IA 2 Blockchain
IA 2 Blockchain
As part of the Ethereum 2.0 update, a phased network transition from one consensus
mechanism to another is planned. The roadmap contains three main steps: Beacon Chain,
Merge, and Sharding.
Beacon Chain is the coordination mechanism for the new network, responsible for creating
new blocks, verifying that these new blocks are valid, and rewarding ETH validators for
securing the network. Sharding means partitioning a database to increase capacity; this
technology is already used in programming. In the context of Ethereum, sharding reduces
the load on the network and increases the number of transactions by creating new chains,
known as “shards”. This will significantly increase the number of transactions and data
capacity on the network.
Purpose of EVM
There are four phases of the smart contracts life cycle in the
blockchain ecosystem:
Create
Freeze
Execute
Finalize
8. Explain truffle.
Truffle is the core component of the Truffle Suite, serving as a
comprehensive development framework for Ethereum dapps. It
provides developers with tools, including a smart contract compiler,
automated testing, and deployment scripts. With Truffle, developers
can efficiently write and manage smart contracts using the Solidity
programming language. It simplifies the development process by
offering features like contract migration, network management, and
debugging.
1. Code Vulnerabilities:
Smart contracts are written in programming languages like
Solidity, which can contain bugs, logic errors, or vulnerabilities
that attackers can exploit.
Common vulnerabilities include reentrancy attacks, integer
overflow/underflow, and unchecked external calls.
Even well-audited contracts can have undiscovered
vulnerabilities due to the complexity of decentralized systems.
2. Immutability:
Once deployed on the blockchain, smart contracts are
immutable, meaning their code cannot be modified or updated.
If a vulnerability is discovered after deployment, it may be
challenging or impossible to fix without deploying a new
contract, potentially leading to significant financial losses.
3. External Dependencies:
Smart contracts often rely on external data sources, such as
oracles, for information not available on the blockchain.
These external dependencies introduce a risk of manipulation or
failure, which can compromise the integrity and reliability of
smart contract operations.
1. Reentrancy attack: This is one of the most iconic exploitable smart contract
vulnerabilities. It occurs when a smart contract calls another smart contract in its code
and, when the new call is finished, continues with execution. This action requires the
vulnerable contract to submit an external call. Scammers steal these external calls and
make a recursive call back to the contract with the help of the callback function. They can
create a contract at an external address using malicious code. When the smart contract
fails to update its state before sending funds, the scammer can continuously call the
withdraw function, thus allowing them to drain the contract funds.
2. Integer overflow/underflow: This happens when a variable exceeds
its maximum or minimum value. Attackers can exploit this to gain
control over the contract. Use safe math libraries to avoid this
vulnerability.
3. Timestamp dependence: Smart contracts can be vulnerable to
timestamp manipulation. Attackers can change the timestamp to their
advantage and exploit the contract. Use block timestamps instead of
the current time to avoid this vulnerability.
4. Unprotected private data: Private data can be accessed by anyone
if it is not protected properly. Use encryption to protect private data.
5. Unchecked return values: Smart contracts can be vulnerable to
unchecked return values. Attackers can exploit this vulnerability to
gain control over the contract. Use the require function to check return
values.
Scope(Structure of Transaction)
- Nonce
- Gas price
- Gas Limit
- Recipient(EOA, Contract Account)
- Value
- Data
- v, r, s(ECDSA)
■ Nonce(transaction nonce)
Ethereum has two types of Nonce: proof-of-work nonce and
transaction nonce. Transaction nonce is a sequence number
of transactions sent from a given address. Each time you
send a transaction, the nonce value increases by one.
Moreover, Nonce prevents replay attacks on the Ethereum
blockchain.
■ Gas price
Gas Price represents the price of Gas in Gwei. For example,
1 Gas = 10 Gwei. It is determined by market supply and
demand. Gas Price is used to multiply Gas Limit to determine
the final price of Gas.
