Flow Basics¶
A primer on Flow network for product managers, designers, and engineers who work on Dapper products but are not protocol specialists.
What Is Flow¶
Flow is a Layer 1 network purpose-built for consumer applications. Dapper Labs created Flow, and all Dapper collectibles products (NBA Top Shot, NFL All Day, Disney Pinnacle) run on it.
Key characteristics:
- Consumer-scale throughput -- designed to handle millions of users and transactions without gas fee spikes
- Account abstraction built-in -- Flow accounts are smart contracts by default, enabling multi-sig, key rotation, and account recovery without additional infrastructure
- Resource-oriented programming -- assets (like collectible moments) are stored in user accounts as resources, not entries in a central ledger
- Dual execution -- native Cadence + full EVM equivalence (any Solidity contract deploys without modification), shared state
Brand Language
Always say "Flow network" (not "Flow blockchain"). Always say "Flow Foundation" (not "The Foundation"). Use "on Flow" for location (e.g., "deployed on Flow").
What Is Cadence¶
CANONICAL: "A secure, resource-oriented smart contract language inspired by Swift and Rust. Purpose-built for blockchain, designed to be 'intuitive and easy to read' with 'clear, explicit code structures.'" -- flow.com/cadence
Cadence is the native language of Flow network. Since the Crescendo upgrade (Sep 2024), Flow also supports Solidity via full EVM equivalence -- but Cadence remains the primary language with deeper protocol integration.
Core Design Principles¶
1. Resource-Oriented Programming¶
Resources are unique types that cannot be duplicated or lost. They represent real digital assets (tokens, NFTs) as first-class citizens in the language.
- Ownership transfers use the move operator (
<-) - Resources cannot be copied or accessed after being moved
- Prevents entire classes of bugs -- accidental duplication, loss of assets, unauthorized access
CANONICAL: "This is the strongest technical differentiator of Flow from Solidity. In Solidity, tokens are just ledger entries (numbers in a spreadsheet). In Cadence, tokens are objects you hold -- closer to how physical money works." -- flow-cadence-language.md
2. No Reentrancy Vulnerabilities¶
CANONICAL: "No reentrancy vulnerabilities, preventing most common exploits found in Solidity."
Reentrancy was the root cause of the DAO hack ($60M stolen on Ethereum). Cadence eliminates this entire vulnerability class by design.
3. Strong Static Typing¶
Prevents runtime errors by enforcing type correctness at compile time. Supports type inference to reduce boilerplate while maintaining safety.
4. Capability-Based Security¶
Granular access control through entitlements and capabilities:
- Storage and public paths control visibility of owned objects
- Only authorized capability holders can access protected functions
- Entitlements directly mark which fields and functions should be access-limited
- Permits access to safe methods (e.g.,
deposit) regardless of reference type
5. Upgradeable Contracts¶
Supports controlled modifications while guaranteeing backward compatibility. Cadence "guarantees future backward compatibility of smart contracts" -- a key property for long-term protocol stability.
Cadence vs Solidity¶
| Feature | Cadence | Solidity |
|---|---|---|
| Asset model | Resources (first-class, non-duplicable) | Ledger entries (numbers in a mapping) |
| Reentrancy | Impossible by design | Major attack vector |
| Type system | Strong static typing | Weaker typing |
| Access control | Capability-based (fine-grained entitlements) | Address-based |
| Upgradability | Built-in with safety guarantees | Proxy pattern workarounds |
| Inspiration | Swift, Rust | JavaScript, C++ |
| Composability | Native Attachments (permissionless) | Requires wrapper contracts |
| Transaction model | Multi-account, scriptable | Single-signer |
Cadence vs Move (Sui/Aptos)¶
Move is the smart contract language used by Sui and Aptos -- two L1s that launched in 2022-2023. Cadence and Move share a resource-oriented philosophy but differ significantly in expressiveness, access control, and ecosystem strategy.
