Ethereum is a decentralized platform that runs smart contracts and distributed applications. It provides a programmable blockchain that anyone can use. Ethereum launched in 2015 and enables peer-to-peer transactions through digital tokens called Ether. Unlike Bitcoin, Ethereum supports smart contracts and distributed applications through an Ethereum Virtual Machine. Common tools for developing on Ethereum include Solidity for writing smart contracts, Geth and Parity for running nodes, and Metamask for interacting with dApps. Tokens on Ethereum can represent various assets and functions like currencies, shares, voting rights, and access to services.
4. 4
Ethereum is a decentralized platform that runs
smart contracts: applications that run exactly as
programmed without any possibility of downtime,
censorship, fraud or third party interference
20. 20
Applications built on the Ethereum platform
http://www.ampliativeart.org/en/welcome
https://ethlance.com/
http://www.4g-capital.com/
https://www.augur.net/
https://golem.network/
24. 24
▪ When the Geth client daemon is
started, it connects to other clients
and downloads a copy of the
blockchain
▪ It will constantly communicate
with other nodes to keep its
blockchain copy up to date
▪ Can mine blocks and add
transactions to the blockchain,
validate & execute the
transactions
▪ Acts as a server by exposing APIs
to be called through RPC
Geth is the official client software provided by the Ethereum
Foundation written in the Go programming language
Ethereum Network
25. 25
▪ Geth console is a
command line tool which
connects to the running
node and perform
various actions like
create and manage
accounts, query the
blockchain, sign and
submit transactions to
the blockchain and so on
▪ The Mist browser is a
desktop application used
to communicate with the
network node
Parity is an unofficial client written in the Rust programming
language and is maintained by a company called Parity Inc
Ethereum Network
26. 26
▪ Interaction with a Ethereum node can be performed via the Geth console, Mist browser,
and the javascript library called Web3.js
▪ Since it is a javascript library, you can use it to build web based dApps
The javascript library web3.js can be used to interact with a
node in the Ethereum network
27. 27
▪ Solidity is the most popular programming language used to write smart
contracts to run on the Ethereum blockchain
▪ It is a high level language which when compiled gets converted to EVM
(Ethereum Virtual Machine) byte code
▪ There is a also very nice browser based IDE, Rmix, where you can write
contracts, compile and deploy to the blockchain here: http://remix.ethereum.org/
Solidity is the most popular programming language
used to write Ethereum smart contracts
28. 28
Remix is a browser-based IDE to write contracts,
compile and deploy to the blockchain
http://remix.ethereum.org/
29. 29
▪ Just like you have frameworks for web
application development such as Ruby on
Rails, Python/Django etc,
▪ Truffle and Embark are the two most popular
frameworks used to develop dApps
▪ They abstract away lot of the complexities of
compiling and deploying your contract on the
blockchain
Truffle and Embark are the two most popular
frameworks used to develop dApps
30. 30
▪ Metamask is a chrome plugin
used to interact with the
Ethereum node
▪ It is unrealistic for everyone in
the world to run a node to
interact with the blockchain
▪ So, the folks at Metamask host a
number of nodes so you don’t
have to
▪ All you have to do is install
Metamask and it automatically
connects to their nodes
Metamask is a chrome plugin used to interact with
the Ethereum node
Ethereum Network
31. 31
▪ Just like you map an IP address to a human readable name, you can map any
Ethereum contract or wallet address to a human readable name
▪ E.g. 146.115.22.177 to google.com
▪ Instead of typing the IP address in the browser, one type google.com which resolves to that IP
address
▪ E.g. 0x80C013d980aB049471c88E1603b8b4a60E03295C is a wallet address
▪ With ENS, one does not have to memorize this address and can use alice.eth instead
Ethereum Naming System is the DNS for the Ethereum
world
32. 32
▪ The blockchain is good to store small amounts of data
▪ What if you want to store a patient record, a sale deed or some large file which
needs to be publicly timestamped?
