Successfully reported this slideshow.
Your SlideShare is downloading. ×

Ethereum in a nutshell

Ad

Ethereum in a Nutshell
Dr. Daniel K.C. Chan
April, 2019
Another Blockchain Application

Ad

2
◦ What is Ethereum?
◦ Ethereum ecosystem
◦ Bitcoin and Ethereum comparison
◦ Tokens
◦ CryptoKitties
◦ Initial coin offer...

Ad

3
What is Ethereum?

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Upcoming SlideShare
Bitcoin in a Nutshell
Bitcoin in a Nutshell
Loading in …3
×

Check these out next

1 of 106 Ad
1 of 106 Ad

Ethereum in a nutshell

Download to read offline

An introduction module for the second half of the M.Sc. subject that I am teaching in Hong Kong Polytechnic University.

An introduction module for the second half of the M.Sc. subject that I am teaching in Hong Kong Polytechnic University.

Advertisement
Advertisement

More Related Content

Advertisement
Advertisement

Ethereum in a nutshell

  1. 1. Ethereum in a Nutshell Dr. Daniel K.C. Chan April, 2019 Another Blockchain Application
  2. 2. 2 ◦ What is Ethereum? ◦ Ethereum ecosystem ◦ Bitcoin and Ethereum comparison ◦ Tokens ◦ CryptoKitties ◦ Initial coin offering (ICO) ◦ Ethereum development ◦ Risks Contents
  3. 3. 3 What is Ethereum?
  4. 4. 4 Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference
  5. 5. 5
  6. 6. 6 The birth of Ethereum
  7. 7. 7 What is Ethereum
  8. 8. 8 Centralised vs Decentralised Applications
  9. 9. 9 Smart contracts are executed on Ethereum Virtual Machine (EVM) when pre-specified conditions are met
  10. 10. 10 Ethereum provides a universal, programmable blockchain which anyone can use “The World Computer”
  11. 11. 11 How to get started with Ethereum
  12. 12. 12 How does it work
  13. 13. 13 How are ethers created ~US$7.26B
  14. 14. 14 https://etherscan.io/chart/etherprice
  15. 15. 15 https://etherscan.io/chart/ethersupplygrowth
  16. 16. 16 https://etherscan.io/chart/marketcap
  17. 17. 17 Ether Denominations Unit Wei Value Number to Make 1 ether wei 1 1018 Kwei (babbage) 103 1015 Mwei (lovelace) 106 1012 Gwei (shannon) 109 109 microether (szabo) 1012 106 milliether (finney) 1015 103 ether 1018 100
  18. 18. 18 Who uses ether
  19. 19. 19 Why use Ethereum
  20. 20. 20 Applications built on the Ethereum platform http://www.ampliativeart.org/en/welcome https://ethlance.com/ http://www.4g-capital.com/ https://www.augur.net/ https://golem.network/
  21. 21. 21 Companies are starting to accept ethers
  22. 22. 22 https://www.coinpayments.net/store-directory-5
  23. 23. 23 Ethereum ecosystem
  24. 24. 24 ▪ When the Geth client daemon is started, it connects to other clients and downloads a copy of the blockchain ▪ It will constantly communicate with other nodes to keep its blockchain copy up to date ▪ Can mine blocks and add transactions to the blockchain, validate & execute the transactions ▪ Acts as a server by exposing APIs to be called through RPC Geth is the official client software provided by the Ethereum Foundation written in the Go programming language Ethereum Network
  25. 25. 25 ▪ Geth console is a command line tool which connects to the running node and perform various actions like create and manage accounts, query the blockchain, sign and submit transactions to the blockchain and so on ▪ The Mist browser is a desktop application used to communicate with the network node Parity is an unofficial client written in the Rust programming language and is maintained by a company called Parity Inc Ethereum Network
  26. 26. 26 ▪ Interaction with a Ethereum node can be performed via the Geth console, Mist browser, and the javascript library called Web3.js ▪ Since it is a javascript library, you can use it to build web based dApps The javascript library web3.js can be used to interact with a node in the Ethereum network
  27. 27. 27 ▪ Solidity is the most popular programming language used to write smart contracts to run on the Ethereum blockchain ▪ It is a high level language which when compiled gets converted to EVM (Ethereum Virtual Machine) byte code ▪ There is a also very nice browser based IDE, Rmix, where you can write contracts, compile and deploy to the blockchain here: http://remix.ethereum.org/ Solidity is the most popular programming language used to write Ethereum smart contracts
  28. 28. 28 Remix is a browser-based IDE to write contracts, compile and deploy to the blockchain http://remix.ethereum.org/
  29. 29. 29 ▪ Just like you have frameworks for web application development such as Ruby on Rails, Python/Django etc, ▪ Truffle and Embark are the two most popular frameworks used to develop dApps ▪ They abstract away lot of the complexities of compiling and deploying your contract on the blockchain Truffle and Embark are the two most popular frameworks used to develop dApps
  30. 30. 30 ▪ Metamask is a chrome plugin used to interact with the Ethereum node ▪ It is unrealistic for everyone in the world to run a node to interact with the blockchain ▪ So, the folks at Metamask host a number of nodes so you don’t have to ▪ All you have to do is install Metamask and it automatically connects to their nodes Metamask is a chrome plugin used to interact with the Ethereum node Ethereum Network
  31. 31. 31 ▪ Just like you map an IP address to a human readable name, you can map any Ethereum contract or wallet address to a human readable name ▪ E.g. 146.115.22.177 to google.com ▪ Instead of typing the IP address in the browser, one type google.com which resolves to that IP address ▪ E.g. 0x80C013d980aB049471c88E1603b8b4a60E03295C is a wallet address ▪ With ENS, one does not have to memorize this address and can use alice.eth instead Ethereum Naming System is the DNS for the Ethereum world
