability to swap out your JSON-RPC providers and use CID-pinned assets. Plus, if you're a fan of Arweave, we have you covered with an option for that too! Check it out for all the details: (ethereum.org). You’ll find everything you need there!
• Documentation that makes sense: We'll provide you with some solid ADRs, a handy RACI chart, and a SOC2-friendly evidence pack. This will come with SBOMs, signed attestation bundles, and the necessary dependency licenses. We've got you covered!

Where 7Block Fits Your Roadmap

When you're putting your project together, it's super important to figure out how 7Block can smoothly fit into your bigger game plan. Let me give you a quick overview of how this fits in with your goals:

1. Project Kickoff

Right from the start, 7Block is here to help you map out your goals and really nail down your vision. With our tools, you can effortlessly outline your goals and set yourself up for success.

2. Development Phase

Throughout the development process, 7Block makes sure everything stays organized and on point. With our platform, you can collaborate in real-time, making it easy for your team to stay connected and handle any challenges that come up on the spot. Plus, the insights you gather can really help shape your choices down the line!

3. Testing and Feedback

As you get ready for the testing phase, 7Block really stands out by making it super easy to gather feedback. You can quickly get feedback from stakeholders and users, making sure you're heading in the right direction before you launch.

4. Launch Ready

Ready to launch? 7Block has got you covered with everything you need to ensure it's a hit! We’ve got you covered with everything you need--from marketing tools to analytics. You’ll be all set to dive right in and get started!

5. Post-Launch Support

Even once your project is up and running, we’ve got your back at 7Block! We're all about keeping things up to date and improving as we go, so you can make sure your project stays fresh and relevant!

Conclusion

7Block is all about making your project experience easier, right from that first lightbulb moment when you come up with an idea to those little tweaks and improvements after your launch. When you weave our tools into your plans, you’re really setting yourself up for success at every turn. It's like having a reliable guide on your journey!

If you're curious and want to know more, just hop on over to our website!

• Want to build some solid core systems? Our custom engineering services for open platforms, including Solidity, zk, and cross-chain, give you the flexibility you need to stay agile and adapt to whatever comes your way. Take a look at our custom blockchain development services and web3 development services to get more details! We’d love to help you explore what we have to offer! In a pinch and need top-notch code fast? Don’t worry! Our awesome teams specialize in smart contract development and DeFi development services. We create upgradeable, audited components that are all set up with your governance keys. Just let us know what you need, and we’ve got your back! Looking to keep your independence while navigating different ecosystems? Check out our awesome cross-chain solutions and bridge development services. They’ll help you stay flexible and avoid being locked into just one vendor. If you’re looking for security and reassurance, our security audit services have got you covered! We combine Slither and fuzzing results into one neat evidence pack, making it super easy for your AppSec team to check everything out.

Best Emerging Practices We Recommend You Adopt Now

In today's fast-moving world, it’s essential to stay on top of the latest trends and practices to keep ahead of the game. Check out these top emerging practices that we really think you should get in on:

1. Embrace Remote Work Flexibility

Remote work has definitely evolved beyond just a quick solution for right now. Adopting a flexible work culture can really boost employee happiness and ramp up productivity. Think about creating some policies that let employees pick when and where they want to work. It could really make a difference!

2. Focus on Mental Health

Taking care of your mental health is super important. It's super important to offer resources such as counseling and wellness programs. We really want to foster an environment where everyone feels at ease talking about their mental health. Creating that kind of culture can make a big difference!

3. Invest in Continuous Learning

Since technology is always changing, it's super important to keep learning and growing. How about setting up some training sessions and online courses? Plus, let’s make sure everyone has access to resources that help keep their skills fresh and current. It’s a great way to keep the team sharp!

4. Adopt Agile Practices

Agile methodologies are a great way for your team to quickly adapt to changes. They keep everyone flexible and ready to pivot when needed! Hey there! If you want to ramp up efficiency and teamwork in your project management, it's time to start embracing agile practices. Trust me, it can make a real difference!

5. Prioritize Diversity and Inclusion

Having a diverse team means you get a mix of different viewpoints, and that’s a great way to spark innovation. Make it a priority to create a welcoming space where everyone feels appreciated and has a voice.

6. Leverage AI and Automation

Using AI and automation can really help simplify tasks and improve the way we make decisions. Check out some tools that can help automate those boring, repetitive tasks. This way, your team can spend more time on the big picture stuff that really matters.

7. Implement Sustainable Practices

Going green isn’t just some passing fad; it’s where we’re headed. Consider adopting sustainable practices in your operations, like cutting down on waste or tapping into renewable energy sources. Not only will this boost your brand image, but it’ll also make a positive impact on the environment. It's a win-win!

8. Enhance Employee Experience

When you really pay attention to the overall experience of your employees, it can make a huge difference in how engaged they feel at work. Make it a habit to collect feedback often and use it to make changes that really enhance their daily experience.

Conclusion

Embracing these new practices isn't just about staying current; it’s a smart move for ensuring your organization thrives in the long run. Why not kick off these strategies today? You’ll be amazed at how your workplace starts to change for the better!

Just think of "open-by-default" as a must-do thing. It's really something you can't skip out on! Make sure every PR has the SPDX/REUSE headers included, along with documentation that follows the OpenChain guidelines. Don't forget to add the CycloneDX SBOM and provide SLSA provenance too! Take a look at this: reuse.software. It’s worth checking out!

