Afghanistan
Albania
Algeria
Andorra
Anguilla
Antigua & Barbuda
Argentina
Armenia
Aruba
Australia
Austria
Azerbaijan
Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bermuda
Bhutan
Bolivia
Bonaire
Bosnia & Herzegovina
Botswana
Brazil
British Indian Ocean Ter
Brunei
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Canary Islands
Cape Verde
Cayman Islands
Central African Republic
Chad
Channel Islands
Chile
China
Christmas Island
Cocos Island
Colombia
Comoros
Congo
Cook Islands
Costa Rica
Cote D Ivoire
Croatia
Cuba
Curacao
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Ethiopia
Falkland Islands
Faroe Islands
Fiji
Finland
France
French Guiana
French Polynesia
French Southern Ter
Gabon
Gambia
Georgia
Germany
Ghana
Gibraltar
Greece
Greenland
Grenada
Guadeloupe
Guam
Guatemala
Guinea
Guyana
Haiti
Hawaii
Honduras
Hong Kong
Hungary
Iceland
India
Indonesia
Iran
Iraq
Ireland
Isle of Man
Israel
Italy
Jamaica
Japan
Jordan
Kazakhstan
Kenya
Kiribati
Korea North
Korea South
Kuwait
Kyrgyzstan
Laos
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Macau
Macedonia
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Martinique
Mauritania
Mauritius
Mexico
Midway Islands
Moldova
Monaco
Mongolia
Montserrat
Morocco
Mozambique
Myanmar
Nambia
Nauru
Nepal
Netherland Antilles
Netherlands (Holland, Europe)
Nevis
New Caledonia
New Zealand
Nicaragua
Niger
Nigeria
Niue
Norfolk Island
Norway
Oman
Pakistan
Palau Island
Palestine
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Pitcairn Island
Poland
Portugal
Puerto Rico
Qatar
Republic of Montenegro
Reunion
Romania
Russia
Rwanda
Saipan
Samoa
Samoa American
San Marino
Sao Tome & Principe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
Spain
Sri Lanka
St Barthelemy
St Eustatius
St Helena
St Kitts-Nevis
St Lucia
St Maarten
St Pierre & Miquelon
St Vincent & Grenadines
Sudan
Suriname
Swaziland
Sweden
Switzerland
Syria
Tahiti
Taiwan
Tajikistan
Tanzania
Thailand
Togo
Tokelau
Tonga
Trinidad & Tobago
Tunisia
Turkey
Turkmenistan
Turks & Caicos Is
Tuvalu
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States of America
Uruguay
Uzbekistan
Vanuatu
Vatican City State
Venezuela
Vietnam
Virgin Islands (Brit)
Virgin Islands (USA)
Wake Island
Wallis & Futana Is
Yemen
Zaire
Zambia
Zimbabwe
Setup
Hello World
Forum
Remix
Disable UBlock Origin to run.
Docs
HelloWorld
contract functions
State variables
contract HelloWorld { }
pragma solidity 0.5.12;
memory?
auto getter provided.
demo
Types
uint
string
Must always specify <type> public <name>
bool
address (ETH, not memory)
int
Intrinsic
Only fixed-point numbers
byte
fixed/unfixed
fixedMxN
ABI: Application Binary Interface
Arrays
use .push() to add an element to the end.
Cannot set elements beyond array size.
Infers size at initialization
Creates a dynamic-sized array
Indexes are zero-based
<type>[size] public...creates a FIXED-sized array
<type>[ ] public <name> = [ blah1, blah2, blah3];
Can't push/pop off a fixed-size array
Creates a fixed-size array
demo
name.push( newElement)
Collection of variables of the same type
Memory
Storage
Can have different types of elements
Used as a parameter
Type cannot be mapping
Should be an ABI type
.length
Structs
Act like they have default constructors
Function as low-brow C++ classes
Various members of different data types
Aggregate data collections
Get/set etc. functions are external.
Demo
You don't get default constructors if you nest structures
Function as JavaScript objects
struct Name { type name; type name;} instance;
May not return struct from a function... yet.
Mappings
key-value container
1:[1|many] mapping
Single operation data retrieval.
Typically used to relate user address to balances
It's a Python dictionary.
Demo
Keys must be unique.
Can't map backwards from value to key.
Can't search. It's a hash.
Definition: mapping (addr => uint) balance;
Set: balance[addr] = 10
Get: x = balance(addr); // 10
values are mutable.
Can only be type storage.
Visibility
Internal
Private
Only other contracts
External
Public
No automatic setter functions
Automatic getter functions
Can only be executed from within the contract.
Usually has a helper function.
Data is public on blockchain.
Only affects get function execution of data
Essentially "protected"
Called from inside contract, and its derivative contracts.
Function can only be called from another contract.