  32. 32. 32 ▪ The blockchain is good to store small amounts of data ▪ What if you want to store a patient record, a sale deed or some large file which needs to be publicly timestamped? ▪ It is expensive and also not scalable to store a blob in the blockchain ▪ Swarm is used to solve this problem ▪ You can think of it as a CDN (Content Distribution Network) but instead of the entire CDN hosted on one company’s servers, it is distributed on computers across the Internet ▪ Just like you run an Ethereum node, you run a swarm node to connect to the swarm network Swarm is a decentralized content storage and distribution service for Ethereum
  33. 33. 33 ▪ When you deploy an Ethereum contract on to the blockchain, you get a deployed address and JSON interface of the ABI (Application Binary Interface) ▪ ABI is the contract interface similar to API ▪ When you want someone to use your contract, you have to give them the deployed address and the ABI ▪ In the future, the ABI will be stored on Swarm so anyone can look up the ABI just by looking at the Ethereum address When you want someone to use your contract, you have to give them the deployed address and the ABI
  34. 34. 34 ▪ IPFS is much further along in code maturity, scaling, adoption, community engagement and interaction with a dedicated developer community ▪ Swarm's core storage component is an immutable content addressed chunkstore rather than a generic DHT (distributed hash table) ▪ You can upload to swarm, use it as cloud hosting, in IPFS you can only register/publish content already on your hard drive ▪ The two systems use different network communications layer and peer management protocol ▪ Swarm has deep integration with the Ethereum blockchain and the incentive system benefits from both smart contracts and the semi-stable peerpool IPFS is a decentralized storage system; it is not related to Ethereum directly but can be integrated with Ethereum
  35. 35. 35 Whisper is a communication protocol for dApps to interact with one another
  36. 36. 36 Ethereum and Bitcoin comparison
  37. 37. 37 https://coin360.com/
  38. 38. 38 Bitcoin ▪ Bitcoin is the first decentralised cryptocurrency created in 2009 by an unknown person named Satoshi Nakamoto ▪ A cryptocurrency and worldwide payment system ▪ Bitcoin enables peer-to-peer transactions, purchase of goods/services, long-term storage of value ▪ Ethereum was released in 2015 by a cryptocurrency research and programmer named Vitalik Buterin ▪ A decentralised programmable platform which supports DApps (distributed applications) running smart contracts and using digital tokens ▪ Ethereum enables peer-to-peer transactions and can handle accounts, transactions as well store, execute newly coded programming logic Ethereum Ethereum is not just a digital currency
  39. 39. 39 Bitcoin ▪ Supply cap: 21 million ▪ Total existing coins: ~18 million BTC ▪ Market capitalisation: ~65 billion USD ▪ Smallest unit: 1 Satoshi = 0.00000001 BTC (10-8) ▪ Supply style: deflationary (a finite number of bitcoin will be made) ▪ Price: US$3,628 as of 2019-1-13 ▪ Supply cap: 18 million every year ▪ Total existing coins: ~104 million ETH ▪ Market capitalisation: ~13 billion USD ▪ Smallest unit: 1 Wei = 0.000000000000000001 ETH (10-18) ▪ Inflationary (much like fiat currency, where more tokens can be made over time) ▪ Price: US$125 as of 2019-1-13 Ethereum Bitcoin is deflationary by design due to its limited supply
  40. 40. 40
  41. 41. 41 https://coinmarketcap.com/
  42. 42. 42 Bitcoin ▪ Only one account that stores the funds and the related codes ▪ Consensus algorithm: Proof-of-Work (PoW) ▪ Mining reward: 12.5 BTC per block (as of Feb 2019) and this reward halves every 210,000 blocks ▪ Transaction fee: optional ▪ Transaction cost: based on size ▪ Two accounts, one holds the funds of the user, the other stores the codes ▪ Consensus algorithm: Proof-of-Work (PoW) but soon will switch to Proof-of- stake (PoS) – with PoS, block validators do not receive a block reward, they instead collect network fees, called gas, as their reward ▪ Mining reward: 5 Ether (ETH) per block ▪ Transaction cost: based on operations and storage Ethereum Ethereum is going to switch from a proof-of-work to a proof- of-stake framework to confirm transactions
  43. 43. 43 Nodes/Validators must pay a security deposit in order to be part of the consensus ▪ The possible future switch from PoW to PoS may provide the following benefits • Energy savings • A safer network as attacks become more expensive • If a hacker would like to buy 51% of the total number of coins, the market would have reacted by fast price appreciation ▪ If one validator creates an “invalid” block, his security deposit will be deleted
  44. 44. 44 Bitcoin ▪ Number of transactions in blockchain per day: 332M ▪ Blocks in blockchain: 564K ▪ Average block size: 767 Kbytes ▪ Block size limit: 1MB or 8MB ▪ Number of transactions in blockchain per day: 455 ▪ Blocks in blockchain: 7.23M ▪ Average block size: 26 Kbytes ▪ Block size limit: limited by gas-limit, which is the total overhead for all operations within the block Ethereum Ethereum block sizes have been continually adjusted to facilitate a healthy network through a voting process
