Hardhat Configuration: Tooling for Smart Contracts

We design and develop full-cycle blockchain solutions: from smart contract architecture to launching DeFi protocols, NFT marketplaces and crypto exchanges. Security audits, tokenomics, integration with existing infrastructure.
Showing 1 of 1All 1305 services
Hardhat Configuration: Tooling for Smart Contracts
Simple
~2-3 hours
Frequently Asked Questions

Blockchain Development Services

Blockchain Development Stages

Latest works

  • image_website-b2b-advance_0.webp
    B2B ADVANCE company website development
    1349
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1247
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    949
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1183
  • image_logo-advance_0.webp
    B2B Advance company logo design
    642
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    921

Hardhat Configuration: Tooling for Smart Contracts

We configure Hardhat for projects where development speed and deployment reliability are critical. Incorrect configuration leads to hours wasted debugging tests, repeated deployments, and lost data. Our experience shows that proper Hardhat setup immediately enables incremental compilation, parallel tests, and idempotent deployment. Result: CI/CD knows what to do without manual instructions. In one project, configuration took 3 days, and the time saved on repeated deployments was 70%.

Imagine: you write a smart contract, compile, deploy to a testnet, test — and repeat dozens of times a day. Every configuration mistake costs time and money. Incorrect Hardhat settings can lead to contract bugs, 15-20% higher gas, and even loss of funds. We configure Hardhat so development is fast and deployment is secure.

Basic Configuration

Minimum hardhat.config.ts for a production project:

import { HardhatUserConfig } from "hardhat/config";
import "@nomicfoundation/hardhat-toolbox";
import "@openzeppelin/hardhat-upgrades";
import "hardhat-deploy";
import "hardhat-contract-sizer";

const config: HardhatUserConfig = {
  solidity: {
    version: "0.8.24",
    settings: {
      optimizer: { enabled: true, runs: 200 },
      viaIR: true,
    },
  },
  networks: {
    hardhat: {
      forking: { url: process.env.ALCHEMY_MAINNET_URL! },
      chainId: 1,
    },
    polygon: {
      url: process.env.ALCHEMY_POLYGON_URL!,
      accounts: [process.env.DEPLOYER_PRIVATE_KEY!],
      gasPrice: "auto",
    },
  },
  gasReporter: {
    enabled: process.env.REPORT_GAS === "true",
    currency: "USD",
    coinmarketcap: process.env.CMC_API_KEY,
  },
};

viaIR: true is important for contracts with "Stack too deep" errors — Solidity documentation recommends it for complex contracts. Without the IR compiler, this error often occurs, but compilation time increases by 30-50%. We ensure the configuration covers all typical scenarios.

Plugins That Actually Matter

Plugin Purpose When mandatory
hardhat-deploy Manage deployments: named accounts, fixtures, tagging When working with multiple networks
hardhat-contract-sizer Check bytecode size (EIP-170) Before mainnet deployment
@nomicfoundation/hardhat-toolbox Meta-plugin: ethers, waffle, chai-matchers, verify Always (replaces 6 separate plugins)
@openzeppelin/hardhat-upgrades UUPS/Transparent Proxy: storage layout check When using proxies

hardhat-deploy — idempotent deployments with support for named accounts, fixtures, and tagging. Deploy scripts store artifacts in deployments/ and are idempotent: re-running does not redeploy already deployed contracts. Indispensable when working with multiple networks.

hardhat-contract-sizer — checks contract size. EIP-170 limits bytecode to 24576 bytes. Hitting this limit unexpectedly on mainnet deployment is unpleasant. The plugin shows size after each compilation.

@nomicfoundation/hardhat-toolbox — meta-plugin that includes hardhat-ethers, hardhat-waffle, hardhat-chai-matchers, hardhat-network-helpers, hardhat-verify. One dependency instead of six.

@openzeppelin/hardhat-upgrades — if the project uses UUPS or Transparent Proxy. The plugin checks storage compatibility before upgrade deployment: if the new contract violates storage layout, you learn about it before losing data on mainnet.

Production Configuration

Production configuration differs from development: enable optimizer with runs: 200, fork mainnet for tests, enable gas reporter. Use hardhat-deploy to manage deployments — it cuts repeated deployment time by 5x.