▪ It is expensive and also not scalable to store a blob in the blockchain
▪ Swarm is used to solve this problem
▪ You can think of it as a CDN (Content Distribution Network) but instead of the
entire CDN hosted on one company’s servers, it is distributed on computers
across the Internet
▪ Just like you run an Ethereum node, you run a swarm node to connect to the
swarm network
Swarm is a decentralized content storage and
distribution service for Ethereum
33. 33
▪ When you deploy an Ethereum contract on to the blockchain, you get a
deployed address and JSON interface of the ABI (Application Binary Interface)
▪ ABI is the contract interface similar to API
▪ When you want someone to use your contract, you have to give them the
deployed address and the ABI
▪ In the future, the ABI will be stored on Swarm so anyone can look up the ABI
just by looking at the Ethereum address
When you want someone to use your contract, you
have to give them the deployed address and the ABI
34. 34
▪ IPFS is much further along in code maturity, scaling, adoption, community
engagement and interaction with a dedicated developer community
▪ Swarm's core storage component is an immutable content addressed
chunkstore rather than a generic DHT (distributed hash table)
▪ You can upload to swarm, use it as cloud hosting, in IPFS you can only
register/publish content already on your hard drive
▪ The two systems use different network communications layer and peer
management protocol
▪ Swarm has deep integration with the Ethereum blockchain and the incentive
system benefits from both smart contracts and the semi-stable peerpool
IPFS is a decentralized storage system; it is not related to
Ethereum directly but can be integrated with Ethereum
38. 38
Bitcoin
▪ Bitcoin is the first decentralised
cryptocurrency created in 2009 by an
unknown person named Satoshi
Nakamoto
▪ A cryptocurrency and worldwide
payment system
▪ Bitcoin enables peer-to-peer
transactions, purchase of
goods/services, long-term storage of
value
▪ Ethereum was released in 2015 by a
cryptocurrency research and
programmer named Vitalik Buterin
▪ A decentralised programmable
platform which supports DApps
(distributed applications) running smart
contracts and using digital tokens
▪ Ethereum enables peer-to-peer
transactions and can handle accounts,
transactions as well store, execute
newly coded programming logic
Ethereum
Ethereum is not just a digital currency
39. 39
Bitcoin
▪ Supply cap: 21 million
▪ Total existing coins: ~18 million BTC
▪ Market capitalisation: ~65 billion USD
▪ Smallest unit: 1 Satoshi = 0.00000001
BTC (10-8)
▪ Supply style: deflationary (a finite
number of bitcoin will be made)
▪ Price: US$3,628 as of 2019-1-13
▪ Supply cap: 18 million every year
▪ Total existing coins: ~104 million ETH
▪ Market capitalisation: ~13 billion USD
▪ Smallest unit: 1 Wei =
0.000000000000000001 ETH (10-18)
▪ Inflationary (much like fiat currency,
where more tokens can be made over
time)
▪ Price: US$125 as of 2019-1-13
Ethereum
Bitcoin is deflationary by design due to its limited supply
42. 42
Bitcoin
▪ Only one account that stores the funds
and the related codes
▪ Consensus algorithm: Proof-of-Work
(PoW)
▪ Mining reward: 12.5 BTC per block (as
of Feb 2019) and this reward halves
every 210,000 blocks
▪ Transaction fee: optional
▪ Transaction cost: based on size
▪ Two accounts, one holds the funds of
the user, the other stores the codes
▪ Consensus algorithm: Proof-of-Work
(PoW) but soon will switch to Proof-of-
stake (PoS) – with PoS, block
validators do not receive a block
reward, they instead collect network
fees, called gas, as their reward
▪ Mining reward: 5 Ether (ETH) per block
▪ Transaction cost: based on operations
and storage
Ethereum
Ethereum is going to switch from a proof-of-work to a proof-
of-stake framework to confirm transactions
43. 43
Nodes/Validators must pay a security
deposit in order to be part of the
consensus
▪ The possible future switch from PoW to
PoS may provide the following benefits
• Energy savings
• A safer network as attacks become more
expensive
• If a hacker would like to buy 51% of the total
number of coins, the market would have
reacted by fast price appreciation
▪ If one validator creates an “invalid” block,
his security deposit will be deleted
44. 44
Bitcoin
▪ Number of transactions in blockchain
per day: 332M
▪ Blocks in blockchain: 564K
▪ Average block size: 767 Kbytes
▪ Block size limit: 1MB or 8MB
▪ Number of transactions in blockchain
per day: 455
▪ Blocks in blockchain: 7.23M
▪ Average block size: 26 Kbytes
▪ Block size limit: limited by gas-limit,
which is the total overhead for all
operations within the block
Ethereum
Ethereum block sizes have been continually adjusted to
facilitate a healthy network through a voting process
46. 46
Bitcoin
▪ Average block time: 10 minutes
▪ Cryptographic algorithm: SHA-256, for
which special hardware can be used
▪ Average block: 10-20 seconds using
the GHOST protocol
▪ Cryptographic algorithm: Ethash (the
most commonly used hashing function
is KECCAK-256, also called SHA-3),
which is more complicated and
memory intensive, for which no
special-purpose chip provides any
advantage
▪ Runs Ethereum Virtual Machine (EVM)
and the programming language Solidity
Ethereum
Ethereum uses the Ethash cryptographic algorithm, over