  45. 45. 45 https://bitinfocharts.com/comparison/transactions-btc-eth.html https://bitinfocharts.com/comparison/size-btc-eth.html Average block size Number of transactions in blockchain per day
  46. 46. 46 Bitcoin ▪ Average block time: 10 minutes ▪ Cryptographic algorithm: SHA-256, for which special hardware can be used ▪ Average block: 10-20 seconds using the GHOST protocol ▪ Cryptographic algorithm: Ethash (the most commonly used hashing function is KECCAK-256, also called SHA-3), which is more complicated and memory intensive, for which no special-purpose chip provides any advantage ▪ Runs Ethereum Virtual Machine (EVM) and the programming language Solidity Ethereum Ethereum uses the Ethash cryptographic algorithm, over which special-hardware will not provide any advantage
  47. 47. 47 Tokens
  48. 48. 48 ▪ Coins (often called altcoins) are digital money, created using encryption techniques, that store value over time ▪ They are tied to public-open blockchain ▪ They may be sent, received, or mined ▪ Coins are not meant to perform any functions beyond acting as money Coins and tokens actually refer to two completely different concepts
  49. 49. 49 ▪ Tokens may perform the functions of digital asset ▪ E.g. a company’s share ▪ Tokens have certain use case but only inside certain project ▪ Creating a token is easier than creating a coin - no need to create a new code, only need to modify already existing code ( you just use a standard template from platforms like Ethereum) Tokens can be used for payment but the main difference is that it gives the holder a right to participate in the network https://next.autonomous.com/thoughts/the-grand-unified-token-taxonomy
  50. 50. 50 ▪ Token is commonly used to refer to privately issued special-purpose coin-like items of insignificant intrinsic value ▪ E.g., transportation tokens, laundry tokens, and arcade game tokens ▪ Often restricted to specific businesses, organizations, or locations, physical tokens are not easily exchangeable and typically have only one function ▪ Nowadays, tokens administered on blockchains are redefining the word to mean blockchain-based abstractions that can be owned and that represent assets, currency, or access rights ▪ Many blockchain tokens serve multiple purposes globally and tradeable for each other or for other currencies on global liquid markets Tokens are blockchain-based abstractions that can be owned and that represent assets, currency, or access rights
  51. 51. 51 ▪ The most obvious use of tokens is as digital private currencies but tokens can be programmed to serve many different functions, often overlapping ▪ E.g., a token can simultaneously convey a voting right, an access right, and ownership of a resource ▪ Possible applications include ▪ Currency ▪ A token can serve as a form of currency, with a value determined through private trade ▪ Resource ▪ A token can represent a resource earned or produced in a sharing economy or resource-sharing environment; for example, a storage or CPU token representing resources that can be shared over a network How tokens are used
  52. 52. 52 ▪ Asset ▪ A token can represent ownership of an intrinsic or extrinsic, tangible or intangible asset ▪ e.g., gold, real estate, a car, oil, energy, MMOG items, etc. ▪ Access ▪ A token can represent access rights and grant access to a digital or physical property ▪ e.g., a discussion forum, an exclusive website, a hotel room, or a rental car. ▪ Equity ▪ A token can represent shareholder equity in a digital organization (e.g., a DAO) or legal entity (e.g., a corporation) ▪ Voting ▪ A token can represent voting rights in a digital or legal system How tokens are used
  53. 53. 53 ▪ Collectible ▪ A token can represent a digital collectible (e.g., CryptoPunks) or physical collectible (e.g., a painting) ▪ Identity ▪ A token can represent a digital identity (e.g., avatar) or legal identity (e.g., national ID) ▪ Attestation ▪ A token can represent a certification or attestation of fact by some authority or by a decentralized reputation system ▪ e.g., marriage record, birth certificate, college degree ▪ Utility ▪ A token can be used to access or pay for a service How tokens are used
  54. 54. 54 Considerations for using tokens as assets: fungibility, counterparty risk, and intrinsicality Fungibility Counterparty Risk Intrinsicality No unique information can be written into fungible tokens. Non-fungible tokens are unique and hold information instead of value. Counterparty risk is the risk that the other party in a transaction will fail to meet their obligations. Intrinsic tokens are intrinsic to the blockchain and are governed by consensus rules. Intrinsic tokens do not carry additional counterparty risk.
  55. 55. 55 ▪ In economics, fungibility is the property of a good or a commodity whose individual units are essentially interchangeable ▪ Tokens are fungible when we can substitute any single unit of the token for another without any difference in its value or function ▪ Strictly speaking, if a token’s historical provenance can be tracked, then it is not entirely fungible ▪ The ability to track provenance can lead to blacklisting and whitelisting, reducing or eliminating fungibility ▪ Each non-fungible token is associated with a unique identifier, such as a serial number
