Uploaded bykeithfernandez19
PDF, PPTX344 views

Blockchain, Hyperledger, DeFi, Web 3.0 - understanding and concepts

The document provides a comprehensive overview of blockchain technology, discussing its key elements, benefits, mining processes, and various types of blockchains including permissioned and permissionless models. It introduces Hyperledger, a collaborative effort to advance blockchain for businesses, and details the structure and functioning of Hyperledger Fabric, including transaction consensus and smart contracts. Furthermore, it explains layer 2 scaling solutions, sidechains, and the roles of validator nodes in maintaining blockchain security.

Embed presentation

Download as PDF, PPTX
BLOCKCHAIN, HYPERLEDGER,WEB 3.0 UNDERSTANDING AND CONCEPTS Pradeep Keith Fernandez – CISSP, CISA, CIPT Disclaimer:All the content that is presented in these slides are content from various articles, youtube videos and magazines on the internet. I have just summarized my thoughts basis this understanding and is meant for educational purposes for those that wish to learn more on these topics.These thoughts, opinions and understanding are solely my own and do not represent in any way anybody or any organization that I am associated with.
Blockchain and Key elements • A blockchain is a distributed ledger that is open to anyone that facilitates the process of recording transactions and tracking assets in a business network • It is a system in which a record of transactions are maintained across several computers that are linked in a peer-to-peer network • A blockchain collects information together in groups, known as blocks, that hold sets of information. • Blocks have certain storage capacities and, when filled, are closed and linked to the previously filled block using the hash of the previous block, forming a chain of data known as blockchain • If one user tampers with a block’s record of transactions, all other nodes would cross- reference each other and easily pinpoint the node with the incorrect information. • Blockchain is ideal for delivering faster, reliable and accurate information because it provides immediate, shared and completely transparent information stored on a distributed immutable ledger that can be accessed only by network members Nodes & Blocks • A block contains collection of records or transactions for e.g. A pays B 50$, Y pays B 15$. • A block can hold a certain no of transactions only(~400 for ETH and ~1500 for Bitcoin) and block size for bitcoin is 1 MB • To participate in the blockchain, every user needs to have a node/device running • Nodes are connected to each other & exchange the newest information on the blockchain with each other • A block has a header and body where the hash of the previous block is stored along with the hash of the current block. The body contains the list of transactions solved in the block. • Adding a block to the blockchain takes roughly 10 minutes for Bitcoin and the algorithm changes whenever computing power increases to keep this status quo at 10 minutes Block Blockchain Benefits • Decentralied • Greater Transparency • Instant traceability • Faster • Security & Privacy • Automation
Blockchain - Mining Mining (Proof of Work consensus) • To add a block to the blockchain, there is a process called mining (proof of work model). • There are nodes running across the globe and miners CAN validate the transactions for a block within seconds. • After a block is mined, it takes time for other miners to find out about it, and until then they are actually competing against the new block instead of adding to it and multiple miners can attempt to add a block to the last valid block and can lead to chain splits. • For e.g. a miner in Canada may add a block after validating the transactions at the same time a miner in Australia may validate & add a block as well. The information about the new block takes some time to propograte to different regions and some may get info that the Canada miner block is valid and add further blocks to that. While others may see the Australia miners block added and will start adding blocks to that leading to forks or chain splits. • To ensure that there is sufficient time for a validated block to propagate to multiple nodes bitcoin algorithm requires a cryptographic hash to be solved which takes ~10 mins, post which a miner can add a block. A pays B 50$ C pays Y 100$ Y pays Z 10$ The transaction messages is sent to the network to all the nodes (part of transaction pool/ mempool These transactions are unvalidated. Miner Nodes pick up bunch of transactions run validity checks etc To transfer money, the private key of A is used to sign the transaction which delivers proof that the money has come from owner Miners need to solve a hash which takes 10 mins to solve Once a miner has solved the hash function, it will add the block with the nounce that solved the hash function Other miners can thus verify that the nounce is valid, and will then solve other transactions in the transaction pool adding to this new block
Blockchain – Hashing algorithm • To prove that we have mined the block first, we have to solve a hash and get an output with an x no of zeros at the end of the hash. The input for the hash e.g. will be the transactions in the hash like X pays 50$ to Y, Y pays 15$ to Z and Z pays 5$ to B along with a nounce to get a hash output where the no of 0’s • We have to keep adding a random number to this input to get x no of zeros in the hash output. This may take significant computing power and time to solve. • For e.g. to get a hash for 1 zero it may take a few iterations, however to get a hash of 2 zero’s it may take hundreds of tries. • To get a hash of 17 zero’s will require huge no of retries with different random numbers. In case the computing power increases of the miners where hashes can be solved in less than 10 mins, the algorithm may be made more difficult to get more than 17 zero’s in the hash output • Once we get x no of zeros at the end of the hash, we say the block is solved and verified. The number added to the input to get x no of zeros in the hash output is called the nounce. • A block consist of a header and a body. The header contains the hash of previous block, timestamp, nounce and the merkle root. The body has the transaction data. • Blocks confirm the exact time and sequence of transactions, and the blocks link securely together to prevent any block from being altered or a block being inserted between two existing blocks • Once the hash is solved, other nodes in the network will understand that they need to add to this block. X paysY 50$,Y pays Z 15$, Z pays B 5$ Transactions in block Add random number to generate hash with x no of leading zero’s in hash X paysY 50$,Y pays Z 15$, Z pays B 5$ + random number 68e656b251e67e8358bef8483ab0d51c6619f3e7a1a9f0e75838d41ff368f728 Hash ouput 0000000000000000058bef8483ab0d51c6619f3e7a1a9f0e75838d41ff368f728 Accepted Hash ouput
Blockchain permissioned vs permissionless • There are different kinds of blockchains that have evolved from the 1st generation blockchain that was bitcoin which is a public blockchain. • Bitcoin purpose was basically an electronic payment system allowing any two willing parties to transact with each other without the need for a trusted 3rd party. This form of blockchain was a public network blockchain or permissionless blockchain. • A private blockchain is a restricted network that only certain members that are allowed to join will have access and can participate in the network. • A Hybrid blockchain brings the best of both public and private blockchains combing the transparency of a public blockchain along with the security and speedof a private blockchain. A node in the hybrid blockchain will have a public state and a private state. The private state is decided between 2 ore more nodes basis what business they want to carry on between themselves. Don’t need to setup another blockchain if an enterprise wants to do business with another 3rd party. They can just create a private subnetwork to share sensitive information while they are already part of the overall public but closed network. • A consortium blockchain has multiple organizations that maintain the system • It’s a permissioned network like a Private blockchain but offer a decentalized structure like a public blockchain where each organization receives similar treatment and keeps things transparent. No single entity ruling over the network.There are technology and Business type consortium blockchains. • Hyperledger is a Tech based Consortium blockchain. Business type consortium blockchains offer solutions in Banking, Supplychain (like IBM food trust), etc Public Private Hybrid Consortium Larger network size, more difficult to hack the network. All nodes have a copy of the ledger. Anyone can join. Slow Closed network. Used by enterprises. Transactions are executed faster. More centralized, however due to fewer nodes, susceptible to security breaches. Used for solutions like supply chain mgmt Uses permissioned consensus mechanism for faster transactions and chepaer cost. Network has a public state. However enterprises can host subnetworks where data is private between company A & B where they share sensitive financial data, Over the public newotk they can share basic data. Permissioned network like a Private blockchain but offer a decentalized structure like a public blockchain
HyperLedger - Fabric • In 2016, the Linux Foundation launched Hyperledger to democratize and standardize Blockchain for the business world. Hyperledger is an open-source collaborative effort created to advance cross-industry blockchain technologies • Allows organizations to build custom Blockchain apps to cater to their specific business needs. • HyperLedgers has multiple frameworks like Fabric, Burrow, Sawtooth, Grid, etc Fabric • Hyperledger Fabric is a permissioned Blockchain infrastructure with a modular architecture wherein there’s a delineation of roles between the nodes in the infrastructure, the execution of smart contracts, along with configurable consensus and membership services. • In a Fabric network, there is a membership service that handles identity for users transacting via a digital certificate. The certificate is used to sign transactions and submit them onto the blockchain as well as basis their identity access permissions are provided to perform certain transactions. • The CA is a pluggable module and you can use the Fabric CA or an external CA • Client Apps are written in any language like node.JS, Python and Java and interact with the blockchain network via SDK’s/Hyperledger Fabric client. • There are different peer nodes called endorsers and committers. An organization can run multiple peers and there could be multiple organizations as part of the network Client App SDK HFC External CA Fabric CA Membership Services Endorser Peer Committer Peer Blockchain ChainCode Events World State peer HyperLedger Fabric Network Ordering Service Endorsment Policy BESU BURROW FABRIC INDY SAWTOOTH Different types of Hyperledger's
HyperLedger – Fabric Consensus Flow Fabric Consensus flow • Client app proposes a transaction and wants to invoke a particular function of the smartcontract. The input from the client app is sent to the endorser peers • Endorsers are responsible for executing the transcation and signing(using its certificate to sign the transaction) saying this is the output of the transaction and I agree with it. • If all endorsment peers endorse a transaction, the client app is going to receive these read/write sets, which is sent to ordering once there are sufficient signatures • There could be multiple client apps that are submitting transactions to the ordering service • The ordering service will ensure that there is an order to the transactions and ordered across all the nodes basis the timestamp • So ordering service will say transaction A, B, C are in block 948 and transaction X,Y, Z are in block 949 to all nodes to follow that and maintain consistency in the network. • Post ordering where the block is sent to all nodes, the validation is done, for e,g, double spending validation or there could be chances that not all endorsers endorsed the transaction. • Verifications on the read/write set is performed by all the peers (endorsers and committer and mark transactions as valid or invalid. • Only the valid write transactions will be updated in the world state along with a new version number. The world state is implemented as a database. • The world state version number is for internal use by Hyperledger Fabric, and is incremented every time the state changes. The version is checked whenever the state is updated to make sure the current states matches the version at the time of endorsement. • There are different events that are generated and client apps can register to be notified when transactions fail or succeed and when blocks are added to the ledger. Committing peers will notify applications of such events Propose TX Endorse Order Validate Commit HyperLedger Fabric consensus flow Client App SDK HFC External CA Fabric CA Membership Services Endorser Peer Committer Peer Blockchain ChainCode Events World State peer HyperLedger Fabric Network Ordering Service Endorsment Policy