How to Speed Up Hardhat Tests?

Slow tests are often caused by improper fixtures. The loadFixture pattern from hardhat-network-helpers allows snapshotting the network state after deployment and reverting to it before each test instead of redeploying. Comparison: without loadFixture (redeploy) — 5 minutes for 200 tests, with loadFixture — 30 seconds. 10x faster.

async function deployTokenFixture() {
  const [owner, alice, bob] = await ethers.getSigners();
  const Token = await ethers.getContractFactory("MyToken");
  const token = await Token.deploy(ethers.parseEther("1000000"));
  return { token, owner, alice, bob };
}

it("transfers tokens", async () => {
  const { token, alice } = await loadFixture(deployTokenFixture);
});

Benefits of hardhat-deploy

This plugin provides idempotency: re-running does not create duplicate contracts. Named accounts (via hardhat.config.ts) avoid hardcoding addresses. Tagging allows deploying only changed contracts. As a result, deployment becomes predictable and reproducible.

Criteria Manual deployment hardhat-deploy
Idempotency No — duplicates on re-run Yes — safe to re-run
Named accounts Hardcoded addresses Via config
Tagging No — deploy everything Only changed contracts
Time for 3 networks ~2 hours ~25 minutes

Integrating Hardhat with CI/CD

GitHub Actions for automatic test execution and verification:

- name: Run tests
  run: npx hardhat test --network hardhat
  env:
    ALCHEMY_MAINNET_URL: ${{ secrets.ALCHEMY_URL }}

- name: Verify contract
  run: npx hardhat verify --network polygon ${{ steps.deploy.outputs.address }}
  env:
    POLYGONSCAN_API_KEY: ${{ secrets.POLYGONSCAN_KEY }}

Verification in CI requires constructor arguments to be deterministic or saved as deployment artifacts. hardhat-deploy automatically saves arguments in deployments/polygon/ContractName.json.

What's Included

  • Full Hardhat configuration tailored to your project: network settings, optimizer, plugins.
  • Writing deploy scripts using hardhat-deploy.
  • Test integration with loadFixture and coverage setup.
  • CI/CD: configuring GitHub Actions for automatic testing and verification.
  • Documentation on using the environment.
  • 90 days of support after delivery.

Estimated Timeline

Hardhat configuration for a typical project takes 2 to 5 days depending on contract complexity and number of networks. Cost is calculated individually after evaluating the scope of work. We'll evaluate your project in one business day — contact us. Get a consultation on Hardhat setup.

Our team has 5 years of experience in Ethereum and related L2 development, 50+ successful mainnet deployments. Certified developers ensure stability and security of the configuration.

Smart Contract Development

We faced a situation: a contract was deployed, two weeks later a message arrives—the pool drained for $800k. Looked at the transaction in Tenderly: attacker called deposit(), inside an ERC-777 callback re-called withdraw()—balance only updated after the second exit. Classic reentrancy, but not via ETH transfer—through an ERC-777 hook. ReentrancyGuard was only on withdraw().

Such cases are not rare. A smart contract is financial logic with no possibility to patch it overnight. Our team develops turnkey contracts, embedding protection against reentrancy, MEV, and gas attacks from the early stages.

How We Develop Smart Contracts Turnkey

We start with business logic audit and stack selection. Solidity 0.8.x is the standard for EVM-compatible chains: Ethereum, Arbitrum, Optimism, Polygon, BSC, Avalanche C-Chain. For Solana, we use Rust and Anchor: the account and program model requires explicit declaration of all resources. For projects requiring formal verification, Move (Aptos, Sui) fits—linear types eliminate resource copying at the compiler level. Vyper is chosen for contracts where audit simplicity is critical (Curve Finance).

Language Execution Model Typical Domain Risks
Solidity 0.8.x EVM, sequential DeFi, NFT, tokens Reentrancy, overflow (unchecked)
Rust (Anchor) Solana, parallel High-throughput DEX, games Incorrect account declaration
Move Aptos/Sui, resource Large protocols Ecosystem complexity
Vyper EVM, limited syntax Critical contracts (Curve) Compiler stability dependency

Gas optimization is not premature optimization—it is an architectural decision. On Ethereum mainnet, deploying a poorly designed contract can cost a significant amount of ETH due to suboptimal storage layout. Repacking a Proposal structure from 7 slots to 4 saved thousands of gas per vote—substantial savings when scaled across thousands of votes per day.