  56. 56. 56 ▪ Counterparty risk is the risk that the other party in a transaction will fail to meet their obligations ▪ Additional counterparty risk if there are more than two parties involved ▪ E.g., A transaction for certificate of deposit for a precious metal will involve at least three parties: the seller, the buyer, and the custodian of the precious metal, who by necessity, becomes party to the fulfillment If a token represents an asset, it is key to understand who holds the asset & what rules apply to that underlying asset ▪ When an asset is traded indirectly through the exchange of a token of ownership, there is additional counterparty risk from the custodian of the asset ▪ Do they have the asset? Will they recognize (or allow) the transfer of ownership based on the transfer of a token (such as a certificate, deed, title, or digital token)?
  57. 57. 57 ▪ Intrinsic tokens represent digital assets that are intrinsic to the blockchain and are governed by consensus rules, just like the tokens themselves ▪ Tokens that represent intrinsic assets do not carry additional counterparty risk ▪ If you hold the keys for a CryptoKitty, there is no other party holding that CryptoKitty for you ▪ The blockchain consensus rules apply and your ownership (i.e., control) of the private keys is equivalent to ownership of the asset, without any intermediary Intrinsicality of tokens determines if the ownership of the associated assets carry any counterparty risk
  58. 58. 58 ▪ Conversely, many tokens are used to represent extrinsic things ▪ E.g., real estate, corporate voting shares, trademarks, and gold bars ▪ The ownership of non-intrinsic assets is governed by law, custom, and policy, separate from the consensus rules that govern the token ▪ Token issuers and owners may still depend on real-world non-smart contracts ▪ Extrinsic assets carry additional counterparty risk because they are held by custodians, recorded in external registries, or controlled by laws & policies outside the blockchain environment ▪ A good example is moving from equity in a corporation (extrinsic) to an equity or voting token in a DAO or similar (intrinsic) organization Blockchain-based tokens have the ability to convert extrinsic into intrinsic assets & thereby remove counterparty risk
  59. 59. 59 ▪ Sending ether is an intrinsic action of the Ethereum platform, but sending or even owning tokens is not ▪ The ether balance of Ethereum accounts is handled at the protocol level, whereas the token balance of Ethereum accounts is handled at the smart contract level ▪ To create a new token on Ethereum, you must create a new smart contract ▪ Once deployed, the smart contract handles everything, including ownership, transfers, and access rights ▪ You can write your smart contract to perform all the necessary actions any way you want, but it is probably wisest to follow an existing standard Tokens are different from ether in that the Ethereum protocol does not know anything about them
  60. 60. 60 ▪ The answer to that is pretty simple, even in real life, there are tons of places where we use a form of token over cash ▪ E.g., Ocean Park is like a DApp, your money is Ether and the wrist band is the token ▪ By using tokens to execute certain functions in the smart contract of the DApps you make the process much more simple and seamless ▪ If the demand of an DApp is sufficiently high, and with the supply remaining constant, the value of the token is going to be high Why don’t we use Ether to pay for every transaction on the Ethereum network saving the introduction of any token?
  61. 61. 61 CryptoKitties https://coinsutra.com/cryptokitties-cryptocollectibles/ https://www.cryptokitties.co/
  62. 62. 62 ▪ CryptoKitties is a blockchain-based game in which one can breed, collect and hold kittens that are made and generated over Ethereum blockchain ▪ These cryptokitties are just like humans that are unique and cannot be replicated, taken away or destroyed by anyone ▪ Cryptokitties are a new form of collectibles which one can trade, buy, sell, collect like traditional collectibles ▪ The unique thing is that one can even breed this form of crypto-collectibles and the result will be a totally unique new offspring! ▪ The ownership will be tracked and everything will be recorded securely on a transparent blockchain of Ethereum What is CryptoKitties
  63. 63. 63
  64. 64. 64 ▪ A computer or laptop running the desktop version of Chrome or Firefox ▪ MetaMask is Ethereum’s digital wallet used specifically with web apps ▪ Ether, a form of digital payment that powers CryptoKitties What do you need to play CryptoKitties
  65. 65. 65 ▪ Ether can be bought from various resources using credit cards ▪ CEX.io ▪ Coinmama ▪ Coinbase ▪ Changelly ▪ Bitit ▪ BitPanda ▪ Once you have your Ether tokens, transfer some ETH to the MetaMask wallet Start playing CryptoKitties
  66. 66. 66 ▪ It is not a free game so you are required to pay ETH to actually play the ▪ You can start playing CryptoKitties by buying or selling existing kitties or else breeding with another to form a new and unique cryptokitty for yourself ▪ In the MetaMask marketplace, you will see a sale of kitties going on ▪ You can fund you MetaMask wallet and actually purchase a kitty Buying and Selling Cryptokitties
  67. 67. 67 ▪ In the siring section, start by choosing one of your cryptokitties to be the sire (i.e. the dad) ▪ Then you can choose another cryptokitty to be the mother ▪ A new kitty will appear in “My Kitties” soon ▪ You can keep this new offspring or sell it in the marketplace at your designated price ▪ You will need to pay a fee of 0.3028 ETH for the breeding process Breeding Cryptokitties