■ Gas limit
Gas Limit limits the amount of ETH the sender will pay for
the transaction. Usually, when one is talking about Gas in
Ethereum, they are referring to Gas Limit. When transferring
ETH, the sender needs to set a Gas Limit. If the Gas Limit is
insufficient to transfer, the transfer will be canceled, and the
Gas will be refunded to the sender. On the other hand, if the
sender sets an excess Gas Limit, the Gas left over will be
refunded to the sender.
■ Recipient
The recipient is the destination of the Ethereum address. It is
either an EOA or contract address represented by a 20-byte.
Here, let me explain what EOA and contract address are for
deep understanding.
EOA(Externally-Owned Account)
Contract Account
Value
The value field represents the amount of ether/wei from the
sender to the recipient. Value is used for both transfer money
and contract execution. It is possible to construct
transactions without filling the value field, though it is
supposed to be filled all the time.
Data
The data field is for contract-related activities such as the
deployment or execution of a contract. Data contains
messages that can be conceived of as function calls. As
Ethereum has an intelligent contract function, a transaction
must contain messages to call/execute functions. Messages
are produced by contract and execute CALL or
DELEGATECALL opcodes. If the Data field is empty, a
transaction is for a payment, not an execution of the
contract.
v,r,s
This field is a component of an ECDSA digital signature of
the originating EOA. Ethereum transactions use
ECDSA(Elliptic Curve Digital Signature Algorithm) as its
digital signature for verification. v indicates two things: the
chain ID and the recovery ID to help the ECDSA recover
function check the signature. r and s are inputs of ECDSA to
generate a signature.
Smart contracts, which are self-executing contracts with the terms of the
agreement directly written into code, have a wide range of potential use
cases across various industries. Here are some examples:
1. Financial Services:
Payment Systems: Facilitating instant and secure payments
without the need for intermediaries.
Remittances: Streamlining cross-border money transfers,
reducing costs and processing times.
2. Supply Chain Management:
Provenance Tracking: Tracking the origin and journey of
products from manufacturing to delivery, ensuring authenticity
and reducing counterfeiting.
Inventory Management: Automating inventory management
processes, including reordering and tracking.
3. Real Estate:
Property Transactions: Executing property transactions such as
purchases, sales, and rentals without the need for intermediaries
like real estate agents.
4. Healthcare:
Medical Records: Securing and managing patient medical records,
ensuring privacy and accessibility.
Clinical Trials: Automating the execution and monitoring of clinical
trials, ensuring data integrity and transparency.
The public key is used to generate the wallet address, which serves
as the destination for sending Ethereum and other tokens.
The private key is known only to the wallet owner and is used to
access and control the wallet's funds. It should be kept confidential
and securely stored, as anyone with access to the private key can
control the associated assets.
2. Wallet Address:
A wallet address is a hexadecimal string derived from the public key and
serves as the identifier for the Ethereum wallet.
3. Wallet Types:
Ethereum wallets come in various types, including software wallets
(desktop, mobile, or web-based), hardware wallets (physical
devices), and paper wallets (printed or written down).
4. Balance and Transaction History:
Module 5 5 marks
1. Differentiate between ERC 20 and ERC 721 Tokens.
2. Explain ERC721 tokens. Describe the steps to create ERC721 token.
1. Define the Token Contract: The first step is to define the smart
contract for the ERC721 token. This contract will specify the functions
and variables necessary for managing ownership, transfer, and other
functionalities of the token.
2. Inherit from ERC721 Interface: The token contract should inherit from
the ERC721 interface, which defines the standard functions and events
required for ERC721 compliance. This interface includes functions such
as balanceOf, ownerOf, transferFrom, approve, setApprovalForAll, and
events such as Transfer and Approval.
3. Implement Token Metadata: ERC721 tokens can include metadata to
provide additional information about each token, such as its name,
symbol, and properties. Implementing token metadata involves
defining variables to store this information and functions to retrieve it.
4. Define Minting and Burning Functions: Minting refers to the process of
creating new tokens, while burning involves destroying tokens. Define
functions in the contract to handle these operations securely, ensuring
that only authorized users can mint or burn tokens.
5. Implement Ownership and Transfer Functions: ERC721 tokens allow for
the transfer of ownership of individual tokens between users.