| Feature | Cadence (Flow) | Move (Sui/Aptos) |
|---|---|---|
| Resource model | Resources as first-class types with move semantics (<-), nested resources, and resource-level metadata |
Linear/object types with move semantics; similar safety but less expressive nesting and composition |
| Access control | Capability-based entitlements -- fine-grained per-field, per-function access | Module-based visibility (public, friend, public(package)) -- coarser-grained, tied to module boundaries |
| Reentrancy prevention | Eliminated by design (resource ownership model) | Eliminated by design (object ownership model) |
| Developer experience | Swift/Rust-inspired syntax -- designed for readability; AI-friendly compiler errors (1.7+) with fix suggestions | Rust-like syntax -- steeper learning curve; familiar to systems programmers, less approachable for app developers |
| Composability | Three-tier model + Attachments for permissionless extension of existing types | Module-based composition; no equivalent to Attachments |
| Transaction model | Multi-account, scriptable with separated payer/proposer/authorizer roles | Programmable transaction blocks (Sui) or entry functions (Aptos); Cadence's role separation enables gas sponsorship natively |
| Upgradability | Built-in with backward compatibility guarantees | Sui: immutable by default; Aptos: upgradeable with compatibility checks |
| Interoperability | Cadence coexists with Solidity on Flow via full EVM equivalence | No EVM equivalence; Move chains are Move-only |
| Ecosystem maturity | 5+ years in production; battle-tested at consumer scale (Top Shot, Disney, Ticketmaster 100M+ NFTs) | 2-3 years in production; strong DeFi traction but fewer consumer-scale deployments |
| Static analysis | Strong static typing with type inference; compile-time safety | Strong static typing with Move Prover (formal verification) -- Move has an edge in formal verification |
Key Takeaways¶
- Resource model: Both prevent duplication and loss of assets (shared advantage over Solidity). Cadence's model is more expressive: nested resources, resource-level metadata, and Attachments enable composition patterns that Move cannot match without wrappers.
- Access control: Cadence's entitlement system is more granular. Move's module-based visibility is all-or-nothing at the module boundary.
- Composability: Cadence's Attachments are a language-level feature with no Move equivalent. Permissionless extension of existing contracts is a fundamental capability gap in Move.
- Interoperability: Cadence's strongest structural advantage. Flow supports both Cadence and Solidity (full EVM equivalence). Move chains are Move-only. For teams migrating from Ethereum or building cross-chain, Flow is the only resource-oriented chain that also speaks Solidity.
- Formal verification: Move's Prover tooling is ahead -- a genuine Move strength. Cadence prioritizes developer-friendly safety (eliminating vulnerability classes by design), while Move provides additional formal verification for mathematical proofs.
- Ecosystem: Move has two major chains (Sui, Aptos) which creates fragmentation -- developers must choose between incompatible Move variants. Cadence has one home (Flow): no fragmentation, unified community.
Key Features¶
Attachments (Cadence 1.0+)¶
CANONICAL: "Developers can add additional data and functionality to existing contracts and types without requiring permission from the original contract author."
Permissionless composability at the language level. Examples: - Adding autographs to existing NFTs - Making NFTs from one game usable in another - Adding DeFi yield bonuses to collectibles - Fact-checking features in SocialFi apps
Scriptable Transactions¶
Cadence enables "complex transactions to drive impactful single-click user experiences." Transactions are scripts, not just function calls.
Protocol-Level Multicall¶
Combine multiple operations into a single transaction with a single approval. No multicall contracts or batching libraries needed.
Gas-Less Experiences¶
Transaction logic separates the payer from the proposer, enabling: - App-sponsored gas (users never see fees) - Wallet-sponsored gas (most Flow wallets sponsor fees for users) - Business models: freemium experiences, subscriptions, no third-party dependencies
Multi-Account Transactions¶
A single transaction can be authorized by multiple accounts simultaneously: - Atomic swaps between two parties - Multi-sig approvals (CFO + CEO) - Board governance votes
Cryptographically Secure PRNG¶
On-chain verifiable randomness via the distributed random beacon. Available directly to smart contracts -- no external oracle needed. Essential for fair gaming, NFT minting, and fraud-proof experiences.
Future-Proof Metadata¶
Custom metadata at the asset level ensures future interoperability: readable royalties, creator social media links in NFTs, guaranteed backward compatibility for existing assets.