SmartContracts • A smart contract is self-executing code that carries out a set of instructions, which are then verified on the blockchain • They are trustless, autonomous, decentralized, and transparent meaning they can reduce or even eliminate the need for third-party intermediaries • The code defines the mechanisms of the transaction and is the final arbiter of the terms. If something happens then something else happens (if/when…then) • A state variable is defined which is stored in the blockchain. For e.g. a state variable for an baggage claim smart contract will be the no of bags user has onboarded on a flight. • Once a condition is met, the contract is executed immediately basis the condition set. For e,g. State can change basis user accepting that they have received their bags or not received their bags. • If user has received their bags, state is updated basis API/Delivery notifcation and transaction is updated on the blockchain. • If he has not received his bags, the smartcontract can use functions to decide the next course of action like paying the user for lost baggage, etc User purchases a product Write smart contract in Solidty Ecom provider sends package via logistics company Smart contract is written by ecom company that once the package is delivered and confirmed by the user, will the delivery company receive the money Create a state variable on current state and assign it to a function Deploy the contract using Truffle and Embark, Ethereum studio and test the contract When the condition is met the smartcontract is executed on the blockchain logistics company delivers package to customer Customer confirms he has received the package
SideChains & Layer 2 scaling solution (off-chain) • Layer 2 scaling solutions are built on top of Main chain using existing elements like smart contracts • Main chains are really slow and if we try to speed them up they arent as secure or as safe. Also transaction/gas fees are very high on the main chain with validators/miners solving only high worth transactions keeping many transactions pending. • There is a tradeoff between security, decentralization and speed of transactions • Scalability shouldn’t come at the expense of Security and Decentralization so its best to use layer 2 scaling and not compromise on security in the main chain Sidechain • Sidechains are a seperate blockchain that is connected to another blockchain (main blockchain) through 2 way peg to process some of the data from the main blockchain • Sidechains are responsible for their own security & need their own validators/miners and own consensus mechanism • Polygon is an Ethereum sidechain which uses the same EVM for the sidechain, so contracts deployed on the main chain can be directly deployed on the side chain 2 way peg • When you move your token from the main chain to the side chain, you need to lock them up in the main chain so they they are not available on both chains • Locking them up means these funds go to a wallet or contract that is controlled by the machine. After locking them up the funds are transferred to the side chain • When you want to move coins back from the side chain to the main chain you destroy your tokens on the side chain and you get to release your funds on the main chain Federation • A federation is the middleman in charge of locking and releasing funds between the 2 chains • Federations are usually code, while some are controlled by the sidechain's organization • The federation is in charge of whatever is locked up is exactly on the sidechain Main Chain Slow, High Gas fees, More Secure & Decentralized Side Chain Fast, low gas fees, less decentralized Locking up releasing Wallet controlled by a machine Released tokens are destroyed on sidechain at release
Writing Smart Contracts • Solidity is used to write smart Contracts using a .sol extension. Use the pragma to tell the compiler what version of solidity to use • Then use the contract keyword to define the details about the smart contract (like a class in c++) • Inside the contract we define the state or variables where the value might change through the lifecycle of the contract • It also has datatypes like address to hold a 20 byte Ethereum address • The struct keyword allows to construct more complex data types to define the different entities in the contract • Use the function keyword to define executable blocks of code which may be called upon sometime to modify the state of the contract • Can also define a constructor that is called once the contract is first created. Once the constructor is executed the code will be deployed on the blockchain • Once completed you can compile your smartcontract and use it programitcally with an API of choice like web3.js pragma solidity ^0.8.7; Contract MyContract { string public hello = “Hi” address payable public seller; address payable public buyer; struct Order { string description; bool completed } Function confirmOrder() public { buyer = payable(msg.sender); } Constructor(string memory _text) { | hello = _text } }
Validator Nodes • Earlier in Ethereum 1, there were miners to validate transactions once a block has been updated on the blockchain. In Ethereum 2.0 (beacon chain) this is replaced by validators. • A validator node is a special type of full node that participates in “consensus.” By participating in consensus, validator nodes become responsible for verifying, voting on, and maintaining a record of transactions. • To become a validator, you must setup a node on the blockchain. Have 32 Ether(~50K USD) as stake money. Validators stake their Ethereum cryptocurrency to confirm transactions on the network. They risk money in order to do that. Its an incentive to act honestly. If you confirm a transaction that’s valid then you get a passive income reward for doing that. If you act dishonestly then you lose money. • Validator nodes underpin the security of any blockchain or DLT network. That is why it is of vital importance to ensure that validator nodes remain both performant and trustworthy. • A node must first register with the network and sync the blockchain to become a validator. This allows token holders to stake (“delegate”) tokens to it and lets the network know that the node wishes to be considered for inclusion in the validator set. Registered nodes will be visible on both the Radix Explorer website and the Desktop Wallet. • On the Olympia release of the Radix Public Network, there is a maximum of 100 validator nodes at a time. These are selected based on the amount of stake XRD token holders have delegated to them.
Validator Nodes Setup Validator chain node responsible for producing new blocks & attesting in the chain Setup your metamask wallet and ensure that there is 32 ETH in your wallet for staking Generate Validator public / private key pair and copy/paste deposit data (32 ETH) linked to your key in the Prysm project Wait for activation (waiting queue) until processed and activated (Few days) Setup docker on your PC. Install Prysm Validator and beacon chain docker images Setup of Validator Node Role of Validator Node If A wants to transfer Crypto to B. Once he does the transfer from his wallet to B wallet The transaction message is sent to the network to all the nodes (part of transaction poo l/ mempool Nodes run validity checks on the transactions.like ensuring the funds are still available, the output is not exceeding the input, the signature is valid, etc Start Validator client and deposit beacon chain deposit (32 ETH) on the ETH network via smart contract Setup and run Beacon Chain node and sync the blockchain Validators try to add a candidate block to the largest chain after the last valid block by solving a complex math problem (Proof of work) From the transaction pool the validator chooses the transactions 1st with the highest gas/transaction fees Other validators solving other tranasactions will add to the last block basis the speed at which the last block was added. If A was added 1st then validators will add to Block A and B will be discarded.(Longest chain rule) There may be multiple validators trying to solve a single transaction and both candidates will be added to the chain A B A
Proof of Work vs Proof of Stake vs Proof of Authority Proof of Work Proof of Stake To add block to the chain, miners must compete to solve a difficult puzzle using their computers processing power New method proposed –There is no competition as the block creator is chosen by an algorithm based on the user stake Any miner can attempt to solve the puzzle.The first miner to solve the puzzle is given a reward for their work There is no reward for making a block, the block creator/validator takes a transaction/gas fee. Requires mining equipment. Can create mining groups who agree to share mining rewards in proportion to contributed mining power. No equipment necessary. More cost effective. Uses less power and better for the environment To add a malicious block/fraudulent transaction, you will have to have computing power more than 51% of the network In order to add a malicious block, you will have to own 51% of all the cryptocurrency on the network (practically impossible) Mining pools - Foundry US17.2%, AntPool-14.8%, F2 Pool-14.6%, BinancePool -11.4% have 51% of compute power making it more centralized More decentralized and is based on how much money is staked. Rich get richer. Ideal for private network solution(permissioned blockchain) instead of a public blockchain solution Proof of Authority Validators are pre-approved by a group of “authorities” to verify transactions and build new blocks Grants a few blockchain players the authority to validate network transactions and update its broadly distributed registry low transaction cost provided by PoA- based systems. requires fewer message exchanges and less overhead In order to add a malicious block, you will have to compromise 51% of the validator nodes
What is DeFi • DeFi refers to the infrastructure, processes, and technologies used to democratize financial transactions. • No Centralized institutions, No High fees, No trusted 13rd party • No limits to what you can do regarding lemding, borrowing or what business you are in • DeFi is based on Cryptography, Blockchain and SmartContracts • DeFI is currently based on 6 pillars • Stablecoins - like USDC, Tether are based on the price of the dollar. Each USDC is backed by one dollar or asset with equivalent fair value, which is held in accounts with US regulated financial institutions. • Lending & Borrowing via Smart Contracts • Decentralized exchanges – Exchange one cryptocurrency for another (e.g. uniswap) • Insurance – Anyone can become an insurer by setting up a smartcontract with conditions on the premium, when the insurance should be paid(which conditions) using oracles as data sources, etc. • Derivative / Margin Trading – Can use it for margin trading with no pre- requisites like min amount of money for margin trading or prove who you are , low fees, unlike centralized Finance • Governance of Crypto Projects – DAO. Everyone who is part of DAO has a vote on which projects should be passed DeFi DAO Stable Coins Lending & Borrowing DeCentral Exchange Insurance MarginTrading Governance of DAO
WHAT ISWEB 3.0 • Today, major corporations collect and store our data and sell it to advertisers.And this has made these corporations powerful and the internet centralized. • Websites should not treat their users as products. Instead, they should provide ownership of data back to their users. • The data should be secured cryptographically, and the website and service should equally prioritize every user’s privacy. • Web 3.0 is the 3rd generation of internet which will bring an open, transparent and decentralized era (using blockchain) of the internet where everyone is participating(user will be a node to a decentralized network) and rewarded for their participation. • The metaverse is a single, universal and immersive virtual world that is facilitated by the use of virtual reality (VR) and augmented reality (AR) headsets (but uses some underlying technology used byWeb 3 like the blockchain and NFT’s)
Difference between Web 3.0 and the Metaverse Web 3.0 Metaverse A new iteration of the internet focused on creating a decentralized web where users can own and control the assets they create A Digital space that would blend virtual augment physical reality with physically persistent virtual spaces. Uses decentralized tech like blockchains, Cryptocurrencies, NFT’s, DeFI, IPFS, semantics web Connectivity technology,(platforms like fortnite) Human Interface(e.g occulus, xbox), decentralized tech like blockchain, social experiences (avatars/merchandise), creator economy Applicable throughout the web (for e.g.Atlas.Work, D.Tube, Audius, Filecoin, Secretum, etc) Still under development and potential areas under scrutiny