  68. 68. 68 ▪ CryptoKitties are NOT cryptocurrencies but for a real-world scenario CryptoKitties are crypto-collectibles ▪ Cryptocurrencies are like USD or EUR whereas cryptokitties or crypto-collectibles are like unique stamps or a unique artwork that only you own ▪ You can sell a cryptokitty in the marketplace at your desired price & earn a profit ▪ The marketplace is driven by demand and supply & asking prices ▪ It is highly profitable if your kitties are unique and appealing enough to the buyer ▪ Some cryptokitty was sold in the marketplace at a high price at the time of Genesis and also cryptokitties worth $4 million have been already sold Can one earn money playing CryptoKitties
  69. 69. 69 CryptoKitties was created by Axiom Zen and spun out into a new company called Dapper Labs in February 2018, raising $12.85M from leading investors including Andreessen Horowitz, Union Square Ventures, and the founders of Dreamworks, Reddit, Coinbase, Zynga, and AngelList, among others https://drive.google.com/file/d/1soo- eAaJHzhw_XhFGMJp3VNcQoM43byS/view
  70. 70. 70 Initial coin offering (ICO)
  71. 71. 71 https://coinmarketcap.com/coins/
  72. 72. 72 https://coinmarketcap.com/tokens/
  73. 73. 73 https://elementus.io/token-sales-history
  74. 74. 74 Ethereum development
  75. 75. 75 The four phases of Ethereum planned development https://www.draglet.com/ethereum-constantinople/ Frontier Homestead Metropolis SerenityOlympic
  76. 76. 76 ▪ Frontier – The early groundbreaking and testing of a platform that could support smart contracts and decentralized applications ▪ Homestead – The formalization of how the Ethereum Virtual Machine works and strengthening the ecosystem for smart contract development and the Solidity language ▪ Metropolis – Solving the issues that come at scale; making Ethereum more amenable to large-scale or performance applications and many users ▪ Byzantium – Laying the foundation ▪ Constantinople – Improving performance and setting timeline for Serenity ▪ Serenity – Make Ethereum self-sustaining and highly-scalable with a move to proof of stake and sharded state channels that allow for concurrent processing of smart contracts while still maintaining the security of the blockchain Right from the early days, the core developers created an outline of a four-staged development plan for Ethereum
  77. 77. 77 Ethereum has gone through a number of planned and unplanned hard forks Fork Planned? Information Date Forking Block Frontier Yes https://blog.ethereum.org/2015/07/27/final-steps/ 07/31/2015 1:26:28 AM 1 Frontier Thawing Yes https://blog.ethereum.org/2015/08/04/ethereum-protocol-update-1/ 09/08/2015 7:33:09 AM 200,000 Homestead Yes https://blog.ethereum.org/2016/02/29/homestead-release/ 03/15/2016 3:49:53 AM 1,150,000 DAO Fork No https://blog.ethereum.org/2016/07/20/hard-fork-completed/ 07/20/2016 11:20:40 PM 1,920,000 Tangerine Whistle No https://blog.ethereum.org/2016/10/18/faq-upcoming-ethereum-hard-fork/ 10/18/2016 11:19:31 PM 2,463,000 Spurious Dragon No https://blog.ethereum.org/2016/11/18/hard-fork-no-4-spurious-dragon/ 11/23/2016 1:15:44 AM 2,675,000 Byzantium Yes https://blog.ethereum.org/2017/10/12/byzantium-hf-announcement 10/16/2017 3:22:11 PM 4,370,000 Constantinople (and St. Petersburg) Yes https://blog.ethereum.org/2019/02/22/ethereum-constantinople-st- petersburg-upgrade-announcement/ 02/28/2019 7,280,000 ◦ Fork - A change in protocol causing the creation of an alternative chain, or a temporal divergence in two potential block paths during mining. ◦ Hard fork - A permanent divergence in the blockchain; also known as a hard-forking change. One commonly occurs when nonupgraded nodes cannot validate blocks created by upgraded nodes that follow newer consensus rules.
  78. 78. 78 The Frontier and Homestead hard forks established a fundamental and stable application platform Fork Purpose Frontier A transparent and open release for developers to experiment and develop decentralized applications. The first software release of Frontier had a hardcoded Gas limit per block of 5,000 Gas. Unlike the normal Gas per block parameter, this special limit would not grow proportionally to the network usage - effectively preventing transacting during the first few days. This period would enable miners to start their operations and early adopters to install their clients without having to ‘rush’. Instability of the platform including forks, potential abnormal display of information on http://stats.ethdev.com page, and various Peer to Peer connectivity issues was expected in the first few days. Frontier Thawing / Ice Age Updated Gas limit from 5k to 3M gas per block making it possible for blocks to be successfully mined. The Gas required to process a block with one transaction is 21k Gas. Also introduced an exponential difficulty increase (aka Difficulty Bomb), motivating a transition to Proof of Stake. Homestead To stabilize the platform with protocol and networking changes. Included EIP2, EIP7, and EIP8.