Three Tiers of Composability¶
- Open Data -- Applications access on-chain state for features and token verification
- Open Interactions -- Assets transfer/trade via smart contracts (DEXs, marketplaces, loans)
- Open Extensions -- Deploy contracts that create new functionality on existing apps via Attachments
Cadence Evolution¶
Phase 1: Secure Cadence (Completed 2022)¶
- Security hardening
- Enabled permissionless smart contract deployment on mainnet
- No review process required to deploy
Phase 2: Cadence 1.0 (Shipped with Crescendo, Sep 2024)¶
- Capability Controllers (FLIP 798) -- Redesigned access control model
- Attachments -- Permissionless extensibility of existing types
- Mutability Restrictions (FLIP 89, 86) -- Fixed incorrect assumptions about
letimmutability for container types - Entitlements -- Fine-grained field/function access marking
- Reference invalidation -- Prevents accidentally retaining access to transferred resources
Cadence 1.7+ (Forte Upgrade, Oct 2025)¶
- AI-friendly compiler errors -- Error messages include explanations, fixes, and documentation links
- High-precision data types -- Fix128 and UFix128 (128-bit fixed-point, 24 decimal places)
What Is EVM on Flow¶
Flow now supports the Ethereum Virtual Machine (EVM) natively. This means:
- Solidity contracts deploy directly on Flow
- Ethereum tooling (Hardhat, Foundry, MetaMask, etc.) works with Flow
- Cross-VM interaction -- Cadence contracts and EVM contracts can call each other
Why This Matters¶
Peak Money runs on Flow EVM. Stablecoins like PYUSD0 (PayPal USD) exist as EVM tokens on Flow. DeFi protocols (MORE Markets, KittyPunch, FlowSwap) are deployed as Solidity contracts on Flow EVM.
Collectibles products run on Cadence (Flow-native). Moments, packs, challenges, and the marketplace are all Cadence contracts.
Both coexist on the same network and can interoperate.
+---------------------------------------------+
| Flow Network |
| |
| +-------------------+ +------------------+ |
| | Cadence VM | | EVM | |
| | | | | |
| | - NBA Top Shot | | - PYUSD0 | |
| | - NFL All Day | | - MORE Markets | |
| | - Disney Pinnacle | | - KittyPunch | |
| | - Marketplace | | - FlowSwap V3 | |
| | | | | |
| +---------+----------+ +--------+---------+ |
| | Cross-VM Bridge | |
| +-----------------------+ |
+---------------------------------------------+
How Collectibles Live On-Chain¶
Moments (NBA Top Shot, NFL All Day)¶
A "moment" is a Cadence resource representing a specific play (video highlight) at a specific serial number. Each moment has:
- Play metadata -- player name, date, description, video reference
- Set membership -- which collection/set it belongs to
- Serial number -- unique within its edition (e.g., #42 of 10,000)
- Tier -- Common, Rare, Legendary (determines scarcity and pricing behavior)
Moments are minted by the contract owner (Dapper) and distributed via packs or direct sale. Once in a user's account, the moment is a resource they fully control.
Pins (Disney Pinnacle)¶
Disney Pinnacle uses a similar resource model but with "pins" instead of moments. Pins represent Disney, Pixar, and Star Wars characters and scenes. Trading (including Genesis Keys) is a core mechanic.
Packs¶
Packs are bundles of moments/pins sold at a fixed price. The pack contract:
- Mints the pack as a resource
- User purchases (fiat via Dapper wallet, or credit card)
- Pack is "opened" -- the pack resource is destroyed and individual moment/pin resources are deposited into the user's account
- Contents are determined by pack configuration (tier distribution, serial ranges)
Marketplace¶
The marketplace contract enables peer-to-peer trading:
- Listings -- a user grants the marketplace a capability to withdraw their moment at a set price
- Purchases -- buyer pays, marketplace executes the transfer
- Offers -- buyers can make offers on unlisted moments
- Fees -- marketplace takes a percentage cut on each sale
Developer Ecosystem¶
SDKs¶
JavaScript, Go, Swift, Kotlin, Unity.
Learning Resources¶
- Flow Playground (flow.com/play) -- Interactive tutorials: Hello World, Non-Fungible Tokens, Advanced NFT composition, Fungible Tokens, Building a Marketplace
- Flow Developer Docs (developers.flow.com) -- canonical reference for both Cadence and EVM
Wallets¶
| Wallet | Used By | Type |
|---|---|---|
| Dapper Wallet | NBA Top Shot, NFL All Day, Disney Pinnacle | Custodial (Dapper holds keys) |
| Crossmint | Peak Money | Non-custodial (user controls keys via email auth) |
| External (MetaMask, etc.) | Flow EVM DeFi | Self-custodial |
For New Engineers
If you are joining the collectibles team, you will primarily work with Cadence contracts and the Dapper Wallet. If you are joining Consumer Finance, you will primarily work with Solidity/EVM contracts on Flow and Crossmint wallets. The Flow Developer Docs are the canonical reference for both.
Source Documents¶
- Cadence language reference:
flow-cadence-language.md(Flow Foundation, March 31, 2026) - Protocol facts:
flow-facts-narrative.md(Flow Foundation, March 31, 2026) - Code patterns:
cadence-patterns-reference.mdintechnical-knowledge/