Smart Contracts:
An Introduction

Miguel Palhas

@naps62

Crypto

Blockchain

Ethereum

Solidity

Crypto

Blockchain

Ethereum

Solidity

What is a blockchain?

- Un-hackable *

- Fully Decentralized P2P network

- Ordered list of immutable transactions

- First solution to the double-spend problem

- Append-only

Mining

Merkle Trees


Cryptography
 

Eliptic curves

Proof-of-work

Proof-of-stake


Cryptography
 


Cryptography
 

Wallets

Hardware/Network Layer

Consensus / Mining

Semantic Layer

Smart

Contracts

go here!

Dapps

Crypto

Blockchain

Ethereum

Solidity

BEGIN TRANSACTION;
UPDATE users
SET admin = 1
WHERE username = 'naps62';

UPDATE users
SET admin = 0
WHERE username != 'naps62';
COMMIT;

What (really) is a
Smart Contract?

- A program

- Lives on its own, in the blockchain

- A first-class citizen

- Keeps its own state

- Defines the rules to mutate that state

But what is it for?

A Web of
TRUST

Economic Systems

Insurance Policies

Proof of Existence

Crypto

Blockchain

Ethereum

Solidity

1. Contracts

contract Bank {
  function Bank() {
    # this is a constructor
  }
}

2. Instance Variables

contract Bank {
  string name;
  mapping (address => uint256) balances;
}

2. Instance Variables

contract Bank {
  string name;
  mapping (address => uint256) balances;

  function Bank(string _name) {
    name = _name;
  }
}

3. Pure Functions

function balanceOf(address account)
public pure returns (uint256)
{
  return balances[account];
}

4. Payable Functions

function deposit()
public payable
{
  balances[msg.sender] += msg.value;
}

5. More functions

contract Bank {
  function withdraw(uint256 amount)
  public
  {
    msg.sender.transfer(amount);
    balances[msg.sender] -= amount;
  }
}

Whoops!

5. Fail Early. Fail Hard

function withdraw(uint256 amount)
public
{
  // Ensure we have enough ether
  require(balances[msg.sender] >= amount);

  msg.sender.transfer(amount);
  balances[msg.sender] -= amount;
}

Attacking a Smart Contract

1. Consensus protocol attacks

51% attacks, Double-Spend, etc

Out of scope for this talk

2. Developer mistakes!

- Give me 1,000,000.00 RUB

Let me check your balance...
ok, there you go.

Do you want to do anything else?

- Actually... give me another 1,000,000.00 RUB!

Let me check your balance...
ok, there you go.

Do you want to do anything else?

I'm good now.

Ok, I'll just update your balance...
here's your card. have a nice day!

Re-entrancy attacks

Re-entrancy attacks

function withdraw(uint256 amount)
public
{
  // Ensure we have enough ether
  require(balances[msg.sender] >= amount);

  msg.sender.transfer(amount);
  balances[msg.sender] -= amount;
}
contract Bank {
  function withdraw(uint)
  {
    require(balance...);

    msg.sender.transfer(..);

    balances[...] -= amount;
  }
contract TotallyLegitUser {
  function steal()
  {
    bank.withdraw(100);
  }
  // fallback function
  function()
  {
     steal();
  }
function withdraw(uint256 amount) {
  require(...)
  msg.sender.transfer(amount);
  balances[msg.sender] -= amount;
}
function withdraw(uint256 amount) {
  require(...)
  balances[msg.sender] -= amount;
  msg.sender.transfer(amount);
}

PYTHON

HASKELL

Thank you

Miguel Palhas

@naps62

Smart Contracts: An Introduction - Pixels Camp 2019

By Miguel Palhas

Smart Contracts: An Introduction - Pixels Camp 2019

  • 72
Loading comments...

More from Miguel Palhas