which special-hardware will not provide any advantage
48. 48
▪ Coins (often called altcoins)
are digital money, created
using encryption techniques,
that store value over time
▪ They are tied to public-open
blockchain
▪ They may be sent, received,
or mined
▪ Coins are not meant to
perform any functions
beyond acting as money
Coins and tokens actually refer to two completely different
concepts
49. 49
▪ Tokens may perform the functions of
digital asset
▪ E.g. a company’s share
▪ Tokens have certain use case but
only inside certain project
▪ Creating a token is easier than
creating a coin - no need to create a
new code, only need to modify
already existing code ( you just use a
standard template from platforms like
Ethereum)
Tokens can be used for payment but the main difference is
that it gives the holder a right to participate in the network
https://next.autonomous.com/thoughts/the-grand-unified-token-taxonomy
50. 50
▪ Token is commonly used to refer to privately issued special-purpose coin-like
items of insignificant intrinsic value
▪ E.g., transportation tokens, laundry tokens, and arcade game tokens
▪ Often restricted to specific businesses, organizations, or locations, physical tokens are
not easily exchangeable and typically have only one function
▪ Nowadays, tokens administered on blockchains are redefining the word to mean
blockchain-based abstractions that can be owned and that represent assets,
currency, or access rights
▪ Many blockchain tokens serve multiple purposes globally and tradeable for each
other or for other currencies on global liquid markets
Tokens are blockchain-based abstractions that can be
owned and that represent assets, currency, or access rights
51. 51
▪ The most obvious use of tokens is as digital private currencies but tokens can
be programmed to serve many different functions, often overlapping
▪ E.g., a token can simultaneously convey a voting right, an access right, and ownership
of a resource
▪ Possible applications include
▪ Currency
▪ A token can serve as a form of currency, with a value determined through private trade
▪ Resource
▪ A token can represent a resource earned or produced in a sharing economy or resource-sharing
environment; for example, a storage or CPU token representing resources that can be shared
over a network
How tokens are used
52. 52
▪ Asset
▪ A token can represent ownership of an intrinsic or extrinsic, tangible or intangible asset
▪ e.g., gold, real estate, a car, oil, energy, MMOG items, etc.
▪ Access
▪ A token can represent access rights and grant access to a digital or physical property
▪ e.g., a discussion forum, an exclusive website, a hotel room, or a rental car.
▪ Equity
▪ A token can represent shareholder equity in a digital organization (e.g., a DAO) or legal entity
(e.g., a corporation)
▪ Voting
▪ A token can represent voting rights in a digital or legal system
How tokens are used
53. 53
▪ Collectible
▪ A token can represent a digital collectible (e.g., CryptoPunks) or physical collectible (e.g., a
painting)
▪ Identity
▪ A token can represent a digital identity (e.g., avatar) or legal identity (e.g., national ID)
▪ Attestation
▪ A token can represent a certification or attestation of fact by some authority or by a decentralized
reputation system
▪ e.g., marriage record, birth certificate, college degree
▪ Utility
▪ A token can be used to access or pay for a service
How tokens are used
54. 54
Considerations for using tokens as assets: fungibility,
counterparty risk, and intrinsicality
Fungibility Counterparty Risk Intrinsicality
No unique information can be
written into fungible tokens.
Non-fungible tokens are unique
and hold information instead of
value.
Counterparty risk is the risk that
the other party in a transaction
will fail to meet their obligations.
Intrinsic tokens are intrinsic to
the blockchain and are
governed by consensus rules.
Intrinsic tokens do not carry
additional counterparty risk.
55. 55
▪ In economics, fungibility is the property of
a good or a commodity whose individual
units are essentially interchangeable
▪ Tokens are fungible when we can
substitute any single unit of the token for
another without any difference in its value
or function
▪ Strictly speaking, if a token’s historical
provenance can be tracked, then it is not
entirely fungible
▪ The ability to track provenance can lead to
blacklisting and whitelisting, reducing or
eliminating fungibility
▪ Each non-fungible token is associated
with a unique identifier, such as a serial
number
56. 56
▪ Counterparty risk is the risk that the other party in a
transaction will fail to meet their obligations
▪ Additional counterparty risk if there are more than
two parties involved
▪ E.g., A transaction for certificate of deposit for a precious
metal will involve at least three parties: the seller, the
buyer, and the custodian of the precious metal, who by
necessity, becomes party to the fulfillment
If a token represents an asset, it is key to understand who
holds the asset & what rules apply to that underlying asset
▪ When an asset is traded indirectly through the exchange of a token of
ownership, there is additional counterparty risk from the custodian of the asset
▪ Do they have the asset? Will they recognize (or allow) the transfer of ownership based
on the transfer of a token (such as a certificate, deed, title, or digital token)?
