Weijia Zhang - Blockchain and Ethereum Smart Contract Solution Development: Dapp Programming with Solidity

Blockchain andEthereum SmartContract SolutionDevelopmentDapp Programmingwith SolidityWeijia ZhangTej AnandBlockchain and Ethereum Smart Contract Solution Development: DappProgramming with Solidity Weijia Zhang Tej Anand Austin, TX, USA Chappaqua, NY, USA ISBN-13 (pbk): 978-1-4842-8163-5 ISBN-13 (electronic): 978-1-4842-8164-2 https://doi.org/10.1007/978-1-4842-8164-2 Copyright 2022 by Weijia Zhang and Tej Anand This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made.

The publisher makes no warranty, express or implied, with respect to the material contained herein. Managing Director, Apress Media LLC: Welmoed Spahr Acquisitions Editor: Aaron Black Development Editor: James Markham Coordinating Editor: Jessica Vakili Distributed to the book trade worldwide by Springer Science+Business Media New York, 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail orders-ny@springer-sbm.com, or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation. For information on translations, please e-mail booktranslations@springernature.com; for reprint, paperback, or audio rights, please e-mail bookpermissions@springernature.com.

Apress titles may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Print and eBook Bulk Sales web page at http://www.apress.com/bulk-sales. Any source code or other supplementary material referenced by the author in this book is available to readers on the Github repository: https://github.com/Apress/-Blockchain-and-Ethereum-Smart-Contract-Solution-Development. For more detailed information, please visit http://www.apress.com/source-code. Printed on acid-free paper To our students at the University of Texas at Austin,Columbia University in the City of New York, and theUniversity of Maryland in College Park.Table of Contents About the Authors xv About the Technical Reviewer xvii Acknowledgments xix Part 1: The Context for Blockchain 1 Chapter 1: Business and Economic Motivation for Blockchain 3 Introduction 4 A Brief History of Money 7 Economy As Value Exchange 14 Current Economic Inefficiencies 22 Blockchains Potential to Address Current Economic Inefficiencies 31 Chapter Summary/Key Takeaways 34 Sidebars 36 Quiz Questions 38 References 39 Chapter 2: Overview of Core Technologies Supporting Blockchain 43 Introduction 43 Cryptology and Digital Signatures 45 Distributed Systems 56 Peer-to-Peer Networking 67 Blockchain Technology Integration 71 v Table of ConTenTs Chapter Summary/Key Takeaways 74 Quiz Questions 76 Sidebar Key Distributed Systems Terms and Definitions 78 References 79 Chapter 3: Blockchain Components and Architecture 81 Introduction 81 Conceptual Overview of Blockchain Components 83 Distributed Ledgers and Technical Overview of Blockchains88 Blockchain Implementation Categorization 95 Smart Contracts and Blockchain Components Summary 99 Blockchain Limitations 102 Chapter Summary/Key Takeaways 106 Sidebar Blockchain Terminology 108 Quiz Questions 109 References 111 Chapter 4: Blockchain Business Applications 113 Introduction 113 Is a Blockchain Necessary? 116 Blockchain Application Design Decisions 121 Blockchain Applications 139 Blockchain Finance Applications 139 Blockchain Healthcare Applications 145 Blockchain Supply Chain Applications 153 Blockchain Entertainment Applications 155 Chapter Summary/Key Takeaways 157 Quiz Questions 159 References 161 vi Table of ConTenTs Chapter 5: Blockchain Implementations Overview: Bitcoin, Ethereum, and Hyperledger 163 Introduction 163 Bitcoin Transactions, Blocks, and Mining 165 Bitcoin Economics 182 Consensus Protocols 184 Ethereum 187 Hyperledger 193 Bitcoin, Ethereum, and Hyperledger Comparison 195 Emerging Blockchain Implementations 198 Chapter Summary/Key Takeaways 200 Sidebar Stack-Based Programming Language 201 Quiz Questions 202 References 205 Part 2: Ethereum Smart Contract Development 207 Chapter 6: Ethereum Architecture and Overview 209 Introduction 209 Ethereum Architecture 211 Network Layer 212 Core Blockchain Layer 213 Enterprise Components Layer 215 Tooling Layer 216 Application Layer 217 Ethereum Blockchain Ecosystem and DeFi Projects 218 Wallet to Manage Assets 218 Smart ContractEnabled Banking dApp 222 Decentralized Exchange in Ethereum 223 vii Table of ConTenTs