Web 2.0 and Web 3.0 technologies Browser Web 2.0 apps Web 3.0 Dapps Storage Video calls Gateway Platform Social NW Messaging Remote Job Brave is a privacy- focused browser, which automatically blocks online advertisements and website trackers in its default settings. It also provides users the choice to turn on optional ads that pay users for their attention in the form of Basic Attention Tokens (BAT) cryptocurrency. IPFS allows users to host and receive content in a manner similar to BitTorrent. As opposed to a centrally located server, IPFS is built around a decentralized system of user-operators who hold a portion of the overall data, creating a resilient system of file storage and sharing. Experty is a blockchain based full de centralized calling platform that collects decentralized wisdom thanks to pools of industry professionals to make it accessible and trusted for everyone. Kowledge providers receive instant payment via crypto Esentia acts as a gateway between both worlds(centralized web and decentralized web), connecting apps, dApps, assets, devices, storage etc into one easy interface. You can use this app for your identity into the decentralized web apps like D.Tube, Steenit, brave, storage like IPFS, crypto exchanges, wallets, status, etc Steemit is designed as a decentralized application built upon the Steem blockchain, using its cryptocurrency STEEM to reward users for their content. By voting on posts and comments, users get to decide the payout of those posts. Users also get so called "Curation Rewards" for finding and upvoting content that gets upvoted by other users afterwards Status is an Android and iOS app that combines a peer-to- peer instant messenger with a crypto wallet and Web3 browser. Status uses an open-source, peer-to-peer protocol, and end-to-end encryption to protect your messages from third parties. Keep your private messages private with Status. Doesn’t use phone nos or user names. Uses chat keys Ethlance is a first completely decentralised freelance platform with 0% service fees. The platform is running on Ethereum blockchain with payments being made in Ether cryptocurrency
Web 3.0 Architecture • No centralized DB stores the application state, no centralized web server where the backend logic resides. Uses Decentralized storate like IPFS/SWARM to store the logic and state. • Leverages blockchain to build apps on a decentralized “state machine” that’s maintained by anonymous nodes • Write smart contracts that define the logic of applications & deploy them onto the decentralized state machine using high-level languages like Solidity and Vyper • Front end defines the UI logic, but also communicates with the application logic defined in smart contracts • Every node in the network keeps a copy of all states on the state machine, including the code & data associated with every smart contract. • Publishing a new post requires the user in Dapp to sign the transaction with their private key after which the Dapp relay the transaction to the blockchain • Also since users need to pay extra everytime their transaction requires a new state, for storage apps use a decentralized off-chain storage like IPFS • Querying data on the blockchain is not easy and hence graph protocol is used for indexing data, define which smart contracts to index. • Blockchain is not scalable (right now). Hence we use Polygon which uses a secondary chain/sidechains for validating and updating tranasactions. • Since building your own node takes time and effort, people use services like Infura or Alchemy to manage node infrastructure rather than running a full node yourself Browser Internet FrontEnd Javascript/HTML/CSS Provider Alchemy/Infura Blockchain Smart Contract Smart Contract IPFS/SWARM/ Dectrnalized DB Polygon Sidechain Signer (Metmask)
IPFS – InterPlanetary File System • IPFS uses content based addressing rather than location-based addressing • when any data is uploaded on an IPFS network, it returns a Hash and the data is then requested using that hash • Data is distributed and replicated throughout the network which leads to data permanence. While requesting data it searches for the nearest copy of that data which leads to high latency and overcomes any bottleneck points • when any data is uploaded on an IPFS network, it returns a Hash and the data is then requested using that hash • Distributed Hash Table (DHT) is used to store and retrieve data across nodes in the network. • Every node on the network is identified using a NodeID which is nothing but the hash of its public key. • Each node maintains a DHT which is used to find out Ids of other peers on the network and what data those peers can serve. • For webapps, IPFS aims to ensure that you don’t trust one single source, there is more than one place where your content is hosted and also from a security side, no one can modify your content because its decentralized Current Disadvantages • IPFS nodes have no incentive to keep files readily available. Hence Not many people tend to set up their own node leading to the shortage of nodes on the network IPFS IPFS IPFS Node with content Common Peer Requesting Peer Hey I have this content Hey who has this content Yes, I know who has it Developer End user IPFS Common Peer Yes, I know who has it
NFT’s – Non FungibleTokens • In the physical world, we know that the original painting of the MonaLisa is in the Louvre Museum. In the digital world, you can’t tell if the art you’re looking at is original. • NFT’s are digital asset that represents a unique not-interchangeable item that cannot be replaced or exchanged (Unique, Irreplaceable assets) that live on the blockchain • For e.g. a fungible tokens are dividable and can be changed into smaller units like 100$ bill can be changed into five 20$ bills. A MonaLisa painting cannot be divided into smaller units, even if copies are made they are not authentic. • Most prominent use cases of NFTs - In-game assets, digital art, and collectibles • However NFT’s can link physical assets such as proof of ownership of a house or other property to a blockchain network. • NFTs works like a fingerprint which makes it easy for the system to verify ownership (who owns and who sold it) • The owner/Creator may also store information like embeding a signature on their artwork by inserting it into the NFT metadata. • NFTs are run by smart contracts which govern the various actions such as: • Verifying ownership, what actual rights are being sold, Handling the transferability • NFTs are also programmed to go beyond basic functions. These functionalities include link to other digital assets, no of times you can view/access, handling royalty payments, etc • They can also trace the unique history of the asset on how they were developed and linked to creative work, this would be available on public blockchains. • In 2021, NFT art sales reached 1.5 million per month counting 11 million in 2021 Seller signs up and creates a crypto wallet Seller creates & uploads digital object and & generate a CID using Pinata, uplioad the metadata (Json file with CID) to IPFS Seller creates a smartcontract & conditions for selling the NFT Seller creates a smartcontract with CID of metadata as base URI & conditions for selling the NFT linked to Sellers EtherWallet Buyer reviews artwork on sites like OpenSea, reviews the price and buys NFT or gives counteroffer. Checkout and sign the transaction. Pay the “gas fees” using your metamask wallet once the payment is received the ownership rights are transferred on the blockchain Validate the transfer on Etherscan SmartContract reviews if conditions are met and then automatically transfers the NFT basis your sign
Ronin Network Hack Sky Mavis - Game Developer Axie Infinity NFT Game NFT Axie Token NFT Pay to play to earn game Ronin Network – Ethereum Sidechain Validators Ronin Bridge – Bridge to move funds from Ethereum blockchain to Ronin Network Ethereum Blockchain – Slow & High Gas fees • Axie Infinity is a NFT online game using Ethereum-based cryptocurrencies. • Players collect & mint NFTs that represent digital pets known as Axies. • Axies can be bred and battled with each other within the game. • Sky Mavis charges a 4.25% fee when players trade Axies on its marketplace. • Game is built on the Ronin Network & uses Proof of Authority for consensus • Only 9 validators(chosen & Trusted members) - 5 are required to validate a transaction (51% of the network validators) • In 2021, Axie DAO gave access to Sky Mavis to sign off on transactions on its behalf to mitigate user volume. • In March 22, hackers stole ~ US$620 million of cryptocurrency from the project using a Spearphishing /Social Engineering attack where they got access to SkyMavis 4 validator nodes. They leveraged the attack to gain access to Axie DAO validator node via a vulnerability/backdoor in a gas-free RPC node. • Got access to private keys of validator nodes resulting in the compromise of five validator nodes (out of nine), which is also the threshold required to approve a transaction. • Hackers replaced the 25.5 Million USDC (stable coin) to ETH • They then via numerous addresses/wallets moved a portion to centralized exchanges like Huobi, FTX and Crypto.com. A mistake since centralized exchanges do KYC and transactions can be traced • Then the group moved the cash to Tornado Cash which is a mixer to anonymise the transactions
Ronin Network Hack Tornado Cash Mixer (Anonymises transactions) Hacker Centralized Exchange Centralized Exchange • ETH was sent to Tornado Cash sending to multiple addresses and then to Tornado cash and laundering 1000's of ETH per day. By 18th April they had laundered 18% of the stolen funds. • On 14th April OFAC updated its SDN (Specifically Designated Nationals) list to state that a particular state sponsored group was the recipient of the Ronin Bridge attack. • SDN included sanctioned wallets/addresses which on 15th April, Tornado Cash said they would block funds being received from • The hacker then started moving funds via non sanctioned addresses laundering around 20K ETH per day. • On 6th of May OFAC sanctioned another bitcoin mixer Blender.io which has been used to facilitate money laundering. It was used to launder 20.5 million of the stolen Ronin funds. By 6th May all stolen ETH were laundered via Tornado Cash How Tornado Cash mixer works • Tornado Cash works as a mixer where transactions are anonymized. • Each sender registers with Tornado Cash and links their wallet and deposit funds. Tornado cash will generate a hash for you. This is your identifier to TornadoCash and verifies you as owner of the deposit • Each sender puts in an equal amount in blocks of .01 ETH, 1, 10 or 100 ETH. Tornado • Tornado Cash then sends the ETH to a central address (vault). No one controls this address, it is controlled by the smart contract. • You can then withdraw the ETH to a new wallet basis the identifier. The funds in the new wallet are not linked to the old wallet so no traceability Tornado Cash vault where all ETH of senders are held here ETH received on new wallets withno reference to sender wallets Merkle tree keeps track of the deposit hashes Zk-Snark verifies the withdrawer has valid proof for the merkle tree
General learning of the attack • Hack happened on 24th and was discovered only on 29th of March as per the company. – No red flags/monitoring of large transactions leaving the network. Monitoring should include • Number of validators less for the amount of Crypto held by Ronin Network. – Just 9 validators which require 5 to be compromised • Keys not secured - Unencrypted keys stored on the cloud • No regular security cadence - Work machines should not be used for personal work with no backdoors and patched regularly to access the validator nodes • Have a proof of stake model to incentivize security by validators keeping a stake instead of a proof of authority model. What they did post the attack to mitigiate security risks • Migrated old nodes, which is completely separated from old infrastructure • Expanding their amount of validator nodes up to 21 • The Ronin Network bridge will open once it has undergone a security upgrade and several audits (Verichain, Certik) • Strong Key Management practices – Not known what is being done here • Keep a retainer forensics company like Chainalysis and Crowdstrike to recover any stolen Crypto • SkyMavis has introducted a bugbounty program • Large transactions or high frequencies of transactions in short time • Moving or accepting crypto to high risk countries • Multiple transactions below radar amounts • Monitoring accounts which have inadeqte KYC Monitoring • Choose the right model depending on the type of blockchain like Proof of Stake instead of Proof of Authority on permissionless networks • Ensure large no of validator nodes are present to validate transactions • Ensure Keys are not stored in plaintext and there are strong key management practices OR • Keep the private key in plaintext on a remote signer server and use a KMS to talk to the main Validator Right Model Security Cadence • Ensure nodes are secured. 2FA used with SSH to access nodes • Limit access to validator nodes • Patch systems regularly so that there are no vulnerabilities/backdoors • Have an audit firm review architecture and systems periodically • Keep a retainer firm to trace and track stolem funds • Possibly incorporate a bugbounty program
THANKYOU