Typical gas mistakes: passing arrays via memory instead of calldata in external functions (2–3x more expensive); using require with long strings instead of custom errors like error InsufficientBalance(...). Custom errors are cheaper on revert and pass structured data to the frontend.

Why Smart Contract Audit Is Critical for Security

Audit is not a one-time check—it is a built-in development stage. We use three levels:

  1. Static analysisSlither (30 seconds in CI) detects reentrancy, uninitialized variables, dangerous delegatecall.
  2. Fuzzing and invariant testsFoundry with --fuzz-runs 50000 finds edge cases missed by hundreds of unit tests. Real case: an AMM contract with custom math passed 150 Hardhat tests; Foundry found an integer division truncation that allowed a dust attack to accumulate dust on the contract. Echidna checks invariants ("sum of all balances ≤ totalSupply").
  3. Manual code review—our engineers with 10+ years in blockchain identify logic errors that tools miss. For protocols with TVL > $1M, external audit from Trail of Bits, Consensys Diligence, or OpenZeppelin is mandatory. Timeline: 2–4 weeks.

Any upgradeable protocol must have a timelock. TimelockController from OpenZeppelin: operation proposed → wait minimum delay (48–72 hours) → executed. Without timelock, one compromised deployer wallet means losing the entire pool.

What Upgrade Patterns Do We Choose?

Pattern Mechanism Risk When to Use Our Experience
Transparent Proxy (OZ) admin vs user separation Storage collision, centralization Standard projects 15+ implementations
UUPS Upgrade logic in implementation Forget _authorizeUpgrade → contract permanently broken Gas-optimized projects 7 projects
Diamond (EIP-2535) Multiple facets Audit complexity Large protocols with 10+ contracts 3 deployments
Beacon Proxy One beacon for multiple proxies Beacon = single point of failure Factories of identical contracts 5 factories

Storage collision is the main danger of proxies. Implementation v2 must not add variables before existing ones. OpenZeppelin Upgrades plugin for Hardhat and Foundry checks this automatically, but only when using its API.

How to Protect a Contract from MEV and Front-Running

On Ethereum mainnet, transactions in the mempool are visible to all. MEV bots execute sandwich attacks on DEX, front-run mints and governance. Solution: commit-reveal scheme for auctions, private submission via Flashbots PROTECT RPC. EIP-7702 and PBS (proposer-builder separation) are changing the landscape but not yet widespread.

What Is the Development Process?

  1. Analysis—functional specification, call diagram, edge case analysis. Without this, coding starts in vain.
  2. Development—Solidity/Rust with tests in parallel. Test → code → refactoring. Use Foundry for fuzz and invariant tests.
  3. Internal audit—Slither + Echidna + manual code review. Foundry invariant tests for protocol invariants.
  4. External audit—for projects with real money. Timeline: 2–4 weeks.
  5. Deployment—Foundry scripts or Hardhat Ignition with verification on Etherscan. Gnosis Safe for ownership transfer immediately after deployment.
  6. Monitoring—Tenderly alerts, OpenZeppelin Defender, Forta Network.

What Is Included

  • Architecture documentation and contract specification (NatSpec).
  • Source code with repository and CI (Slither, Foundry, coverage).
  • Deployed contract with verification on blockchain explorer.
  • Audit results (internal and external upon request).
  • Access to monitoring and management (Gnosis Safe).
  • Code warranty: critical bug fixes within one month after deployment.
  • Consultation on web integration (wagmi, RainbowKit).

Estimated Timelines

  • ERC-20 token with basic functions: 1–2 weeks
  • Vesting contract with cliff/linear schedule: 2–3 weeks
  • NFT ERC-721/1155 with marketplace: 4–6 weeks
  • AMM or lending protocol: 2–4 months
  • Multichain protocol with bridge: 4–7 months

Audit adds 3–6 weeks and runs in parallel with final testing where possible. Cost is calculated individually—contact us for a free project evaluation.

Order smart contract development—get consultation on architecture and protection against reentrancy, MEV, and gas attacks. Want to discuss details? Write to us—we will select the optimal stack for your task.