Smart Contracts:
An Introduction
Miguel Palhas
@naps62
Crypto
Blockchain
Ethereum
Solidity
Crypto
Blockchain
Ethereum
Solidity
What is a blockchain?
- Un-hackable *
- Fully Decentralized P2P network
- Ordered list of transactions
- Transactions grouped in blocks
- Append-only
- It solves the problem of time
Mining
Merkle Trees
Cryptography
Eliptic curves
Proof-of-work
Proof-of-stake
Cryptography
Cryptography
Wallets
Hardware/Network Layer
Consensus / Mining
Semantic
Smart
Contracts
go here!
Crypto
Blockchain
Ethereum
Solidity
BEGIN TRANSACTION;
UPDATE users
SET admin = 1
WHERE username = 'naps62';
UPDATE users
SET admin = 0
WHERE username != 'naps62';
COMMIT;
But what is it for?
A Web of
TRUST
Economic Systems
Insurance Policies
Proof of Existence
What (really) is a
Smart Contract?
- A piece of code
- Lives on its own, in the blockchain
- A first-class citizen
- Keeps its own state
- Defines the rules to mutate that state
Crypto
Blockchain
Ethereum
Solidity
1. Contracts
contract Bank {
function Bank() {
# this is a constructor
}
}
2. Instance Variables
contract Bank {
string name;
mapping (address => uint256) balances;
}
2. Instance Variables
contract Bank {
string name;
mapping (address => uint256) balances;
function Bank(string _name) {
name = _name;
}
}
3. Pure Functions
function balanceOf(address account)
public pure returns (uint256)
{
return balances[account];
}
4. Payable Functions
function deposit()
public payable
{
balances[msg.sender] += msg.value;
}
5. More functions
function withdraw(uint256 amount)
public
{
msg.sender.transfer(amount);
balances[msg.sender] -= amount;
}
Whoops!
5. Fail Early. Fail Hard
function withdraw(uint256 amount)
public
{
// Ensure we have enough ether
require(balances[msg.sender] >= amount);
msg.sender.transfer(amount);
balances[msg.sender] -= amount;
}
Re-entrancy attacks
- Give me 1,000,000.00 COP
Let me check your balance...
ok, there you go.
Do you want to do anything else?
- Actually... give me another 1,000,000.00 COP!
Let me check your balance...
ok, there you go.
Do you want to do anything else?
I'm good now.
Ok, I'll just update your balance...
here's your card. have a nice day!
Re-entrancy attacks
function withdraw(uint256 amount)
public
{
// Ensure we have enough ether
require(balances[msg.sender] >= amount);
msg.sender.transfer(amount);
balances[msg.sender] -= amount;
}
contract Bank {
function withdraw(uint)
{
require(balance...);
msg.sender.transfer(..);
balances[...] -= amount;
}
contract TotallyLegitUser {
function steal()
{
bank.withdraw(100);
}
// fallback function
function()
{
steal();
}
function withdraw(uint256 amount) {
require(...)
msg.sender.transfer(amount);
balances[msg.sender] -= amount;
}
function withdraw(uint256 amount) {
require(...)
balances[msg.sender] -= amount;
msg.sender.transfer(amount);
}
So... yeah, this is ending on a low note
PYTHON
HASKELL
Thank you
Miguel Palhas
@naps62
An Introduction to Smart Contracts - ScaleConf Colombia 2018
By Miguel Palhas
An Introduction to Smart Contracts - ScaleConf Colombia 2018
- 650