HARNESSING BLOCKCHAIN TECHNOLOGY WITH DAPPS

By BELLAJ BADR AtlasBlocks

What is blockchainRead the code to understand

What is blockchain

What is blockchainBlockchain = a chain of blocks?

What is blockchain

A copy of the blockchain is stored on each user’s computer.

What is blockchain

What is Crypto-currencyNo need to be economist or cryptographer.

What is Crypto-currency

Bitcoin began as a P2P electronic cash system

“peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution.”Satoshi Nakamoto

What is Crypto-currencyIn Cryptocurrency we don’t crypt anything

“an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party”Satoshi Nakamoto

Blockchain application

MIT Launches Blockcerts Certification Using BitcoinExploit Blockchain aspect to build you projectImmutability/security/decentralized consensus

RemittanceAssets Digitization crowdfunding Prediction marketLending and investingIOT…

Toward a new Web : Web 3.0 Distributed web

• The Web without servers• Without HTTP (Not found 404)• DDOS-resistant• ..

Toward a new Web : Web 3.0 Distributed web

Toward a new Web : Web 3.0 Distributed web• As an example, the October 2016 Dyn cyberattack affected major sites

including Amazon, Twitter, Reddit, Paypal, Netflix...

Web3 : No third party

Web 3.0 :Take the control

Word computer that worth $1Bn Market CapCryptocurrency 2.0 Network

The best-known smart contract platformEthereum is a platform like the Internet.

OpenSource Project

ETHEREUM• Initially proposed in late 2013 (by Vitalik).• Ethereum’s live blockchain was launched on 30 July 2015• Frontier=> Homestead (current) =>Metropolis=>Serenity Ethereum

1.5 (POS/zkSNARK -2017)

• Ethereum 2.0: initial scalability release. Expected late 2017.• Ethereum 3.0 : ‘unlimited’ scalability release. Expected late 2018.

DAPP (decentralized application)The future of the web

P2P Network

Frontend

Backend

What is a smart contractThe Blockchain Technology That Will Replace Lawyers?? Really

What is a smart contract

They enable trustless financial services like loans, micropayments, and more.

“A smart contract is a program that runs on the blockchainand has its correct execution enforced by the consensus protocol”

What is a smart contract

Sending a transaction to a contract causes its code to execute.Contracts can store data, send transactions and interact withother contracts.

TOOLS

• Languages: Solidity, Serpent, LLL, Mutan (C-like)..• IDE: Solidity Browser, Ethereum Studio. Atome:/solc.• Clients: geth, eth, parity, Ethereum Wallet. • Api & framework : Embark, truffle, DAPPLE, Meteor, web3.js API,

ethereumj, Blockapps..• TEST: TestRpc/ testnet or private network• Storage: IPFS/ swarm/Storj.• Dapp Browser : Metmask, Mist.

SOLIDITY

• Solidity is an object oriented domain-specific language. Popular language to write Ethereum’s smart contract.

• Ethereum VM and solidity are Turing Complete

Everything can be implemented in a Turing complete environment

YOUR FIRST DAPP

DEMO

DEMO 2: First smart contractpragma solidity ^0.4.0;

contract Devoxx{

string string_;

function set(string s){

string_=s;

}

function get() returns (string ){

return string_;

}

}

Solidity a turing langage

Gas concept

• Operations in the EVM have gas cost . "Gas" is the name for a special unit used in Ethereum. It measures how much "work" an action or set of actions takes to perform: Gas is a computational unit not a money

• Cost =gas* gasprice• the gas price is set by miners and the only way to guess the

acceptable value is to look at the last block gas price.• To avoid Ddos attack• contract storage costs 20,000 gas per 32 bytes

Gas concept

DEMO : Smart contract 2pragma solidity ^0.4.0;contract Devoxx{string string_;

struct client{ uint256 id; uint256 balance; address address_;}

mapping(uint256=>client) Clients;function set(string s){ string_=s;}

function get() returns (string i ){ return string_;}function add_client(uint256 id_) { Clients[id_].id=id_; Clients[id_].balance=msg.value; Clients[id_].address_=msg.sender; }

function get_client_balance(uint256 id_) returns (uint) { return Clients[id_].balance;}}

DEMO: Front end Web3.js

JavaScript Application interacting with the Blockchain

DEMO 3Complex Smart contract

Solidity Features

• Inheritance, polymorphism• Libraries• Abstract Contracts• Inline assembly • Timer, Time Units• Modifiers• Optimizer• More : https://solidity.readthedocs.io/en/develop/

ORACLE : OUTER SPACE

This contract keeps in storage an always-in-sync views counter for a certain Youtube video.

import "dev.oraclize.it/api.sol";

contract YoutubeViews is usingOraclize { uint public viewsCount;

function YoutubeViews() { update(0); function __callback(bytes32 myid, string result) { if (msg.sender != oraclize_cbAddress()) throw; viewsCount = parseInt(result, 0); // do something with viewsCount // (like tipping the author once viewsCount > X?) update(60*10); // update viewsCount every 10 minutes } function update(uint delay) { oraclize_query(delay, 'URL', 'html(https://www.youtube.com/watch?v=9bZkp7q19f0).xpath(//*[contains(@class, "watch-view-count")]/text())'); } }

Src: https://goo.gl/aDvpjR

SecurityIssues & best practices

Security (write a secure contract)

• DDos attacks (overwhelmed the network)• Dao attack (Code Issue Leads to $150M Theft)On 17th of June an attacker tried to rob ~3.5M ETH using the reentry exploit

contract Fund { /// Mapping of ether shares of the contract. mapping(address => uint) shares; /// Withdraw your share. function withdraw() { if (msg.sender.call.value(shares[msg.sender])()) }shares[msg.sender] = 0; }

contract Recipient { uint counter; function() { //Malicious fallback function

if (counter < 10) { Fund(msg.sender).withdraw(); counter+=1;

}}}

Statistics: ~15-50 bugs per 1000 lines of codeNot everything needs decentralization and needs to be in the smart contract

● Only include in a smart contract the very core of a Dapp

Source: https://eprint.iacr.org/2016/633.pdf

Check The code

More details:https://github.com/ConsenSys/smart-contract-best-practices http://solidity.readthedocs.io/en/latest/security-considerations.html

Establish security patterns : Best practices

● 1024 call stack depth -> always check return values of each call● Block gas limit -> No arbitrary length loops● Reentry exploit -> update state before executing CALLs● Ether sent to contract without contract invocation -> be careful with Invariants● Specify right amount of gas (SEND vs CALL)● Block timestamp can be manipulated -> block.number are safer● Tx.orgin vs msg.sender (phishing attacks)● …

Ethereum is still in progress

● Formal proof verification (work in progress)● Compiler warnings (work in progress)● Improved IDEs (work in progress)● Trusted Libraries (work in progress)● Best practices literature (work in progress)● Decentralized master keys / Decentralized escape hatches / trusted community multisig to be used in smart contracts as centralized authorities

Blockchain isn’t Aladdin’s lamp

• Lot of deprecated documentation

• Security issues : Mainly DDOS.• Pseudo- anonymity• Future mining centralisation• Data is public• Price volatility• Contract upgrade

• Quantum crypto• Transaction delay• Transaction throughput• Latency• ..…

"Strange times we live in. The world’s biggest financial players and analysts are buzzing about an invention that became famous partly by promising to destroy them"

Questions ?