More Related Content

PDF
Criptografia RSA
byKhayla Elias dos Santos
 
PDF
Blockchain and Decentralization
byPriyab Satoshi
 
PDF
Building AR & VR Applications using React Native
byNader Dabit
 
PDF
Disadvantages of Blockchain
by101 Blockchains
 
PPTX
Blockchain and distributed ledgers
byRobin Teigland
 
PDF
8 Decimal Capital Security Token Industry Overview
byKadeemClarke3
 
PPTX
Solidity
bygavofyork
 
PDF
Secure electronic transaction (set)
byAgnė Chomentauskaitė
 
Criptografia RSA
byKhayla Elias dos Santos
 
Blockchain and Decentralization
byPriyab Satoshi
 
Building AR & VR Applications using React Native
byNader Dabit
 
Disadvantages of Blockchain
by101 Blockchains
 
Blockchain and distributed ledgers
byRobin Teigland
 
8 Decimal Capital Security Token Industry Overview
byKadeemClarke3
 
Solidity
bygavofyork
 
Secure electronic transaction (set)
byAgnė Chomentauskaitė
 

What's hot

PPTX
LCP: アクセシビリティと 両立する著作権保護DRM
byMakoto Murata
 
PDF
Secure Your Encryption with HSM
byNarudom Roongsiriwong, CISSP
 
PDF
Introduction to Blockchain
byMalak Abu Hammad
 
PDF
科普区块链
bySchubert Zhang
 
PPTX
What is Block chain
byAman Vats PMP®
 
PPTX
NFT Marketplace Development
byzaarahary
 
PDF
Web3 School
byTaiki Narita
 
PPTX
Blockchain 101 by imran bashir
byImran Bashir
 
PPTX
Blockchain 2.0
byJérôme Kehrli
 
PPTX
Blockchain ppt
byWajihawaseem
 
PDF
Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...
byEdureka!
 
PPTX
Blockchain
bySoftware Infrastructure
 
LCP: アクセシビリティと 両立する著作権保護DRM
byMakoto Murata
 
Secure Your Encryption with HSM
byNarudom Roongsiriwong, CISSP
 
Introduction to Blockchain
byMalak Abu Hammad
 
科普区块链
bySchubert Zhang
 
What is Block chain
byAman Vats PMP®
 
NFT Marketplace Development
byzaarahary
 
Web3 School
byTaiki Narita
 
Blockchain 101 by imran bashir
byImran Bashir
 
Blockchain 2.0
byJérôme Kehrli
 
Blockchain ppt
byWajihawaseem
 
Blockchain Training | Blockchain Tutorial for Beginners | Blockchain Technolo...
byEdureka!
 