NFT Applications 224 Oracle Service 225 DAO Platforms 226 Decentralized Insurance Platform 226 Decentralized KYC and Identity 227 Stablecoin 227 Tools to Set Up a Smart Contract Development Environment 228 MetaMask: The Simplest Way to Interact with the Ethereum Blockchain 229 Etherscan: The Most Comprehensive Blockchain Browser 231 Geth: The Swiss Army Knife for the Ethereum Blockchain 231 Truffle: The Most Comprehensive Smart Contract Development Tool 235 Remix: The Most Convenient Web-Based Smart Contract Development Tool 238 Summary244 Chapter 7: Programming Smart Contract with Solidity 245 Introduction: What We Learned in the Last Chapter 245 What Is Smart Contract 245 What Is Solidity Programming Language 247 Module 1: Hello World Solidity Example 248 Solidity Comments249 Solidity Program and Version Declaration 249 Import a Solidity File 251 Constructor Function 252 Function Modifier 252 Blockchain Access Scope: Pure/View/Payable Functions 253 Function Access Scope: Public, External, Internal, and Private 254 viii Table of ConTenTs Module 2: Solidity Data Types 255 Boolean 255 Integer Type 256 Address Type 258 Byte Array 259 Fixed Size Array 261 Dynamically Sized Array 262 Mapping Data Type 263 Enum Data Type 264 Struct Data Type 266 Module 3: Events 271 What Is Ethereum Event 271 Where Are Events Stored 271 How to Define an Event 271 Module 4: Security 274 Function Vulnerabilities 274 Data Type and Data Vulnerabilities 280 Compiler Vulnerabilities 285 Randomness Vulnerability 286 Signature Vulnerability 286 Vulnerability: Signature Manipulation 286 Module Summary 287 Module 5: Tools, Test, and Debug 287 Tools 288 Solidity Test 296 Solidity Debug 301 ix Table of ConTenTs Module 6: Client Considerations 305 Types of dApp clients306 Web Client Example for Interacting with Smart Contract 308 Summary318 Chapter 8: Security Considerations 319 Introduction 319 Functional Security Holes in Smart Contracts 321 Fund Deadlock 321 Fund Leakage 322 Disabled Smart Contract323 Orphan Smart Contract 323 Attackable Security Holes in Smart Contracts 323 Best Security Practices for Smart Contracts 325 Have a Security Risk Mitigation Plan 326 Checking Both Main Source Code and Libraries 327 Put a Cap to the Max Funds 327 Make Your Smart Contract Open Source and Leverage the Community Effort to Harden the Security 328 Yes, There Are Blockchain Security Whitehats329 Have Smart Contract Audited 329 Readable Smart Contract Logic 330 Modularize the Smart Contract 330 Using Well-Tested Libraries 331 Use a Good Random Number Generator 331 Review Gas Consumption in Security Context 332 Wisely Use Blockchain 332 Stay on Top of Security Breaches and Patches 333 Blockchain Specific Security Tips 334 x Table of ConTenTs Security Impact of Quantum Computing 336 Summary339 Chapter 9: Layer 2 and Ethereum 2 341 Problem with Ethereum Mainnet 341 Layer 2 Technology 343 Ethereum State Channel 343 Plasma As a Layer 2 Technology 347 Layer 2 Rollup 363 Ethereum 2 370 Major Changes in Ethereum 2 370 Ethereum 2 Architectural Overview 371 Migrating from Ethereum 1 to Ethereum 2: POS Deposit, Staking, and Slashing 374 Run an Ethereum 2 Validator Node with POS Staking 376 Uncertainties with Ethereum 2 378 Summary378 Chapter 10: Fund a Project: Tokens and Gas Fees 379 Introduction 379 Tokens for Funding Ecosystem Projects 380 Tokens in ICO and DeFi 380 Token in NFT 383 Tokens in DeFi (Compound, Uniswap, and Stablecoins) 386 Tokens for Enterprises/Standardized (Pervasive) Tokens 387 Token Taxonomy Initiative 390 Token Economy Consideration 393 Token Allocation 393 xi Table of ConTenTs Token Distribution 394 Gas Fee Consideration 395 Summary403 Chapter 11: Building Team Projects 405 Problem Statement and Brainstorming 405 Specifications and Solutions 407 EIP-3220: Crosschain Identifier Specification 408 Simple Summary 408 Abstract 408 Motivation 408 Specification 410 Rationale 412 Backward Compatibility 412 Security Considerations 412 Architecture 413 Design the Smart Contract 414 Roles 414 Events 415 Data Structures 415 Functions 416 UML of Smart Contract 416 Smart Contract Code 418 Client Considerations 423 HTML Page Example 425 JavaScript Example 427 Security Review 431 xii Table of ConTenTs Deploy to Testnet 431 Deploy to Mainnet 433 Operation and Upgrade Consideration 435 Index 437 xiii