Implement functions to transfer ownership of tokens securely, verifying
that the sender has the authority to transfer the token.
6. Handle Approvals and Operator Permissions: ERC721 tokens support
approvals, allowing token owners to grant permission for other
addresses to transfer their tokens on their behalf. Implement functions
to manage approvals and operator permissions securely.
7. Test and Deploy the Contract: Once the token contract is defined and
implemented, it should be thoroughly tested to ensure its functionality
and security. After testing, deploy the contract to the Ethereum
blockchain, making the ERC721 tokens available for use.
8. Interact with the Token Contract: Users can interact with the ERC721
token contract through various means, such as wallets, decentralized
applications (DApps), or directly through Ethereum transactions.
Provide users with the necessary information and interfaces to interact
with the token contract effectively.
• The main characteristic that makes ERC 721 special is any token created
following this standard is unique. Once an ERC 721 token is created, there will
only ever be one of them in existence.
• It is not an east task to get a hold of an NFT. Why? Mainly because of the
prices or bidding amounts. Though one can follow the following steps to
create their own NFTs and make use of the various NFT marketplaces
available to sell them.
• Decide on the Concept
• Choose your NFT marketplace of choice
• Connect and build a community
• Create your NFT
• Mint the NFT!
STO stands for security token offering. It is a process similar to an ICO where
an investor exchanges money for coins or tokens representing their
investment. Security token offering (STO) is frequently called the next step in
token evolution.
What does STO mean?
The acronym STO stands for Security Token Offering, a term that is becoming
increasingly important in the financial world.
STO is the process by which investors issue crypto coins or tokens. These
securities or financial instruments have monetary value and are intended for
trading on STO crypto exchanges where the information is recorded on a
public blockchain.
This process is often seen as a hybrid approach between a cryptocurrency
initial coin offering (ICO) and a more traditional equity initial public offering
(IPO).
STOS are already used in several investment scenarios and are being
embraced with increasing enthusiasm by mainstream and institutional
investors.
Pros
- STOS are generally considered less risky than ICOS and IPOs as they are
protected by securities laws. It is also backed by real assets, making it easier
to determine if the token is priced appropriately.
-A smart contract that is part of the STO package also reduces the need for
lawyers and makes STO a more affordable option.
Cons
-The main drawback of STO is that an unaccredited investor cannot own STO.
In the US, to become an Accredited Investor, you must earn at least $200,000
annually or have at least $1 million in the bank. This makes the token
significantly less accessible than traditional blockchain products.
- STOS are more expensive than utility tokens due to regulatory requirements.
- They are subject to secondary market trading restrictions that don't apply to
similar coins.
- Also, security tokens have a time lock mechanism. Once the STO process
begins, STO tokens may only be traded among qualified investors for a limited
period of time.
Advantages of STO:
• STO token enable fractional ownership of the asset.
• Regulated offering ensure investor security.
• More secure than traditional ICO.
• Less speculative and lower chance of market manipulation.
• Project launched by STO are generally more trustworthy with higher chances
of successful completion.
• More cost effective than IPO.
• Increased liquidity as compared to ICO’s and IPO’s with 24/7 global access
trading.
Disadvantages:
• High cost of launching due to regulatory pre-requisites and approval.
• Reduced investors pool as only recognized investors can participate.
• Process time line longer as all transactions needs to adhere strict KYC and
AML(Anti Money Laundering)
• Liquidity constraints
• High administrative burden.
Module 6 5 marks
1 Explain blockchain in IoT with benefits and challenges
Issues in traditional usage of IOT-
• Single point of IOT intelligence and access is compromised.
• Data may be incomplete , misleading and inaccurate
• Data privacy may be compromised.
Blockchain in IOT
• The centralized components of IoT can be replaced by blockchain.
• A smart contract can be utilized whenever data needs to be moved from one
location to another.
• For instance smart phone app allows the user to communicate directly to
blockchain while installing an IoT device.
• Eliminate single point failure problem.
• Blockchain can address privacy and security concern.
• Blockchain keeps logs and traceability of sequential transactions for IoT
applications which needs.
Advantages:
Disadvantages:
Challenges: