Mastering Ethereum - Andreas M. Antonopoulos Tychy

Ethereum represents the gateway to a worldwide, decentralized computing paradigm. This platform enables you to run decentralized applications (DApps) and smart contracts that have no central points of failure or control, integrate with a payment network, and operate on an open blockchain. With this practical guide, Andreas M. Antonopoulos and Gavin Wood provide everything you need to know about building smart contracts and DApps on Ethereum and other virtual-machine blockchains.Discover why IBM, Microsoft, NASDAQ, and hundreds of other organizations are experimenting with Ethereum. This essential guide shows you how to develop the skills necessary to be an innovator in this growing and exciting new industry.Run an Ethereum client, create and transmit basic transactions, and program smart contractsLearn the essentials of public key cryptography, hashes, and digital signaturesUnderstand how "wallets" hold digital keys that control funds and smart contractsInteract with Ethereum clients programmatically using JavaScript libraries and Remote Procedure Call interfacesLearn security best practices, design patterns, and anti-patterns with real-world examplesCreate tokens that represent assets, shares, votes, or access control rightsBuild decentralized applications using multiple peer-to-peer (P2P) components Spis treści: Preface How to Use This Book Intended Audience Conventions Used in This Book Code Examples Using Code Examples References to Companies and Products Ethereum Addresses and Transactions in this Book OReilly Safari How to Contact Us Contacting Andreas Contacting Gavin Acknowledgments by Andreas Acknowledgments by Gavin Contributions Sources Quick Glossary 1. What Is Ethereum? Compared to Bitcoin Components of a Blockchain The Birth of Ethereum Ethereums Four Stages of Development Ethereum: A General-Purpose Blockchain Ethereums Components Further Reading Ethereum and Turing Completeness Turing Completeness as a Feature Implications of Turing Completeness From General-Purpose Blockchains to Decentralized Applications (DApps) The Third Age of the Internet Ethereums Development Culture Why Learn Ethereum? What This Book Will Teach You 2. Ethereum Basics Ether Currency Units Choosing an Ethereum Wallet Control and Responsibility Getting Started with MetaMask Creating a Wallet Switching Networks Getting Some Test Ether Sending Ether from MetaMask Exploring the Transaction History of an Address Introducing the World Computer Externally Owned Accounts (EOAs) and Contracts A Simple Contract: A Test Ether Faucet Compiling the Faucet Contract Creating the Contract on the Blockchain Interacting with the Contract Viewing the Contract Address in a Block Explorer Funding the Contract Withdrawing from Our Contract Conclusions 3. Ethereum Clients Ethereum Networks Should I Run a Full Node? Full Node Advantages and Disadvantages Public Testnet Advantages and Disadvantages Local Blockchain Simulation Advantages and Disadvantages Running an Ethereum Client Hardware Requirements for a Full Node Software Requirements for Building and Running a Client (Node) Parity Installing Parity Go-Ethereum (Geth) Cloning the repository Building Geth from source code The First Synchronization of Ethereum-Based Blockchains Running Geth or Parity The JSON-RPC Interface Paritys Geth compatibility mode Remote Ethereum Clients Mobile (Smartphone) Wallets Browser Wallets MetaMask Jaxx MyEtherWallet (MEW) MyCrypto Mist Conclusions 4. Cryptography Keys and Addresses Public Key Cryptography and Cryptocurrency Private Keys Generating a Private Key from a Random Number Public Keys Elliptic Curve Cryptography Explained Elliptic Curve Arithmetic Operations Generating a Public Key Elliptic Curve Libraries Cryptographic Hash Functions Ethereums Cryptographic Hash Function: Keccak-256 Which Hash Function Am I Using? Ethereum Addresses Ethereum Address Formats Inter Exchange Client Address Protocol Hex Encoding with Checksum in Capitalization (EIP-55) Detecting an error in an EIP-55 encoded address Conclusions 5. Wallets Wallet Technology Overview Nondeterministic (Random) Wallets Deterministic (Seeded) Wallets Hierarchical Deterministic Wallets (BIP-32/BIP-44) Seeds and Mnemonic Codes (BIP-39) Wallet Best Practices Mnemonic Code Words (BIP-39) Generating mnemonic words From mnemonic to seed Optional passphrase in BIP-39 Working with mnemonic codes Creating an HD Wallet from the Seed HD Wallets (BIP-32) and Paths (BIP-43/44) Extended public and private keys Hardened child key derivation Index numbers for normal and hardened derivation HD wallet key identifier (path) Navigating the HD wallet tree structure Conclusions 6. Transactions The Structure of a Transaction The Transaction Nonce Keeping Track of Nonces Gaps in Nonces, Duplicate Nonces, and Confirmation Concurrency, Transaction Origination, and Nonces Transaction Gas Transaction Recipient Transaction Value and Data Transmitting Value to EOAs and Contracts Transmitting a Data Payload to an EOA or Contract Special Transaction: Contract Creation Digital Signatures The Elliptic Curve Digital Signature Algorithm How Digital Signatures Work Creating a digital signature Verifying the Signature ECDSA Math Transaction Signing in Practice Raw Transaction Creation and Signing Raw Transaction Creation with EIP-155 The Signature Prefix Value (v) and Public Key Recovery Separating Signing and Transmission (Offline Signing) Transaction Propagation Recording on the Blockchain Multiple-Signature (Multisig) Transactions Conclusions 7. Smart Contracts and Solidity What Is a Smart Contract? Life Cycle of a Smart Contract Introduction to Ethereum High-Level Languages Building a Smart Contract with Solidity Selecting a Version of Solidity Download and Install Development Environment Writing a Simple Solidity Program Compiling with the Solidity Compiler (solc) The Ethereum Contract ABI Selecting a Solidity Compiler and Language Version Programming with Solidity Data Types Predefined Global Variables and Functions Transaction/message call context Transaction context Block context address object Built-in functions Contract Definition Functions Contract Constructor and selfdestruct Adding a Constructor and selfdestruct to Our Faucet Example Function Modifiers Contract Inheritance Error Handling (assert, require, revert) Events Catching events Calling Other Contracts (send, call, callcode, delegatecall) Creating a new instance Addressing an existing instance Raw call, delegatecall Gas Considerations Avoid Dynamically Sized Arrays Avoid Calls to Other Contracts Estimating Gas Cost Conclusions 8. Smart Contracts and Vyper Vulnerabilities and Vyper Comparison to Solidity Modifiers Class Inheritance Inline Assembly Function Overloading Variable Typecasting Preconditions and Postconditions Decorators Function and Variable Ordering Compilation Protecting Against Overflow Errors at the Compiler Level Reading and Writing Data Conclusions 9. Smart Contract Security Security Best Practices Security Risks and Antipatterns Reentrancy Real-World Example: The DAO Arithmetic Over/Underflows Real-World Examples: PoWHC and Batch Transfer Overflow (CVE-201810299) Unexpected Ether Further Examples DELEGATECALL Real-World Example: Parity Multisig Wallet (Second Hack) Default Visibilities Real-World Example: Parity Multisig Wallet (First Hack) Entropy Illusion Real-World Example: PRNG Contracts External Contract Referencing Real-World Example: Reentrancy Honey Pot Short Address/Parameter Attack Unchecked CALL Return Values Real-World Example: Etherpot and King of the Ether Race Conditions/Front Running Real-World Examples: ERC20 and Bancor Denial of Service (DoS) Real-World Examples: GovernMental Block Timestamp Manipulation Real-World Example: GovernMental Constructors with Care Real-World Example: Rubixi Uninitialized Storage Pointers Real-World Examples: OpenAddressLottery and CryptoRoulette Honey Pots Floating Point and Precision Real-World Example: Ethstick Tx.Origin