Always validate configuration values and ensure production safety by avoiding hardcoded values, implementing proper defaults, and requiring explicit configuration for production-critical settings. Configuration should be validated at runtime to prevent deployment of incorrect values.

Key practices:

Use placeholder variables instead of hardcoded addresses or tokens: $CONTRACT_ADDRESS instead of specific addresses
Make production-critical configurations required rather than optional with unsafe defaults: “required BC the default is intended for local devnet scenarios, and is not viable for production”
Validate configuration constraints: “The path field in the packet must be zero for staking operations. The staked token must match the governance token configured for the channel”
Verify configuration values are correct: ensure constants like keccak256("wasm") vs just "wasm" are accurate
Test configuration updates safely before deployment, especially for dependency versions

Example:

// Bad - hardcoded production address
contract_addr: "union1m87a5scxnnk83wfwapxlufzm58qe2v65985exff70z95a2yr86yq7hl08h"

// Good - configurable with validation
contract_addr: env::var("CONTRACT_ADDRESS")
    .expect("CONTRACT_ADDRESS must be set for production")

This prevents production footguns and ensures configurations are explicit, validated, and safe for deployment.

Add Repository

Private Repository