Blockchain
bySoftware Infrastructure
 

Similar to Blockchain, Hyperledger, DeFi, Web 3.0 - understanding and concepts

PPTX
BlockchainConf.tech - Build a private blockchain workshop
byPad Kankipati
 
PPTX
Blockchain Technology
byRashi Singh
 
PDF
Blockchain Presentation
byZied GUESMI
 
PPTX
UNIT 1 (1).pptx of block chain technologies
by2k5preethi
 
PPTX
Idea To IPO Blockchain Slides
byRoger Royse
 
PPTX
1 - Introduction to Blockchain Technology.pptx
byAugustine Malamsha
 
PPT
Blockchain
byNaveen Kumar Neelam
 
PPTX
introduction to blockchainfor fintech.pptx
byrevathi148366
 
PPTX
Block chain
bygehad hamdy
 
PPTX
Block chain introduction to the world and how we can utilise it
byMichealDsouza1
 
PPTX
Block chain introduction to the world and how we can utilise it
byMichealDsouza1
 
PPTX
Blockchain Technology
byNimmy Solomon
 
PPT
Module 1.ppt basic of blockchain what is blochain ,types
byshruthig40
 
PPTX
Blockchain Blockchain Blockchain Lec 1.pptx
bynsyd08384
 
PDF
Blockchain
byVenkatesh Jambulingam
 
PPTX
Abhishek jaiswal blockchain
byAbhishek Jaiswal
 
PDF
The presentation on the Blockchain_Introduction_KR.pdf
bynehapatil1600
 
PPTX
UNITy8 human computer interac5ion-1.pptx
byKrishnaAggala
 
PDF
Introduction to Blockchain
byMuhammad Moinur Rahman
 
PPTX
A Quick Start To Blockchain by Seval Capraz
bySeval Çapraz
 
BlockchainConf.tech - Build a private blockchain workshop
byPad Kankipati
 
Blockchain Technology
byRashi Singh
 
Blockchain Presentation
byZied GUESMI
 
UNIT 1 (1).pptx of block chain technologies
by2k5preethi
 
Idea To IPO Blockchain Slides
byRoger Royse
 
1 - Introduction to Blockchain Technology.pptx
byAugustine Malamsha
 
Blockchain
byNaveen Kumar Neelam
 
introduction to blockchainfor fintech.pptx
byrevathi148366
 
Block chain
bygehad hamdy
 
Block chain introduction to the world and how we can utilise it
byMichealDsouza1
 
Block chain introduction to the world and how we can utilise it
byMichealDsouza1
 
Blockchain Technology
byNimmy Solomon
 
Module 1.ppt basic of blockchain what is blochain ,types
byshruthig40
 
Blockchain Blockchain Blockchain Lec 1.pptx
bynsyd08384
 
Blockchain
byVenkatesh Jambulingam
 
Abhishek jaiswal blockchain
byAbhishek Jaiswal
 
The presentation on the Blockchain_Introduction_KR.pdf
bynehapatil1600
 
UNITy8 human computer interac5ion-1.pptx
byKrishnaAggala
 
Introduction to Blockchain
byMuhammad Moinur Rahman
 
A Quick Start To Blockchain by Seval Capraz
bySeval Çapraz
 

Recently uploaded

PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
PDF
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
PDF
AI Vector Search Best Practices Multicloud Feb 2026
bySandesh Rao
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
AI Vector Search Best Practices Multicloud Feb 2026
bySandesh Rao
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Workflow and decision Automation with Flowable
bychakib ch
 
apidays New York 2025 | AI in Application Security
byapidays
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 

