ODesk has some default protections, but I think it's safest to execute an additional contract for a development job. IANAL but my own approach is to at least include explicit terms in the contract. I don't believe oDesk's default terms cover as much on IP protection as a contract like this. For example, depending how hands-on you are, you might need to specify the contractor needs to get your permission to use any GPL or similar licenses.
I forked a consultancy agreement on Docracy  recently to specify any notices take place over oDesk, then requested the contractor agree to it via oDesk's messaging system.