Cannot be executed by the user.
demo
Gas
Cost of execution.
Gas price is not fixed.
Gas consumption is fixed.
Paid by transaction sender.
Powers the EVM
Prevents spam transactions
Write efficient contract code.
Gas Units
Runtime Checks
require before running anything.
Condition that should always be true at a point in code.
Invariant
assert (<invariant>)
Post-check parameters and state.
pre-check parameters and state
require (<condition>)
Use to check results.
Use to check vs. invariants
Demo
Demo
Check for valid conditions
Check inputs
Revert on fail.
For test for internal errors
Test for invariants
Modifiers
Run before function execution
modifier onlyOwner( )
Clearly labeled for code reuse.
end with _; to continue execution
Typically contain require() statements
Demo
Data Location
Storage
Local variables of value type
Stack
Scoped to function execution
Memory
On-chain
Where we tell Solidity to save the data.
Code to fix location problem.
Specify memory for local complex variables (or will land in storage)
< 256 bits in size
Default for locally created variables
Default for function arguments
Default for all state variables
Solution
Events
event <eventName> (params)
Listeners are external DAPs.
Typically emit at end of function after all checks.
Goes to a public log.
emit <eventName> (values)
Notify through the EVM log
Demo
May also index events
Receiving Value
Check msg.value for how much was sent.
modifier costs(cost) { require ( msg.value >= cost); _; }
Create a state variable to store and querry the function's balance.
Use require( ) to set function cost.
add 'payable' to function header
Example
uint256 public balance;
balance += msg.value
Paying out Value
will revert if transfer fails.
msg.sender.transfer (balance)
balance = 0;
Need to respond ourselves.
Will return false if send fails
err = msg.sender.send (balance)
Addresses
Different to prevent accidental payments.
address payable has .send() and .transfer()
cast to a address payable.
cast to a uint160
Does not convert from address to address payable.
Can cast payable to non-payable.
address vs. address payable type
Inheritance
A single contract has multiple derived contracts.
Heirchical Inheritance?
Can be inherited?
Which functions
Article
'Base' contract
What's a
public and internal functions.
aka "Parent contract"
Contract that is inherited.
Has children contracts
External Contracts
Don't have to be the owner.
c-style prototype
Deployed Ethereum contract address
Need 2 (mebby 3) things
Prototype of function to be called.
Sometimes need to transmit value.
Can call functions of an external contract
<function name> ( parameters );
Deploying to the Testnet
Connect to Remix
Deploy to TestNet from Remix
Interact w/ contract via Remix through MetaMask
Use your ETH address mirrored on test net
Metamask
Constructors
One constructor per contract.
Runs once on contract creation
constructor() public{...}
Functions
Runtime Checks
Modifiers
Gas
Aggregators
Events
Handling Value
Types
Aggregators
Makes one byte blob (Fortran COMMON block) out of all inputs
abi.encodePacked( )
Returns hash of input
keccak256( ... )
Aggregate values into one value
Contracts
Inheritance
Constructors
External
Abstract Contracts
Variables
Types
Structs
Mappings
Control Structure
if(<condition>) { statements} else {statements}
Exactly like JavaScript
Data Location
Arrays
Visibility
Reference type
Advanced Setup
Truffle
Simmilar to cmake for solidity
Ganache
Local EVM to dev run contracts on.
Truffle
npm install -g
[email protected]
Files
Commands
console
HelloWorld
/test/
/migrations/
2_HelloWorld_deploy.js
1_initial_migration.js
/HelloWorld/
/build/
/contracts
Migrations.json
HelloWorld.json
Migrations.sol
/contracts/
HelloWorld.sol
truffle-config.js
Adjust compiler defaults
HelloWorldTest.js
Workflow
>> truffle init
>> truffle compile
>> truffle compile --list
>> truffle migrate
>> truffle console
>> truffle test
Ganache
truffle console
truffle(ganache)>
)> let instance = await HellowWorld .deployed()
undefined
)> instance
)> instance .getMessage()
'Hello World!'
)> migrate --reset
)> test
Unit Testing
Break up code
vs. Code Updates
How intuitive is it?
Test units independently
Does it all work together?
vs. User Testing
vs. Integration Testing.
vs. Validation
Does it meet requirements?
vs. bugs in dependencies
Scenarios run serially up dependencies
Case tests atomic behavior.
