Smart Contracts:
An Introduction
Miguel Palhas
@naps62
Crypto
Blockchain
Ethereum
Solidity
Crypto
Blockchain
Ethereum
Solidity
What is a blockchain?
- Un-hackable *
- Fully Decentralized P2P network
- Ordered list of immutable transactions
- First solution to the double-spend problem
- Append-only
Mining
Merkle Trees
Cryptography
Eliptic curves
Proof-of-work
Proof-of-stake
Cryptography
Cryptography
Wallets
Hardware/Network Layer
Consensus / Mining
Semantic Layer
Smart
Contracts
go here!
Dapps
Crypto
Blockchain
Ethereum
Solidity
BEGIN TRANSACTION;
UPDATE users
SET admin = 1
WHERE username = 'naps62';
UPDATE users
SET admin = 0
WHERE username != 'naps62';
COMMIT;What (really) is a
Smart Contract?
- A program
- Lives on its own, in the blockchain
- A first-class citizen
- Keeps its own state
- Defines the rules to mutate that state
But what is it for?
A Web of
TRUST
Economic Systems
Insurance Policies
Proof of Existence
Crypto
Blockchain
Ethereum
Solidity
1. Contracts
contract Bank {
function Bank() {
# this is a constructor
}
}2. Instance Variables
contract Bank {
string name;
mapping (address => uint256) balances;
}2. Instance Variables
contract Bank {
string name;
mapping (address => uint256) balances;
function Bank(string _name) {
name = _name;
}
}3. Pure Functions
function balanceOf(address account)
public pure returns (uint256)
{
return balances[account];
}4. Payable Functions
function deposit()
public payable
{
balances[msg.sender] += msg.value;
}5. More functions
function withdraw(uint256 amount)
public
{
msg.sender.transfer(amount);
balances[msg.sender] -= amount;
}Whoops!
5. Fail Early. Fail Hard
function withdraw(uint256 amount)
public
{
// Ensure we have enough ether
require(balances[msg.sender] >= amount);
msg.sender.transfer(amount);
balances[msg.sender] -= amount;
}Attacking a Smart Contract
1. Consensus protocol attacks
51% attacks, Double-Spend, etc
Out of scope for this talk
2. Developer mistakes!
- Give me 1,000,000.00 RUB
Let me check your balance...
ok, there you go.
Do you want to do anything else?
- Actually... give me another 1,000,000.00 RUB!
Let me check your balance...
ok, there you go.
Do you want to do anything else?
I'm good now.
Ok, I'll just update your balance...
here's your card. have a nice day!
Re-entrancy attacks
Re-entrancy attacks
function withdraw(uint256 amount)
public
{
// Ensure we have enough ether
require(balances[msg.sender] >= amount);
msg.sender.transfer(amount);
balances[msg.sender] -= amount;
}contract Bank {
function withdraw(uint)
{
require(balance...);
msg.sender.transfer(..);
balances[...] -= amount;
}contract TotallyLegitUser {
function steal()
{
bank.withdraw(100);
} // fallback function
function()
{
steal();
}
function withdraw(uint256 amount) {
require(...)
msg.sender.transfer(amount);
balances[msg.sender] -= amount;
}function withdraw(uint256 amount) {
require(...)
balances[msg.sender] -= amount;
msg.sender.transfer(amount);
}
PYTHON
HASKELL
Thank you
Miguel Palhas
@naps62
Smart Contracts: An Introduction - DevFest Siberia
By Miguel Palhas