• Let’s make zk adaptable so it can handle changes for both the curve and the prover. After we wrap up with Pectra, let's dive into those BLS12-381 verifiers on the EVM. And don’t worry, we’ll still hold onto the BN254 routes when we need them. Just a quick reminder: it's way better to measure things than to just guess! Check it out here: (blog.ethereum.org).
• Put governance on-chain. Just a heads up, there aren't any upgrade keys with the vendors. So, if you're looking to make upgrades, you'll need to go through the TimelockController and Safe. Make sure to keep an eye out for the clear delay period that will be announced! Check out all the details right here: docs.openzeppelin.com.
• Just ensure that RPC and data can flow smoothly without any hitches. Make sure to follow the JSON-RPC guidelines and use content addressing, like IPFS or Arweave, for anything that’s happening off-chain. More info at: (ethereum.org).
• Keep flaunting your security approach! Make sure to share those Scorecard results, sign the artifacts with cosign, and don’t forget to throw in the SBOMs too! Seriously, your auditors are going to be so grateful! Check it out over at GitHub.

The Money Phrases Worth Repeating

You know, when you really want to make your point, there are just certain phrases that really resonate, right? Here’s a quick list of some money phrases that can seriously make a difference!

Why They Matter

Using strong phrases can really shift how people see your message. They can motivate you to take action, stir up feelings, or just help make your point clearer. Whether you’re chatting with your team, pitching to clients, or just trying to pump yourself up, make sure to keep these tips close by.

Here are some phrases to consider:

• "Let's try to get a little creative here. ". This is just what you need for those brainstorming sessions when you want to spark some creativity!
• "So, here's the deal..." This is perfect for highlighting the main points or clarifying decisions.
• "I’m all ears."
  A chill way to let people know you’re all ears and ready to chat with them.

"It's not really about how we stumble; it's all about how we pick ourselves back up again." "**. Hey there! Just a little reminder that setbacks are totally normal and an important part of the journey. Don’t let them get you down--each bump in the road is just a chance to learn and grow. Keep pushing forward!

• "It's all about failing fast and learning quickly." ". This is perfect for those moments when you really want to dive into trying new things and being flexible.

A Few More to Keep in Mind

• "Let’s circle back."
  Great for those times when you want to circle back to a topic down the road.
• "Looks like we're in sync!" "**. Let’s use this to help get everyone on the same page within the team.

"Hey, let's chat about this later." "**. This is just right for those conversations that really need some extra time to dig in, especially when there's not enough time to fully cover everything.

• "You know what they say, actions speak louder than words." "**. It's a good reminder that sometimes our actions speak louder than our words. What we actually do can have a bigger impact than what we say.

Conclusion

Make sure to have these phrases handy! They can really help you get your point across better and leave a lasting impression in your conversations. At the end of the day, it’s not just about what you say, but also about how you say it!

• **All set to hit the ground running right from day one! **.
• **No unexpected surprises during production, so you know exactly what to expect. **.
• So, with UUPS, Timelock, and Safe combined, you’ve got upgrades that are totally in your hands. **.
• Think of it this way: when you combine SBOM, SLSA, and Sigstore, you get releases that are all prepped and primed for auditing. It’s like having everything in order before the big check! **.
• The flexibility of Curve and its prover can really help you cut back on gas expenses in the future. **.
• With JSON-RPC and content addressing, you don’t have to worry about being locked into one specific vendor. **.

Hey there! How about kicking off a 90-day pilot with us? We’d love to demonstrate what we can achieve, specifically within your codebase. It'll be a great way to see our capabilities in action! You'll have access to clear metrics, signed documents, and total control over your keys and governance.

Selected References

If you're looking for portability, definitely take a look at the Ethereum JSON-RPC API. It's got you covered! If you're looking for more details, just check this out here! Hey there! So, Uniswap is making some changes to its licensing. They're shifting from the v3's BUSL license to the GPL, and for v4, it'll go from BUSL to the MIT license. Pretty interesting move, right? Get the details here. Hey everyone! Exciting update: the Pectra mainnet has been officially announced! Also, we've got some new info on EIPs, including EIP-2537. Stay tuned for more details! Check out more details on the blog right here. It's worth a read! Hey there! If you're looking to save on gas, you should definitely take a look at the BN254 gas reductions from EIP‑1108. If you’re looking for more details, you can check it out here.

• Need some licensing info? Check out the SPDX license list and its identifiers--they’re exactly what you’re looking for! Check it out here. Hey there! Just wanted to let you know that there's a fresh REUSE spec available for file-level SPDX. Get the scoop here. Hey there! If you’re interested in procurement compliance, you really should check out the OpenChain ISO/IEC 5230--it's definitely worth a look! If you're looking for more info, you can check it out here.
• CycloneDX v1. So, version 6 has officially been approved as a standard by Ecma International! Want to dive deeper into the details? Check out the full story here! Hey, have you heard about cosign? It’s this awesome keyless signing feature from Sigstore that you should definitely check out! You can check it out on GitHub right here.
• SLSA v1. Guess what? I just got the green light! 🎉 If you’re curious about the details, check it out here. Make sure you're staying in the loop with the latest updates from NIST on the SSDF! There's some exciting stuff going on right now! Take a look at it here. Hey everyone! I just wanted to share some cool news from OpenZeppelin. They've rolled out some awesome updates regarding UUPS/ERC-1967 and the TimelockController governance. Definitely worth checking out! Check out the details right over here. You’ll find some cool info waiting for you!
• And hey, don’t forget to dive into IPFS content addressing and check out those Arweave gateways! If you're looking for all the info you need, just check it out here. It’s got everything laid out for you!

Looking to ease the delivery stress and explore your options? Why not book a 90-Day Pilot Strategy Call with us? We'd love to help you out!