JavaScript Libraries
Mocha
web3.eth
Test Dev
Basic test
Multiple tests
Importing People
Testing for errors
Testing Value Assignement
People
/Contracts/
People.sol
Ownable.sol
Migrations.sol
/Test/
/Migrations/
/People/
1_initial_migration.js
2_people_migration.js
PeopleTest.js
/build
/contracts
ownable.json
migrations.json
people.json
truffle assertions
npm install truffle-assertions
const truffleAssert = require ('truffle-assertions');
truffleAssert.fails()
DAP
Connecting Outputs
Connecting Inputs
Creating an Instance
Setup
Basic files
Template
Basic Files
web3.min.js
Layot and item definitions
index.html
Put all logic here.
main.js
Utility library with web3.eth
People DAP
buttons
jquery for logic
Bootstrap for basic formatting
scripts
css
abi.js
System Setup
Sign transactions w/o exposing private keys
Browse to localhost:8000
serves ./index.http
python3 -m http.server
Run a simple web browser
Python3
Metamask
Won't work w/ a web server
Read RPC server address off GUI
Ganache
Add Custom RPC server
Settings
Network
http, not https
import accounts
Get private key from accounts in Ganache
Creating an Instance
Start up Python web server
Wrap one contract instance
Get array of one user address.
Wait for user to activate wallet
web3 provides a JavaScript wrapper for on-chain contract use
Same contract may have more than one instance.
Deploy contract to blockchain.
window.ethereum.enable().then(
.enable().then(function(accounts){
contractInstance = new web3.eth.Contract()
contract address
abi string
copy abi array
Get address from truffle migrate log
{from: accounts[0]}
Open Chrome
localhost:8000
open console
view under "o"
Enabling Input
$("#add_data_button") .click(inputData);
Add a click handler to the input button
var age= $("#age_input") .val();
var height= $("#height_input"). val();
var name = $("#name_input"). val();
Enabling Output
Vulnerabilities
#Pausable Contracts
Smart Contract #Upgradeability
#Invariants & Error Handling
#Hacks Demonstrated & Explained
#External Contracts & #Calls
Developer #Mindset
Hyper #Inflation
Hyper Inflation
Why
Article
Is the "code is law" mentality
Was this vulnerabilty
Which
What
How
Was this bug discovered?
Is this vulnerability called?
Function is vulnerable?
In several ERC20 tokens?
Problematic
Did exchanges react?
Forum
Flipped on the kitchen light.
Scanning the Ethereum blockchain.
"batchOverflow"
Really anything using narrow, unsigned types
Contracts are traditionally difficult to update.
Suspend trading of affected tokens.
For large ERC20 transactions
Also: "batchUnderflow"
batchTransfer( )
Protocol has no 'undo'.
Ad-hoc, no coordination.
Advise: write contracts with undo/update
Beauty Chain (BEC)
Transfers nTokens to mAddresses
total = value * #addresses
Subtracts total from sending address
Sends value to recipients.
Total zeroed by overflow.
Fail Demo
Community Resources
ETH Build
Glitch
string
built-in conversions to byte32
solidity considers byte32 literal.
string costs more gas.
Prefer to use byte instead (Fortran-style)
Time units
Abstract Contracts
Interfaces
Libraries
Advanced Solidity
Assembly
Abstract Contracts
Constructors
Inheritance
Contracts
Libraries
Interfaces
Error Handling
Events
Control Flow
Decision Making
If-else statement
No other logic exists.
if else if
Loops
While (condition) { }
do {...} while ()
for( init; test; iterate) { ...}
Loop control
Invariants
A concept
Condition
Balance should be 0 after withdrawAll()
for a particular point in code.
Always true
SafeMath
Reverses, checks, and asserts.
mul
div
sub
add
a - b
b <= a
a == 0 || c/a == b
c = a * b
c = a + b
c >= a
No assert necessary
Developer Mindset
Different Mindset
New Ecosystem
Dificult Upgradeability
Deployment is permanent.
High Cost of Failure
Enheritance is dangerous.
Codebase is a moving target
Best practices are still evolving.
Code manages money.
All code is public.
To do about it?
Simple Logic
Build upgradable contracts
Thoughtful Design.
Clean Code
Thorough Testing
Modularize Code
Use Libraries
Careful Deployment
Why?
Clarity > Performance
Is everything a tradeoff?
What?
False beliefs
About private data & functions
All private data is visible on-chain.
Article
Rigid vs. Upgradeable
Desirable properties confict.
The next idiot reading it will be you.
Monolithic vs. Modular
Duplication vs. Reuse
Dangerous consequences.
Forum
External Calls
We don't know what we're calling.
Push vs. Pull
Initiating external calls
Sending Ether Safely
Re-entrency Attacks
External change to control flow.
Withdrawl before balance reset.
Gets called back recursively.
Foreign Libraries
Dev Pattern
Pattern
Checks
Effects
Interactions
Solution
Sending Ether safely
3 methods
Safe vs. Re-entrency
yourAddress .call .value(x)()
reverts on failure
yourAddress .transfer(x)
Built-in require()
yourAddress .send()
Has 2300 gas stipend
Only enough to throw an event.
require( address .send())
Not safe vs. re-entrency
Unlimited gass to fallback
Only use if you own contracts on both ends
#Proper external calls
ContractB. call()
Using Contract A scope
ContractB .delegatecall()
ContractB .functionA()
Using contract B scope
Throws no error if it fails
Returns true/false
will throw if functionA() throws
ContractB .callcode()
ContractB .call(bytes4( sha3( "runFunction( uint256)")), 100)
Push vs. Pull
Sending funds to user or other contract
Push
Bad. Expensive. Uncontrolled.