Authentication Contract Libraries Conclusions 10. Tokens How Tokens Are Used Tokens and Fungibility Counterparty Risk Tokens and Intrinsicality Using Tokens: Utility or Equity Its a Duck! Utility Tokens: Who Needs Them? Tokens on Ethereum The ERC20 Token Standard ERC20 required functions and events ERC20 optional functions The ERC20 interface defined in Solidity ERC20 data structures ERC20 workflows: transfer and approve & transferFrom ERC20 implementations Launching Our Own ERC20 Token Interacting with METoken using the Truffle console Sending ERC20 tokens to contract addresses Demonstrating the approve & transferFrom workflow Issues with ERC20 Tokens ERC223: A Proposed Token Contract Interface Standard ERC777: A Proposed Token Contract Interface Standard ERC777 hooks ERC721: Non-fungible Token (Deed) Standard Using Token Standards What Are Token Standards? What Is Their Purpose? Should You Use These Standards? Security by Maturity Extensions to Token Interface Standards Tokens and ICOs Conclusions 11. Oracles Why Oracles Are Needed Oracle Use Cases and Examples Oracle Design Patterns Data Authentication Computation Oracles Decentralized Oracles Oracle Client Interfaces in Solidity Conclusions 12. Decentralized Applications (DApps) What Is a DApp? Backend (Smart Contract) Frontend (Web User Interface) Data Storage IPFS Swarm Decentralized Message Communications Protocols A Basic DApp Example: Auction DApp Auction DApp: Backend Smart Contracts DApp governance Auction DApp: Frontend User Interface Further Decentralizing the Auction DApp Storing the Auction DApp on Swarm Preparing Swarm Uploading Files to Swarm The Ethereum Name Service (ENS) History of Ethereum Name Services The ENS Specification Bottom Layer: Name Owners and Resolvers The Namehash algorithm How to choose a valid name Root node ownership Resolvers Middle Layer: The .eth Nodes Vickrey auctions Top Layer: The Deeds Registering a Name Managing Your ENS Name Creating an ENS subdomain ENS Resolvers Resolving a Name to a Swarm Hash (Content) From App to DApp Conclusions 13. The Ethereum Virtual Machine What Is the EVM? Comparison with Existing Technology The EVM Instruction Set (Bytecode Operations) Ethereum State Compiling Solidity to EVM Bytecode Contract Deployment Code Disassembling the Bytecode Turing Completeness and Gas Gas Gas Accounting During Execution Gas Accounting Considerations Gas Cost Versus Gas Price Negative gas costs Block Gas Limit Who decides what the block gas limit is? Conclusions 14. Consensus Consensus via Proof of Work Consensus via Proof of Stake (PoS) Ethash: Ethereums Proof-of-Work Algorithm Casper: Ethereums Proof-of-Stake Algorithm Principles of Consensus Controversy and Competition Conclusions A. Ethereum Fork History Ethereum Classic (ETC) The Decentralized Autonomous Organization (The DAO) The Reentrancy Bug Technical Details Attack Flow The DAO Hard Fork Timeline of the DAO Hard Fork Ethereum and Ethereum Classic The EVM Core Network Development Other Notable Ethereum Forks B. Ethereum Standards Ethereum Improvement Proposals (EIPs) Table of Most Important EIPs and ERCs C. Ethereum EVM Opcodes and Gas Consumption D. Development Tools, Frameworks, and Libraries Frameworks Truffle Installing the Truffle framework Integrating a prebuilt Truffle project (Truffle Box) Creating a truffle project directory Configuring truffle Using truffle to deploy a contract Truffle migrationsunderstanding deployment scripts Using the Truffle console Embark OpenZeppelin ZeppelinOS Utilities EthereumJS helpeth: A Command-Line Utility dapp.tools SputnikVM Libraries web3.js web3.py EthereumJS web3j EtherJar Nethereum ethers.js Emerald Platform Testing Smart Contracts On-Blockchain Testing Ganache: A Local Test Blockchain E. web3.js Tutorial Description web3.js Contract Basic Interaction in a Nonblocked (Async) Fashion Node.js Script Execution Reviewing the Demo Script Contract Interaction Asynchronous Operation with Await F. Short Links Reference Smart Contract Security Tokens Index