Blockchain, Hyperledger, DeFi, Web 3.0 - understanding and concepts

  • 1.
    BLOCKCHAIN, HYPERLEDGER,WEB 3.0 UNDERSTANDINGAND CONCEPTS Pradeep Keith Fernandez – CISSP, CISA, CIPT Disclaimer:All the content that is presented in these slides are content from various articles, youtube videos and magazines on the internet. I have just summarized my thoughts basis this understanding and is meant for educational purposes for those that wish to learn more on these topics.These thoughts, opinions and understanding are solely my own and do not represent in any way anybody or any organization that I am associated with.
  • 2.
    Blockchain and Keyelements • A blockchain is a distributed ledger that is open to anyone that facilitates the process of recording transactions and tracking assets in a business network • It is a system in which a record of transactions are maintained across several computers that are linked in a peer-to-peer network • A blockchain collects information together in groups, known as blocks, that hold sets of information. • Blocks have certain storage capacities and, when filled, are closed and linked to the previously filled block using the hash of the previous block, forming a chain of data known as blockchain • If one user tampers with a block’s record of transactions, all other nodes would cross- reference each other and easily pinpoint the node with the incorrect information. • Blockchain is ideal for delivering faster, reliable and accurate information because it provides immediate, shared and completely transparent information stored on a distributed immutable ledger that can be accessed only by network members Nodes & Blocks • A block contains collection of records or transactions for e.g. A pays B 50$, Y pays B 15$. • A block can hold a certain no of transactions only(~400 for ETH and ~1500 for Bitcoin) and block size for bitcoin is 1 MB • To participate in the blockchain, every user needs to have a node/device running • Nodes are connected to each other & exchange the newest information on the blockchain with each other • A block has a header and body where the hash of the previous block is stored along with the hash of the current block. The body contains the list of transactions solved in the block. • Adding a block to the blockchain takes roughly 10 minutes for Bitcoin and the algorithm changes whenever computing power increases to keep this status quo at 10 minutes Block Blockchain Benefits • Decentralied • Greater Transparency • Instant traceability • Faster • Security & Privacy • Automation
  • 3.
    Blockchain - Mining Mining(Proof of Work consensus) • To add a block to the blockchain, there is a process called mining (proof of work model). • There are nodes running across the globe and miners CAN validate the transactions for a block within seconds. • After a block is mined, it takes time for other miners to find out about it, and until then they are actually competing against the new block instead of adding to it and multiple miners can attempt to add a block to the last valid block and can lead to chain splits. • For e.g. a miner in Canada may add a block after validating the transactions at the same time a miner in Australia may validate & add a block as well. The information about the new block takes some time to propograte to different regions and some may get info that the Canada miner block is valid and add further blocks to that. While others may see the Australia miners block added and will start adding blocks to that leading to forks or chain splits. • To ensure that there is sufficient time for a validated block to propagate to multiple nodes bitcoin algorithm requires a cryptographic hash to be solved which takes ~10 mins, post which a miner can add a block. A pays B 50$ C pays Y 100$ Y pays Z 10$ The transaction messages is sent to the network to all the nodes (part of transaction pool/ mempool These transactions are unvalidated. Miner Nodes pick up bunch of transactions run validity checks etc To transfer money, the private key of A is used to sign the transaction which delivers proof that the money has come from owner Miners need to solve a hash which takes 10 mins to solve Once a miner has solved the hash function, it will add the block with the nounce that solved the hash function Other miners can thus verify that the nounce is valid, and will then solve other transactions in the transaction pool adding to this new block
  • 4.
    Blockchain – Hashingalgorithm • To prove that we have mined the block first, we have to solve a hash and get an output with an x no of zeros at the end of the hash. The input for the hash e.g. will be the transactions in the hash like X pays 50$ to Y, Y pays 15$ to Z and Z pays 5$ to B along with a nounce to get a hash output where the no of 0’s • We have to keep adding a random number to this input to get x no of zeros in the hash output. This may take significant computing power and time to solve. • For e.g. to get a hash for 1 zero it may take a few iterations, however to get a hash of 2 zero’s it may take hundreds of tries. • To get a hash of 17 zero’s will require huge no of retries with different random numbers. In case the computing power increases of the miners where hashes can be solved in less than 10 mins, the algorithm may be made more difficult to get more than 17 zero’s in the hash output • Once we get x no of zeros at the end of the hash, we say the block is solved and verified. The number added to the input to get x no of zeros in the hash output is called the nounce. • A block consist of a header and a body. The header contains the hash of previous block, timestamp, nounce and the merkle root. The body has the transaction data. • Blocks confirm the exact time and sequence of transactions, and the blocks link securely together to prevent any block from being altered or a block being inserted between two existing blocks • Once the hash is solved, other nodes in the network will understand that they need to add to this block. X paysY 50$,Y pays Z 15$, Z pays B 5$ Transactions in block Add random number to generate hash with x no of leading zero’s in hash X paysY 50$,Y pays Z 15$, Z pays B 5$ + random number 68e656b251e67e8358bef8483ab0d51c6619f3e7a1a9f0e75838d41ff368f728 Hash ouput 0000000000000000058bef8483ab0d51c6619f3e7a1a9f0e75838d41ff368f728 Accepted Hash ouput
  • 5.
    Blockchain permissioned vspermissionless • There are different kinds of blockchains that have evolved from the 1st generation blockchain that was bitcoin which is a public blockchain. • Bitcoin purpose was basically an electronic payment system allowing any two willing parties to transact with each other without the need for a trusted 3rd party. This form of blockchain was a public network blockchain or permissionless blockchain. • A private blockchain is a restricted network that only certain members that are allowed to join will have access and can participate in the network. • A Hybrid blockchain brings the best of both public and private blockchains combing the transparency of a public blockchain along with the security and speedof a private blockchain. A node in the hybrid blockchain will have a public state and a private state. The private state is decided between 2 ore more nodes basis what business they want to carry on between themselves. Don’t need to setup another blockchain if an enterprise wants to do business with another 3rd party. They can just create a private subnetwork to share sensitive information while they are already part of the overall public but closed network. • A consortium blockchain has multiple organizations that maintain the system • It’s a permissioned network like a Private blockchain but offer a decentalized structure like a public blockchain where each organization receives similar treatment and keeps things transparent. No single entity ruling over the network.There are technology and Business type consortium blockchains. • Hyperledger is a Tech based Consortium blockchain. Business type consortium blockchains offer solutions in Banking, Supplychain (like IBM food trust), etc Public Private Hybrid Consortium Larger network size, more difficult to hack the network. All nodes have a copy of the ledger. Anyone can join. Slow Closed network. Used by enterprises. Transactions are executed faster. More centralized, however due to fewer nodes, susceptible to security breaches. Used for solutions like supply chain mgmt Uses permissioned consensus mechanism for faster transactions and chepaer cost. Network has a public state. However enterprises can host subnetworks where data is private between company A & B where they share sensitive financial data, Over the public newotk they can share basic data. Permissioned network like a Private blockchain but offer a decentalized structure like a public blockchain
  • 6.
    HyperLedger - Fabric •In 2016, the Linux Foundation launched Hyperledger to democratize and standardize Blockchain for the business world. Hyperledger is an open-source collaborative effort created to advance cross-industry blockchain technologies • Allows organizations to build custom Blockchain apps to cater to their specific business needs. • HyperLedgers has multiple frameworks like Fabric, Burrow, Sawtooth, Grid, etc Fabric • Hyperledger Fabric is a permissioned Blockchain infrastructure with a modular architecture wherein there’s a delineation of roles between the nodes in the infrastructure, the execution of smart contracts, along with configurable consensus and membership services. • In a Fabric network, there is a membership service that handles identity for users transacting via a digital certificate. The certificate is used to sign transactions and submit them onto the blockchain as well as basis their identity access permissions are provided to perform certain transactions. • The CA is a pluggable module and you can use the Fabric CA or an external CA • Client Apps are written in any language like node.JS, Python and Java and interact with the blockchain network via SDK’s/Hyperledger Fabric client. • There are different peer nodes called endorsers and committers. An organization can run multiple peers and there could be multiple organizations as part of the network Client App SDK HFC External CA Fabric CA Membership Services Endorser Peer Committer Peer Blockchain ChainCode Events World State peer HyperLedger Fabric Network Ordering Service Endorsment Policy BESU BURROW FABRIC INDY SAWTOOTH Different types of Hyperledger's
  • 7.
    HyperLedger – FabricConsensus Flow Fabric Consensus flow • Client app proposes a transaction and wants to invoke a particular function of the smartcontract. The input from the client app is sent to the endorser peers • Endorsers are responsible for executing the transcation and signing(using its certificate to sign the transaction) saying this is the output of the transaction and I agree with it. • If all endorsment peers endorse a transaction, the client app is going to receive these read/write sets, which is sent to ordering once there are sufficient signatures • There could be multiple client apps that are submitting transactions to the ordering service • The ordering service will ensure that there is an order to the transactions and ordered across all the nodes basis the timestamp • So ordering service will say transaction A, B, C are in block 948 and transaction X,Y, Z are in block 949 to all nodes to follow that and maintain consistency in the network. • Post ordering where the block is sent to all nodes, the validation is done, for e,g, double spending validation or there could be chances that not all endorsers endorsed the transaction. • Verifications on the read/write set is performed by all the peers (endorsers and committer and mark transactions as valid or invalid. • Only the valid write transactions will be updated in the world state along with a new version number. The world state is implemented as a database. • The world state version number is for internal use by Hyperledger Fabric, and is incremented every time the state changes. The version is checked whenever the state is updated to make sure the current states matches the version at the time of endorsement. • There are different events that are generated and client apps can register to be notified when transactions fail or succeed and when blocks are added to the ledger. Committing peers will notify applications of such events Propose TX Endorse Order Validate Commit HyperLedger Fabric consensus flow Client App SDK HFC External CA Fabric CA Membership Services Endorser Peer Committer Peer Blockchain ChainCode Events World State peer HyperLedger Fabric Network Ordering Service Endorsment Policy
  • 8.