Pull
Good. User pays for Tx, check, change, interact.
Security vs. User Experience
Blog Post
Forum
If people don't take their ETH?
Argument against "pull"?
What?
Why?
Shouldn't just push ETH to users?
Creates excessive user actions.
Donate it?
Contract pays Tx gas fes
Contract runs out of gas.
Sending ETH to unknown entities
Creates security vulnerabilities
Every ETH Tx implies code execution.
User may not want Tx fees
People are lazy.
Just keep it.
Push back minus Tx fee.
Users are stingy.
The DAO
Started in April 2016
DAO
Created by Slock.it
"Decentralized Autonomous Organization"
Token holders can vote.
Before KYC
Raised $150mil
Supposed to be a "refund" transaction from main to minority DAO
"Appraisal Right" protects minority
Minority can withdraw to create smaller DAO
Decentralized Venture Capital
Token holders submit proposals
Token holders vote on funding proposals
"Split" function
The DAO Hack
Re-entrancy created on splitting DAO refund.
Deadline extended by splitting a granchild DAO
Add rule to invalidate child DAO funds
Soft-fork
Do nothing.
Recieving contract called for another refund.
Hacked in June, 2016
Created ETH Classic fork.
Ethereum Foundation rolled back transactions
Hard fork
Would create more security issues.
Reading Assignment
What?
Is the
Article
Function was vulnerable
Why
Forum
was the fork hard?
Sample Code
The Pairity Freeze
Clients reference address was immutable.
Owner left at 0
Set owner called by a civilian
Contract was destroyable.
New owner called destroy function.
All clients frozen.
constructor did not set owner.
Code Example
Bracketing checks
Check Fcn() on both ends.
assert
Reverts Tx if wrong.
Check #relevant inputs
require
Won't run until right.
Check #affected outputs
Invariants
What's an #Invariant?
Truths.
Math should be #invertable
Check only affected variables.
Check that everything still sums
At specific points in the exectution
#Basic Upgradability
Data stored in proxy
Good enough for bug fixes
uses 'delegateCall()'
Functions called from 'functional' contract.
Inherit from a 'storage' conract.
Insures proxy and functional have the same variables
Can't add new functionality
#Advanced Upgradeability
Now need to add new features
Use fallback function
Updates can inherit original.
Example
alias in migration w/ x.at(proxy.addres)
Storage is now just mappings
Route all function calls to sub
Solidity design patterns
Name Registry
Mapping Iterator
Witdrawl Pattern
Factory
Article
Proxy
self destruct
Pausible Contracts
What?
Why?
Stops execution until upgrade is possible.
Boolean flag
Used to avoid emergencies
onlyOwner
Gives time to solve bugs.
Can implement timelock
Can use multisig.
Function types
pure
view
external
internal
private
public
Only callable from other functions of the same contract
Any address can call.
Calls no other functions.
Produces no change to state.
Available to call from oustide addresses.
Gas Conservation
Minimize
Emit events instead of storing.
Storage
Assign by copy into storage
Assign by reference instead
External is cheaper than public.
view functions are free.
Storage1 = Storage0 creates an alias reference
storage -> memory copies.
memory -> storage copies.
storage -> storage references
memory -> memory references.
Storage Design Patterns
4 Storage operations.
Update Data
Read data
Create
Arrays
Mapping
Delete Data from it.
Numerable.
But all operations iterate.
In Combination
Not innumerable.
Handles all quantum operations
Consider what you need.
Quick n' simple access.
Need more accounting?
Do you need to delete?
Updated (new 201 class)
(bool success, bytes memory data) = msg.sender.call {value: toTransfer} ("");
vs. EIP1884 where gas costs may change
Relies on checks -> effects -> interactions pattern instead.
Special Contract functions
Can be payable
Calls with no data, but contain value
receive()
Should be payable
When no other function matches call signature
fallback()
Token Standards, Complexity Assignment
Consider this ERC721 kitties contract
Constant. There are no loops.
Reduce to constant with storage design.
Linear. Loops over kitties array.
getAllCatsFor()
What is
createKittyGen0()
Override vs. Virtual
Target specific parent's function.
All functions in interfaces are auto virtural
Specifies specific virtual functions to override.
Override
If stacked virtual functions in tree:
Allows children to override a function.
Virtual
When should you
Use Both.
Stacking a deep inheritance tree.
Article
openZeppelin