Upload
bellaj-badr
View
261
Download
1
Embed Size (px)
Citation preview
HARNESSING BLOCKCHAIN TECHNOLOGY WITH DAPPS
By BELLAJ BADR AtlasBlocks
What is blockchainRead the code to understand
What is blockchain
What is blockchainBlockchain = a chain of blocks?
What is blockchain
A copy of the blockchain is stored on each user’s computer.
What is blockchain
What is Crypto-currencyNo need to be economist or cryptographer.
What is Crypto-currency
Bitcoin began as a P2P electronic cash system
“peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution.”Satoshi Nakamoto
What is Crypto-currencyIn Cryptocurrency we don’t crypt anything
“an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party”Satoshi Nakamoto
Blockchain application
MIT Launches Blockcerts Certification Using BitcoinExploit Blockchain aspect to build you projectImmutability/security/decentralized consensus
RemittanceAssets Digitization crowdfunding Prediction marketLending and investingIOT…
Toward a new Web : Web 3.0 Distributed web
• The Web without servers• Without HTTP (Not found 404)• DDOS-resistant• ..
Toward a new Web : Web 3.0 Distributed web
Toward a new Web : Web 3.0 Distributed web• As an example, the October 2016 Dyn cyberattack affected major sites
including Amazon, Twitter, Reddit, Paypal, Netflix...
Web3 : No third party
Web 3.0 :Take the control
Word computer that worth $1Bn Market CapCryptocurrency 2.0 Network
The best-known smart contract platformEthereum is a platform like the Internet.
OpenSource Project
ETHEREUM• Initially proposed in late 2013 (by Vitalik).• Ethereum’s live blockchain was launched on 30 July 2015• Frontier=> Homestead (current) =>Metropolis=>Serenity Ethereum
1.5 (POS/zkSNARK -2017)
• Ethereum 2.0: initial scalability release. Expected late 2017.• Ethereum 3.0 : ‘unlimited’ scalability release. Expected late 2018.
DAPP (decentralized application)The future of the web
P2P Network
Frontend
Backend
What is a smart contractThe Blockchain Technology That Will Replace Lawyers?? Really
What is a smart contract
They enable trustless financial services like loans, micropayments, and more.
“A smart contract is a program that runs on the blockchainand has its correct execution enforced by the consensus protocol”
What is a smart contract
Sending a transaction to a contract causes its code to execute.Contracts can store data, send transactions and interact withother contracts.
TOOLS
• Languages: Solidity, Serpent, LLL, Mutan (C-like)..• IDE: Solidity Browser, Ethereum Studio. Atome:/solc.• Clients: geth, eth, parity, Ethereum Wallet. • Api & framework : Embark, truffle, DAPPLE, Meteor, web3.js API,
ethereumj, Blockapps..• TEST: TestRpc/ testnet or private network• Storage: IPFS/ swarm/Storj.• Dapp Browser : Metmask, Mist.
SOLIDITY
• Solidity is an object oriented domain-specific language. Popular language to write Ethereum’s smart contract.
• Ethereum VM and solidity are Turing Complete
Everything can be implemented in a Turing complete environment
YOUR FIRST DAPP
DEMO
DEMO 2: First smart contractpragma solidity ^0.4.0;
contract Devoxx{
string string_;
function set(string s){
string_=s;
}
function get() returns (string ){
return string_;
}
}
Solidity a turing langage
Gas concept
• Operations in the EVM have gas cost . "Gas" is the name for a special unit used in Ethereum. It measures how much "work" an action or set of actions takes to perform: Gas is a computational unit not a money
• Cost =gas* gasprice• the gas price is set by miners and the only way to guess the
acceptable value is to look at the last block gas price.• To avoid Ddos attack• contract storage costs 20,000 gas per 32 bytes
Gas concept
DEMO : Smart contract 2pragma solidity ^0.4.0;contract Devoxx{string string_;
struct client{ uint256 id; uint256 balance; address address_;}
mapping(uint256=>client) Clients;function set(string s){ string_=s;}
function get() returns (string i ){ return string_;}function add_client(uint256 id_) { Clients[id_].id=id_; Clients[id_].balance=msg.value; Clients[id_].address_=msg.sender; }
function get_client_balance(uint256 id_) returns (uint) { return Clients[id_].balance;}}
DEMO: Front end Web3.js
JavaScript Application interacting with the Blockchain
DEMO 3Complex Smart contract
Solidity Features
• Inheritance, polymorphism• Libraries• Abstract Contracts• Inline assembly • Timer, Time Units• Modifiers• Optimizer• More : https://solidity.readthedocs.io/en/develop/
ORACLE : OUTER SPACE
This contract keeps in storage an always-in-sync views counter for a certain Youtube video.
import "dev.oraclize.it/api.sol";
contract YoutubeViews is usingOraclize { uint public viewsCount;
function YoutubeViews() { update(0); function __callback(bytes32 myid, string result) { if (msg.sender != oraclize_cbAddress()) throw; viewsCount = parseInt(result, 0); // do something with viewsCount // (like tipping the author once viewsCount > X?) update(60*10); // update viewsCount every 10 minutes } function update(uint delay) { oraclize_query(delay, 'URL', 'html(https://www.youtube.com/watch?v=9bZkp7q19f0).xpath(//*[contains(@class, "watch-view-count")]/text())'); } }
Src: https://goo.gl/aDvpjR
SecurityIssues & best practices
Security (write a secure contract)
• DDos attacks (overwhelmed the network)• Dao attack (Code Issue Leads to $150M Theft)On 17th of June an attacker tried to rob ~3.5M ETH using the reentry exploit
contract Fund { /// Mapping of ether shares of the contract. mapping(address => uint) shares; /// Withdraw your share. function withdraw() { if (msg.sender.call.value(shares[msg.sender])()) }shares[msg.sender] = 0; }
contract Recipient { uint counter; function() { //Malicious fallback function
if (counter < 10) { Fund(msg.sender).withdraw(); counter+=1;
}}}
Statistics: ~15-50 bugs per 1000 lines of codeNot everything needs decentralization and needs to be in the smart contract
● Only include in a smart contract the very core of a Dapp
Source: https://eprint.iacr.org/2016/633.pdf
Check The code
More details:https://github.com/ConsenSys/smart-contract-best-practices http://solidity.readthedocs.io/en/latest/security-considerations.html
Establish security patterns : Best practices
● 1024 call stack depth -> always check return values of each call● Block gas limit -> No arbitrary length loops● Reentry exploit -> update state before executing CALLs● Ether sent to contract without contract invocation -> be careful with Invariants● Specify right amount of gas (SEND vs CALL)● Block timestamp can be manipulated -> block.number are safer● Tx.orgin vs msg.sender (phishing attacks)● …
Ethereum is still in progress
● Formal proof verification (work in progress)● Compiler warnings (work in progress)● Improved IDEs (work in progress)● Trusted Libraries (work in progress)● Best practices literature (work in progress)● Decentralized master keys / Decentralized escape hatches / trusted community multisig to be used in smart contracts as centralized authorities
Blockchain isn’t Aladdin’s lamp
• Lot of deprecated documentation
• Security issues : Mainly DDOS.• Pseudo- anonymity• Future mining centralisation• Data is public• Price volatility• Contract upgrade
• Quantum crypto• Transaction delay• Transaction throughput• Latency• ..…
"Strange times we live in. The world’s biggest financial players and analysts are buzzing about an invention that became famous partly by promising to destroy them"
Questions ?