    SmartContracts • A smartcontract is self-executing code that carries out a set of instructions, which are then verified on the blockchain • They are trustless, autonomous, decentralized, and transparent meaning they can reduce or even eliminate the need for third-party intermediaries • The code defines the mechanisms of the transaction and is the final arbiter of the terms. If something happens then something else happens (if/when…then) • A state variable is defined which is stored in the blockchain. For e.g. a state variable for an baggage claim smart contract will be the no of bags user has onboarded on a flight. • Once a condition is met, the contract is executed immediately basis the condition set. For e,g. State can change basis user accepting that they have received their bags or not received their bags. • If user has received their bags, state is updated basis API/Delivery notifcation and transaction is updated on the blockchain. • If he has not received his bags, the smartcontract can use functions to decide the next course of action like paying the user for lost baggage, etc User purchases a product Write smart contract in Solidty Ecom provider sends package via logistics company Smart contract is written by ecom company that once the package is delivered and confirmed by the user, will the delivery company receive the money Create a state variable on current state and assign it to a function Deploy the contract using Truffle and Embark, Ethereum studio and test the contract When the condition is met the smartcontract is executed on the blockchain logistics company delivers package to customer Customer confirms he has received the package
  • 9.
    SideChains & Layer2 scaling solution (off-chain) • Layer 2 scaling solutions are built on top of Main chain using existing elements like smart contracts • Main chains are really slow and if we try to speed them up they arent as secure or as safe. Also transaction/gas fees are very high on the main chain with validators/miners solving only high worth transactions keeping many transactions pending. • There is a tradeoff between security, decentralization and speed of transactions • Scalability shouldn’t come at the expense of Security and Decentralization so its best to use layer 2 scaling and not compromise on security in the main chain Sidechain • Sidechains are a seperate blockchain that is connected to another blockchain (main blockchain) through 2 way peg to process some of the data from the main blockchain • Sidechains are responsible for their own security & need their own validators/miners and own consensus mechanism • Polygon is an Ethereum sidechain which uses the same EVM for the sidechain, so contracts deployed on the main chain can be directly deployed on the side chain 2 way peg • When you move your token from the main chain to the side chain, you need to lock them up in the main chain so they they are not available on both chains • Locking them up means these funds go to a wallet or contract that is controlled by the machine. After locking them up the funds are transferred to the side chain • When you want to move coins back from the side chain to the main chain you destroy your tokens on the side chain and you get to release your funds on the main chain Federation • A federation is the middleman in charge of locking and releasing funds between the 2 chains • Federations are usually code, while some are controlled by the sidechain's organization • The federation is in charge of whatever is locked up is exactly on the sidechain Main Chain Slow, High Gas fees, More Secure & Decentralized Side Chain Fast, low gas fees, less decentralized Locking up releasing Wallet controlled by a machine Released tokens are destroyed on sidechain at release
  • 10.
    Writing Smart Contracts •Solidity is used to write smart Contracts using a .sol extension. Use the pragma to tell the compiler what version of solidity to use • Then use the contract keyword to define the details about the smart contract (like a class in c++) • Inside the contract we define the state or variables where the value might change through the lifecycle of the contract • It also has datatypes like address to hold a 20 byte Ethereum address • The struct keyword allows to construct more complex data types to define the different entities in the contract • Use the function keyword to define executable blocks of code which may be called upon sometime to modify the state of the contract • Can also define a constructor that is called once the contract is first created. Once the constructor is executed the code will be deployed on the blockchain • Once completed you can compile your smartcontract and use it programitcally with an API of choice like web3.js pragma solidity ^0.8.7; Contract MyContract { string public hello = “Hi” address payable public seller; address payable public buyer; struct Order { string description; bool completed } Function confirmOrder() public { buyer = payable(msg.sender); } Constructor(string memory _text) { | hello = _text } }
  • 11.
    Validator Nodes • Earlierin Ethereum 1, there were miners to validate transactions once a block has been updated on the blockchain. In Ethereum 2.0 (beacon chain) this is replaced by validators. • A validator node is a special type of full node that participates in “consensus.” By participating in consensus, validator nodes become responsible for verifying, voting on, and maintaining a record of transactions. • To become a validator, you must setup a node on the blockchain. Have 32 Ether(~50K USD) as stake money. Validators stake their Ethereum cryptocurrency to confirm transactions on the network. They risk money in order to do that. Its an incentive to act honestly. If you confirm a transaction that’s valid then you get a passive income reward for doing that. If you act dishonestly then you lose money. • Validator nodes underpin the security of any blockchain or DLT network. That is why it is of vital importance to ensure that validator nodes remain both performant and trustworthy. • A node must first register with the network and sync the blockchain to become a validator. This allows token holders to stake (“delegate”) tokens to it and lets the network know that the node wishes to be considered for inclusion in the validator set. Registered nodes will be visible on both the Radix Explorer website and the Desktop Wallet. • On the Olympia release of the Radix Public Network, there is a maximum of 100 validator nodes at a time. These are selected based on the amount of stake XRD token holders have delegated to them.
  • 12.
    Validator Nodes Setup Validatorchain node responsible for producing new blocks & attesting in the chain Setup your metamask wallet and ensure that there is 32 ETH in your wallet for staking Generate Validator public / private key pair and copy/paste deposit data (32 ETH) linked to your key in the Prysm project Wait for activation (waiting queue) until processed and activated (Few days) Setup docker on your PC. Install Prysm Validator and beacon chain docker images Setup of Validator Node Role of Validator Node If A wants to transfer Crypto to B. Once he does the transfer from his wallet to B wallet The transaction message is sent to the network to all the nodes (part of transaction poo l/ mempool Nodes run validity checks on the transactions.like ensuring the funds are still available, the output is not exceeding the input, the signature is valid, etc Start Validator client and deposit beacon chain deposit (32 ETH) on the ETH network via smart contract Setup and run Beacon Chain node and sync the blockchain Validators try to add a candidate block to the largest chain after the last valid block by solving a complex math problem (Proof of work) From the transaction pool the validator chooses the transactions 1st with the highest gas/transaction fees Other validators solving other tranasactions will add to the last block basis the speed at which the last block was added. If A was added 1st then validators will add to Block A and B will be discarded.(Longest chain rule) There may be multiple validators trying to solve a single transaction and both candidates will be added to the chain A B A
  • 13.
    Proof of Workvs Proof of Stake vs Proof of Authority Proof of Work Proof of Stake To add block to the chain, miners must compete to solve a difficult puzzle using their computers processing power New method proposed –There is no competition as the block creator is chosen by an algorithm based on the user stake Any miner can attempt to solve the puzzle.The first miner to solve the puzzle is given a reward for their work There is no reward for making a block, the block creator/validator takes a transaction/gas fee. Requires mining equipment. Can create mining groups who agree to share mining rewards in proportion to contributed mining power. No equipment necessary. More cost effective. Uses less power and better for the environment To add a malicious block/fraudulent transaction, you will have to have computing power more than 51% of the network In order to add a malicious block, you will have to own 51% of all the cryptocurrency on the network (practically impossible) Mining pools - Foundry US17.2%, AntPool-14.8%, F2 Pool-14.6%, BinancePool -11.4% have 51% of compute power making it more centralized More decentralized and is based on how much money is staked. Rich get richer. Ideal for private network solution(permissioned blockchain) instead of a public blockchain solution Proof of Authority Validators are pre-approved by a group of “authorities” to verify transactions and build new blocks Grants a few blockchain players the authority to validate network transactions and update its broadly distributed registry low transaction cost provided by PoA- based systems. requires fewer message exchanges and less overhead In order to add a malicious block, you will have to compromise 51% of the validator nodes
  • 14.
    What is DeFi •DeFi refers to the infrastructure, processes, and technologies used to democratize financial transactions. • No Centralized institutions, No High fees, No trusted 13rd party • No limits to what you can do regarding lemding, borrowing or what business you are in • DeFi is based on Cryptography, Blockchain and SmartContracts • DeFI is currently based on 6 pillars • Stablecoins - like USDC, Tether are based on the price of the dollar. Each USDC is backed by one dollar or asset with equivalent fair value, which is held in accounts with US regulated financial institutions. • Lending & Borrowing via Smart Contracts • Decentralized exchanges – Exchange one cryptocurrency for another (e.g. uniswap) • Insurance – Anyone can become an insurer by setting up a smartcontract with conditions on the premium, when the insurance should be paid(which conditions) using oracles as data sources, etc. • Derivative / Margin Trading – Can use it for margin trading with no pre- requisites like min amount of money for margin trading or prove who you are , low fees, unlike centralized Finance • Governance of Crypto Projects – DAO. Everyone who is part of DAO has a vote on which projects should be passed DeFi DAO Stable Coins Lending & Borrowing DeCentral Exchange Insurance MarginTrading Governance of DAO
  • 15.
    WHAT ISWEB 3.0 •Today, major corporations collect and store our data and sell it to advertisers.And this has made these corporations powerful and the internet centralized. • Websites should not treat their users as products. Instead, they should provide ownership of data back to their users. • The data should be secured cryptographically, and the website and service should equally prioritize every user’s privacy. • Web 3.0 is the 3rd generation of internet which will bring an open, transparent and decentralized era (using blockchain) of the internet where everyone is participating(user will be a node to a decentralized network) and rewarded for their participation. • The metaverse is a single, universal and immersive virtual world that is facilitated by the use of virtual reality (VR) and augmented reality (AR) headsets (but uses some underlying technology used byWeb 3 like the blockchain and NFT’s)
  • 16.
    Difference between Web3.0 and the Metaverse Web 3.0 Metaverse A new iteration of the internet focused on creating a decentralized web where users can own and control the assets they create A Digital space that would blend virtual augment physical reality with physically persistent virtual spaces. Uses decentralized tech like blockchains, Cryptocurrencies, NFT’s, DeFI, IPFS, semantics web Connectivity technology,(platforms like fortnite) Human Interface(e.g occulus, xbox), decentralized tech like blockchain, social experiences (avatars/merchandise), creator economy Applicable throughout the web (for e.g.Atlas.Work, D.Tube, Audius, Filecoin, Secretum, etc) Still under development and potential areas under scrutiny
  • 17.