  79. 79. 79 Three unplanned hard forks were initiated in response to The DAO attacks in 2016 Fork Purpose DAO Fork Block 1,920,000 contained the execution of an irregular state change which transferred ~12 million ETH from the “Dark DAO” and “Whitehat DAO” contracts into the WithdrawDAO recovery contract. The recovery contract returned The DAO token holders’ ETH under the control of a curator contract. The forking caused Ethereum and Ethereum Classic to split into two competing systems. Tangerine Whistle Starting from 18th September, 2016, the Ethereum network was under attack by a person or group resulting in large delays before transactions were processed. The network was then filled with pending transactions which was causing users delays in processing their transactions. It was essentially a denial of service (DoS) attack on the Ethereum blockchain. Every operation that an Ethereum contract performs on the network was given a price or gas fee. Using the ADD operation is less computationally expensive than performing a complex operation such as hashing a number using SHA256. The attacker performed a DoS attack by repeatedly calling certain operation codes (opcodes) in their smart contracts that were computationally difficult for clients to process, but very cheap to add to the network. In order to prevent the attacker(s) from continuing to flood the network with low-priced contracts with high computational cost, the gas calculation for certain I/O-heavy operations was raised. Included EIP150 and EIP158. Spurious Dragon It is the second hard fork of the two-round hard fork response to the DoS attacks on the Ethereum network in September and October, 2016. The hard fork addressed important but less pressing matters such as further tuning opcode pricing to prevent future attacks on the network, enabling “debloat” of the blockchain state, and adding replay attack protection. Included EIP155, EIP160, EIP161, and EIP170.
  80. 80. 80 Byzantium and Constantinople hard forks are planned infrastructure upgrades Fork Purpose Byzantium Improved Ethereum’s performance, efficiency, privacy, scalability, and security. Some of the changes were directed at improving smart contracts by creating a way for developers to program planned contract upgrades. The most exciting EIP integrated Ethereum with ZK-Snarks, a cryptographic innovation developed in collaboration with anonymity-centric cryptocurrency Zcash. This technology allows Ethereum users to make transactions that cannot be traced. Block reward was reduced from 5 ETH to 3 ETH being part of the plan to do away with block rewards altogether and move towards a Proof of Stake algorithm. Included EIP100, EIP140, EIP196, EIP197, EIP198, EIP211, EIP214, EIP649, and EIP658. Constantinople (and St. Petersburg) An infrastructure and protocol improvement for the Ethereum blockchain making the Ethereum faster and less costly to operate. Miners' reward will be reduced from 3 ETH to 2 ETH and as a result delaying the difficulty bomb for a period of 12 months. This difficulty bomb would make it impossible to mine after a certain point and would freeze the entire network, hence its also known as Ethereum's ice age. The developers would keep on improving and the miners has to adopt the update, else would not be able to profit from mining. Constantinople includes EIP145, EIP1014, EIP1052, and EIP1234. St. Petersburg includes the removal of EIP1283. The Ethereum Ice Age is a difficulty adjustment tactic which was implemented to make sure that everyone is motivated to transition to the new blockchain after the hard-fork takes place. It is set to raise difficulty exponentially. It will be difficult for miners to carry on with the intensification of difficulty which would increase block time and it would lead to the freezing of the blockchain, hence this period being dubbed the Ice Age.
  81. 81. 81 Serenity is the last phase and has one key principle – to switch the Ethereum network from Proof of Work (Pow) to Proof of Stake (PoS) – essentially reducing the power consumption of the Ethereum network The Serenity phase will follow and bring the breakthrough to the mainstream ▪ PoW means miners are in competition for the block rewards while they are proving their computers are calculating compute cycles ▪ PoS means the miners use invested ether to simulate the actual mining process to compete for the block reward
  82. 82. 82 Risks
  83. 83. 83 Harsh lessons are learned by developers and users alike in discovering the nuances of the language and the EVM ▪ Re-entrancy ▪ Arithmetic over/under flows ▪ Unexpected ether ▪ Delegatecall ▪ Default visibilities ▪ Entropy illusion ▪ External contract referencing ▪ Short address/parameter attack ▪ Unchecked CALL return values ▪ Race conditions / front running ▪ Denial of service (DOS) ▪ Block timestamp manipulation ▪ Constructors with care ▪ Uninitialised storage pointers ▪ Floating points & precision ▪ tx.origin authentication https://hackernoon.com/hackpedia-16-solidity-hacks-vulnerabilities-their-fixes-and-real-world-examples-f3210eba5148
  84. 84. “The DAO” Attack
  85. 85. 85 ▪ “The DAO” is the name of a particular Decentralised Autonomous Organisation (DAO), conceived of and programmed by the team behind German startup Slock.it that builds “smart locks” to let people share things (cars, boats, apartments) in a decentralized version of Airbnb ▪ “The DAO” was launched on 30th April, 2016, with a 28- day funding window ▪ “The DAO” was the largest crowdfunding in history ▪ Offered and sold approximately 1.15B DAO Tokens in exchange for a total of approximately 12M ETH, valued at approximately US$150M from 11,000+ members ▪ It can be said that the marketing was better than the execution, for during the crowdsale, several people expressed concerns that the code was vulnerable to attack “The DAO” was the largest crowdfunding in history, having raised $150M+ from 11,000+ members
  86. 86. 86 The DAO initial offering, project selection, and token monetisation processes The DAO Curators Redemption Process Investors Secondary Markets Funded Projects Contractor Whitelisted Project ETH DAO TokensDAO Tokens currency initial offering DAO entity split DAO Tokenscurrency The DAO project proposal Contractor funding in ETH profits approval votes acceptance Stephen TualChristoph Jentzsch Simon Jentzsch Founders
  87. 87. 87 ▪ Once the crowdsale was over, there was much discussion of first addressing the vulnerabilities before starting to fund proposals ▪ In particular, Stephan Tual, one of creators of “The DAO”, announced on June 12 that a “recursive call bug” had been found but that “no DAO funds [were] at risk” ▪ At the time, more than 50 project proposals were waiting for token holders of “The DAO” to vote on them “The DAO” was aware of the re-entrancy vulnerability but misjudged the potential impact
  88. 88. 88 ▪ An unknown attacker began exploiting the re- entrancy vulnerability to start draining “The DAO” of ether collected from the sale of its tokens ▪ By Saturday, 18th June, the attacker managed to drain more than 3.6M ether (worth ~US$70M at the time) into a “child DAO” that has the same structure as “The DAO” ▪ The price of ether dropped from over US$20 to under US$13 By exploiting the re-entrancy vulnerability, an attacker managed to drain 3.6M+ ether from “The DAO” contract
  89. 89. 89 ▪ “The DAO” contained roughly 15% of all ether, so a failure of “The DAO” would have a negative impact on the Ethereum network and its cryptocurrency ▪ Dozens of startups were working on DAO or governance products, many smart contracts had similar vulnerabilities and building complex software using smart contracts was still in its infancy ▪ All eyes were on “The DAO” and the Ethereum Foundation, hoping for a resolution that would allow the ecosystem to continue to develop as it had been before All eyes were on “The DAO” and the Ethereum Foundation to resolve the issue & resume business
  90. 90. 90 ▪ In order to prevent the hacker from cashing in the ether from the “child DAO” after the standard 28 days, a soft fork was voted on and it was really close to being introduced ▪ A few hours before it was supposed to be released a few members of the community found a bug with the implementation that opened a denial-of-service attack vector ▪ This soft fork was designed to blacklist all the transactions made from “The DAO” and the fact that such a soft fork was not possible to implement meant that the Ethereum blockchain was immune to transaction censorship A soft fork proposal was a good news for everyone but it turned out to be unfeasible
  91. 91. 91 ▪ The Ethereum Foundation had a lot at stake there ▪ They wanted the network to be rock solid, to support billions of dollars worth of commerce, and to be “the operating system of the future” ▪ If they did nothing, the Ethereum network would suffer a setback that could take years to recover from; if they intervened, they would set a dangerous precedent that eroded the social contract they set up with their network of independent nodes The Ethereum Foundation did not design the network to be the judge & jury when some parties got injured
  92. 92. 92 ▪ The attacker withdrew ether from “The DAO” contract multiple times using the same DAO Tokens ▪ This was possible due to what is known as a recursive call exploit ▪ In this exploit, the attacker was able to "ask" the contract (DAO) to give the ether back multiple times before the contract could update its own balance ▪ There were two main issues that made this possible: the fact that when “The DAO” contract was created the coders did not take into account the possibility of a recursive call and the fact that the smart contract first sent the ETH funds and then updated the internal token balance The attacker withdrew ether from “The DAO” multiple times before it could update its own balance
  93. 93. 93 The following is a simplified representation of “The DAO” smart contract contract DAO { // This declares a state variable that stores the token balance for each possible address mapping (address => uint) private balances; // To withdraw the amount given in the parameter from the contract function withdraw(uint x) { // The balance of the sender must be more than the amount to withdraw if (balances[msg.sender] >= x) { // Invoke the caller’s function using amount to withdraw as a parameter // The () represents the fallback function msg.sender.call.value(x)(); // Reduce the token balance of the sender by the amount withdrew balances[msg.sender] -= x; } } }
  94. 94. 94 A transaction will involve a wallet smart contract interacting with “The DAO” smart contract contract DAO { mapping (address => uint) private balances; function withdraw(uint x) { if (balances[msg.sender] >= x) { msg.sender.call.value(x)(); balances[msg.sender] -= x; } } } “The DAO” contract function doWithdraw() { A.withdraw(100); } function() { EventMoneyReceived(msg.value); } Wallet contract balance: 300 balances[A]: 100 balance: 0balance: 100 balance: 200 balances[A]: 100 balance: 200 balances[A]: 0
  95. 95. 95 A transaction will involve a wallet smart contract interacting with “The DAO” smart contract contract DAO { mapping (address => uint) private balances; function withdraw(uint x) { if (balances[msg.sender] >= x) { msg.sender.call.value(x)(); balances[msg.sender] -= x; } } } “The DAO” contract function startAttack() { A.withdraw(100); } function() { A.withdraw(100); } Attacker contract balance: 300 balances[A]: 100 balance: 0balance: 100 balance: 200 balances[A]: 100 balance: 100 balances[A]: 100 balance: 0 balances[A]: 100 balance: 200balance: 300