    Web 2.0 andWeb 3.0 technologies Browser Web 2.0 apps Web 3.0 Dapps Storage Video calls Gateway Platform Social NW Messaging Remote Job Brave is a privacy- focused browser, which automatically blocks online advertisements and website trackers in its default settings. It also provides users the choice to turn on optional ads that pay users for their attention in the form of Basic Attention Tokens (BAT) cryptocurrency. IPFS allows users to host and receive content in a manner similar to BitTorrent. As opposed to a centrally located server, IPFS is built around a decentralized system of user-operators who hold a portion of the overall data, creating a resilient system of file storage and sharing. Experty is a blockchain based full de centralized calling platform that collects decentralized wisdom thanks to pools of industry professionals to make it accessible and trusted for everyone. Kowledge providers receive instant payment via crypto Esentia acts as a gateway between both worlds(centralized web and decentralized web), connecting apps, dApps, assets, devices, storage etc into one easy interface. You can use this app for your identity into the decentralized web apps like D.Tube, Steenit, brave, storage like IPFS, crypto exchanges, wallets, status, etc Steemit is designed as a decentralized application built upon the Steem blockchain, using its cryptocurrency STEEM to reward users for their content. By voting on posts and comments, users get to decide the payout of those posts. Users also get so called "Curation Rewards" for finding and upvoting content that gets upvoted by other users afterwards Status is an Android and iOS app that combines a peer-to- peer instant messenger with a crypto wallet and Web3 browser. Status uses an open-source, peer-to-peer protocol, and end-to-end encryption to protect your messages from third parties. Keep your private messages private with Status. Doesn’t use phone nos or user names. Uses chat keys Ethlance is a first completely decentralised freelance platform with 0% service fees. The platform is running on Ethereum blockchain with payments being made in Ether cryptocurrency
  • 18.
    Web 3.0 Architecture •No centralized DB stores the application state, no centralized web server where the backend logic resides. Uses Decentralized storate like IPFS/SWARM to store the logic and state. • Leverages blockchain to build apps on a decentralized “state machine” that’s maintained by anonymous nodes • Write smart contracts that define the logic of applications & deploy them onto the decentralized state machine using high-level languages like Solidity and Vyper • Front end defines the UI logic, but also communicates with the application logic defined in smart contracts • Every node in the network keeps a copy of all states on the state machine, including the code & data associated with every smart contract. • Publishing a new post requires the user in Dapp to sign the transaction with their private key after which the Dapp relay the transaction to the blockchain • Also since users need to pay extra everytime their transaction requires a new state, for storage apps use a decentralized off-chain storage like IPFS • Querying data on the blockchain is not easy and hence graph protocol is used for indexing data, define which smart contracts to index. • Blockchain is not scalable (right now). Hence we use Polygon which uses a secondary chain/sidechains for validating and updating tranasactions. • Since building your own node takes time and effort, people use services like Infura or Alchemy to manage node infrastructure rather than running a full node yourself Browser Internet FrontEnd Javascript/HTML/CSS Provider Alchemy/Infura Blockchain Smart Contract Smart Contract IPFS/SWARM/ Dectrnalized DB Polygon Sidechain Signer (Metmask)
  • 19.
    IPFS – InterPlanetaryFile System • IPFS uses content based addressing rather than location-based addressing • when any data is uploaded on an IPFS network, it returns a Hash and the data is then requested using that hash • Data is distributed and replicated throughout the network which leads to data permanence. While requesting data it searches for the nearest copy of that data which leads to high latency and overcomes any bottleneck points • when any data is uploaded on an IPFS network, it returns a Hash and the data is then requested using that hash • Distributed Hash Table (DHT) is used to store and retrieve data across nodes in the network. • Every node on the network is identified using a NodeID which is nothing but the hash of its public key. • Each node maintains a DHT which is used to find out Ids of other peers on the network and what data those peers can serve. • For webapps, IPFS aims to ensure that you don’t trust one single source, there is more than one place where your content is hosted and also from a security side, no one can modify your content because its decentralized Current Disadvantages • IPFS nodes have no incentive to keep files readily available. Hence Not many people tend to set up their own node leading to the shortage of nodes on the network IPFS IPFS IPFS Node with content Common Peer Requesting Peer Hey I have this content Hey who has this content Yes, I know who has it Developer End user IPFS Common Peer Yes, I know who has it
  • 20.
    NFT’s – NonFungibleTokens • In the physical world, we know that the original painting of the MonaLisa is in the Louvre Museum. In the digital world, you can’t tell if the art you’re looking at is original. • NFT’s are digital asset that represents a unique not-interchangeable item that cannot be replaced or exchanged (Unique, Irreplaceable assets) that live on the blockchain • For e.g. a fungible tokens are dividable and can be changed into smaller units like 100$ bill can be changed into five 20$ bills. A MonaLisa painting cannot be divided into smaller units, even if copies are made they are not authentic. • Most prominent use cases of NFTs - In-game assets, digital art, and collectibles • However NFT’s can link physical assets such as proof of ownership of a house or other property to a blockchain network. • NFTs works like a fingerprint which makes it easy for the system to verify ownership (who owns and who sold it) • The owner/Creator may also store information like embeding a signature on their artwork by inserting it into the NFT metadata. • NFTs are run by smart contracts which govern the various actions such as: • Verifying ownership, what actual rights are being sold, Handling the transferability • NFTs are also programmed to go beyond basic functions. These functionalities include link to other digital assets, no of times you can view/access, handling royalty payments, etc • They can also trace the unique history of the asset on how they were developed and linked to creative work, this would be available on public blockchains. • In 2021, NFT art sales reached 1.5 million per month counting 11 million in 2021 Seller signs up and creates a crypto wallet Seller creates & uploads digital object and & generate a CID using Pinata, uplioad the metadata (Json file with CID) to IPFS Seller creates a smartcontract & conditions for selling the NFT Seller creates a smartcontract with CID of metadata as base URI & conditions for selling the NFT linked to Sellers EtherWallet Buyer reviews artwork on sites like OpenSea, reviews the price and buys NFT or gives counteroffer. Checkout and sign the transaction. Pay the “gas fees” using your metamask wallet once the payment is received the ownership rights are transferred on the blockchain Validate the transfer on Etherscan SmartContract reviews if conditions are met and then automatically transfers the NFT basis your sign
  • 21.
    Ronin Network Hack SkyMavis - Game Developer Axie Infinity NFT Game NFT Axie Token NFT Pay to play to earn game Ronin Network – Ethereum Sidechain Validators Ronin Bridge – Bridge to move funds from Ethereum blockchain to Ronin Network Ethereum Blockchain – Slow & High Gas fees • Axie Infinity is a NFT online game using Ethereum-based cryptocurrencies. • Players collect & mint NFTs that represent digital pets known as Axies. • Axies can be bred and battled with each other within the game. • Sky Mavis charges a 4.25% fee when players trade Axies on its marketplace. • Game is built on the Ronin Network & uses Proof of Authority for consensus • Only 9 validators(chosen & Trusted members) - 5 are required to validate a transaction (51% of the network validators) • In 2021, Axie DAO gave access to Sky Mavis to sign off on transactions on its behalf to mitigate user volume. • In March 22, hackers stole ~ US$620 million of cryptocurrency from the project using a Spearphishing /Social Engineering attack where they got access to SkyMavis 4 validator nodes. They leveraged the attack to gain access to Axie DAO validator node via a vulnerability/backdoor in a gas-free RPC node. • Got access to private keys of validator nodes resulting in the compromise of five validator nodes (out of nine), which is also the threshold required to approve a transaction. • Hackers replaced the 25.5 Million USDC (stable coin) to ETH • They then via numerous addresses/wallets moved a portion to centralized exchanges like Huobi, FTX and Crypto.com. A mistake since centralized exchanges do KYC and transactions can be traced • Then the group moved the cash to Tornado Cash which is a mixer to anonymise the transactions
  • 22.
    Ronin Network Hack TornadoCash Mixer (Anonymises transactions) Hacker Centralized Exchange Centralized Exchange • ETH was sent to Tornado Cash sending to multiple addresses and then to Tornado cash and laundering 1000's of ETH per day. By 18th April they had laundered 18% of the stolen funds. • On 14th April OFAC updated its SDN (Specifically Designated Nationals) list to state that a particular state sponsored group was the recipient of the Ronin Bridge attack. • SDN included sanctioned wallets/addresses which on 15th April, Tornado Cash said they would block funds being received from • The hacker then started moving funds via non sanctioned addresses laundering around 20K ETH per day. • On 6th of May OFAC sanctioned another bitcoin mixer Blender.io which has been used to facilitate money laundering. It was used to launder 20.5 million of the stolen Ronin funds. By 6th May all stolen ETH were laundered via Tornado Cash How Tornado Cash mixer works • Tornado Cash works as a mixer where transactions are anonymized. • Each sender registers with Tornado Cash and links their wallet and deposit funds. Tornado cash will generate a hash for you. This is your identifier to TornadoCash and verifies you as owner of the deposit • Each sender puts in an equal amount in blocks of .01 ETH, 1, 10 or 100 ETH. Tornado • Tornado Cash then sends the ETH to a central address (vault). No one controls this address, it is controlled by the smart contract. • You can then withdraw the ETH to a new wallet basis the identifier. The funds in the new wallet are not linked to the old wallet so no traceability Tornado Cash vault where all ETH of senders are held here ETH received on new wallets withno reference to sender wallets Merkle tree keeps track of the deposit hashes Zk-Snark verifies the withdrawer has valid proof for the merkle tree
  • 23.
    General learning ofthe attack • Hack happened on 24th and was discovered only on 29th of March as per the company. – No red flags/monitoring of large transactions leaving the network. Monitoring should include • Number of validators less for the amount of Crypto held by Ronin Network. – Just 9 validators which require 5 to be compromised • Keys not secured - Unencrypted keys stored on the cloud • No regular security cadence - Work machines should not be used for personal work with no backdoors and patched regularly to access the validator nodes • Have a proof of stake model to incentivize security by validators keeping a stake instead of a proof of authority model. What they did post the attack to mitigiate security risks • Migrated old nodes, which is completely separated from old infrastructure • Expanding their amount of validator nodes up to 21 • The Ronin Network bridge will open once it has undergone a security upgrade and several audits (Verichain, Certik) • Strong Key Management practices – Not known what is being done here • Keep a retainer forensics company like Chainalysis and Crowdstrike to recover any stolen Crypto • SkyMavis has introducted a bugbounty program • Large transactions or high frequencies of transactions in short time • Moving or accepting crypto to high risk countries • Multiple transactions below radar amounts • Monitoring accounts which have inadeqte KYC Monitoring • Choose the right model depending on the type of blockchain like Proof of Stake instead of Proof of Authority on permissionless networks • Ensure large no of validator nodes are present to validate transactions • Ensure Keys are not stored in plaintext and there are strong key management practices OR • Keep the private key in plaintext on a remote signer server and use a KMS to talk to the main Validator Right Model Security Cadence • Ensure nodes are secured. 2FA used with SSH to access nodes • Limit access to validator nodes • Patch systems regularly so that there are no vulnerabilities/backdoors • Have an audit firm review architecture and systems periodically • Keep a retainer firm to trace and track stolem funds • Possibly incorporate a bugbounty program
  • 24.