  96. 96. 96 ▪ A more conclusive hard fork solution was then put up for vote ▪ This hard fork had the sole function of returning all the ether taken from “The DAO” to a refund smart contract with a new contract having only one function: withdraw ▪ “The DAO” token holders can request to be sent 1 ETH for every 100 DAO ▪ This proposal created a lot of controversy among the Ethereum community, which was split into 2 groups: supporters and non-supporters The hard fork proposal was controversial among the Ethereum community causing the birth of Ethereum Classic
  97. 97. 97 https://www.sec.gov/litigation/investreport/34-81207.pdf … …
  98. 98. Parity Wallet Hacks
  99. 99. 99 ▪ On Wednesday July 19, 2017, a bug found in the multi-signature wallet (“multi-sig”) code used as part of the Parity Wallet 1.5 software was exploited resulting in 3 (out of 596 vulnerable) multi-sig wallets being compromised losing 153,037 ETH worth US$30+M ▪ US$78M worth of tokens and 377,105+ ETH (around US$72M) that were potentially vulnerable to the issue were recovered by the white hat hackers, and returned to their rightful owners The first Parity Wallet attack in July, 2019 resulted in a loss of US$30M
  100. 100. 100 ▪ The bug was in a pair of extremely sensitive functions designed to allow the set-up of "multi-sig" wallets in the Parity Wallet software ▪ The functions should have been protected in order that they be usable only in one specific circumstance, as the contract was being created ▪ However, they were entirely unguarded, which allowed the attacker to reset the ownership and usage parameters of existing wallets arbitrarily ▪ Though the code was open and public, and thus the bug could have been discovered, reported and fixed before any damage done, there was no incentive to ensure good-natured eyes from the community inspected it! The bug was in a pair of functions designed to allow the set- up of "multi-sig" wallets in the Parity Wallet software
  101. 101. 101 ▪ The attacker sent two transactions to each of the affected contracts: the first to obtain exclusive ownership of the MultiSig, and the second to move all of its funds The attacker obtained exclusive ownership of the MultiSig wallets through changing the constructor function // Constructor – just pass on the owner array to the multiowned and the limit to daylimit function initWallet(address[] _owners, uint _required, uint _daylimit) { initDaylimit(_daylimit); initMultiowned(_owners, _required); } ▪ This function was probably created as a way to extract the wallet’s constructor logic into a separate library ▪ The wallet contract forwards all unmatched function calls to the library using delegatecall, in line 424 of the wallet
  102. 102. 102 The attacker changed all public functions from the library including initWallet to be callable by anyone Function() payable { // just being sent some cash? if (msg.value > 0) Deposit(msg.sender, msg.value); else _walletLibrary.delegatecall(msg.data); } ▪ Unfortunately, initWallet has no checks to prevent an attacker from calling it after the contract was initialized ▪ The attacker exploited this and simply changes the contract’s m_owners state variable to a list containing their address and requiring just one confirmation to execute any transaction
  103. 103. 103 ▪ This execution was automatically authorized, since the attacker was then the only owner of the MultiSig, effectively draining the contract of all its funds After that, it was just a matter of invoking execute to send all funds to an account controlled by the attacker https://medium.com/@JusDev1988/recreating-the-multisig-exploit-code-along-3abfbe77bd35
  104. 104. 104 ▪ On Monday November 6, 2017, a vulnerability (uninitialized owner) in the “library” smart contract code, deployed as a shared component of all Parity MultiSig wallets deployed after July 20, 2017, was found by an anonymous user ▪ The user decided to exploit this vulnerability and made himself the owner of the “library” contract and subsequently killed the “library” contract ▪ Since Parity MultiSig wallets depend on this contract, this action blocked funds in 587 wallets locking up a total amount of 513,774.16 Ether and additional tokens (worth US$150+M) ▪ Subsequent to destroying the “library” contract, GitHub user “devops199” posted issue #6995 that prompted the investigation into the matter The second Parity Wallet attack on November 6, 2017 locked up US$150+M
  105. 105. 105 ▪ The “library” code was written to protect itself from being killed by someone other than an owner, and also to protect itself from having its ownership being taken over ▪ However, and this is a big however, the “bug” that was exploited was that it allowed an owner to get set the first time calling it ▪ The only way that the attacker could have taken ownership is if the Parity wallet contract was deployed without an initial owner ▪ So, is that a bug in the code, or a bug in the deployment process? ▪ The library code was put out there and left defenseless due to failing to do the next step to initialize the owner The “library” code was put out there and left defenseless due to failing to initialize the owner https://medium.com/@DaveChappell_83345/detailed-analysis-of-the-300m-ethereum-wallet-breach-83d41fe36dd0
  106. 106. Thank you

×