57. 57
▪ Intrinsic tokens represent digital assets that
are intrinsic to the blockchain and are
governed by consensus rules, just like the
tokens themselves
▪ Tokens that represent intrinsic assets do not
carry additional counterparty risk
▪ If you hold the keys for a CryptoKitty, there is
no other party holding that CryptoKitty for you
▪ The blockchain consensus rules apply and
your ownership (i.e., control) of the private
keys is equivalent to ownership of the asset,
without any intermediary
Intrinsicality of tokens determines if the ownership of the
associated assets carry any counterparty risk
58. 58
▪ Conversely, many tokens are used to represent extrinsic things
▪ E.g., real estate, corporate voting shares, trademarks, and gold bars
▪ The ownership of non-intrinsic assets is governed by law, custom, and policy,
separate from the consensus rules that govern the token
▪ Token issuers and owners may still depend on real-world non-smart contracts
▪ Extrinsic assets carry additional counterparty risk because they are held by
custodians, recorded in external registries, or controlled by laws & policies
outside the blockchain environment
▪ A good example is moving from equity in a corporation (extrinsic) to an equity or
voting token in a DAO or similar (intrinsic) organization
Blockchain-based tokens have the ability to convert extrinsic
into intrinsic assets & thereby remove counterparty risk
59. 59
▪ Sending ether is an intrinsic action of the Ethereum platform, but sending or
even owning tokens is not
▪ The ether balance of Ethereum accounts is handled at the protocol level,
whereas the token balance of Ethereum accounts is handled at the smart
contract level
▪ To create a new token on Ethereum, you must create a new smart contract
▪ Once deployed, the smart contract handles everything, including ownership, transfers,
and access rights
▪ You can write your smart contract to perform all the necessary actions any way
you want, but it is probably wisest to follow an existing standard
Tokens are different from ether in that the Ethereum
protocol does not know anything about them
60. 60
▪ The answer to that is pretty simple, even in real
life, there are tons of places where we use a
form of token over cash
▪ E.g., Ocean Park is like a DApp, your money is
Ether and the wrist band is the token
▪ By using tokens to execute certain functions in
the smart contract of the DApps you make the
process much more simple and seamless
▪ If the demand of an DApp is sufficiently high,
and with the supply remaining constant, the
value of the token is going to be high
Why don’t we use Ether to pay for every transaction on the
Ethereum network saving the introduction of any token?
62. 62
▪ CryptoKitties is a blockchain-based game in which one can breed, collect and
hold kittens that are made and generated over Ethereum blockchain
▪ These cryptokitties are just like humans that are unique and cannot be
replicated, taken away or destroyed by anyone
▪ Cryptokitties are a new form of collectibles which one can trade, buy, sell, collect
like traditional collectibles
▪ The unique thing is that one can even breed this form of crypto-collectibles and
the result will be a totally unique new offspring!
▪ The ownership will be tracked and everything will be recorded securely on a
transparent blockchain of Ethereum
What is CryptoKitties
64. 64
▪ A computer or laptop running the desktop
version of Chrome or Firefox
▪ MetaMask is Ethereum’s digital wallet used
specifically with web apps
▪ Ether, a form of digital payment that powers
CryptoKitties
What do you need to play CryptoKitties
65. 65
▪ Ether can be bought from various resources
using credit cards
▪ CEX.io
▪ Coinmama
▪ Coinbase
▪ Changelly
▪ Bitit
▪ BitPanda
▪ Once you have your Ether tokens, transfer
some ETH to the MetaMask wallet
Start playing CryptoKitties
66. 66
▪ It is not a free game so you are required to
pay ETH to actually play the
▪ You can start playing CryptoKitties by
buying or selling existing kitties or else
breeding with another to form a new and
unique cryptokitty for yourself
▪ In the MetaMask marketplace, you will see a
sale of kitties going on
▪ You can fund you MetaMask wallet and
actually purchase a kitty
Buying and Selling Cryptokitties
67. 67
▪ In the siring section, start by choosing one
of your cryptokitties to be the sire (i.e. the
dad)
▪ Then you can choose another cryptokitty to
be the mother
▪ A new kitty will appear in “My Kitties” soon
▪ You can keep this new offspring or sell it in
the marketplace at your designated price
▪ You will need to pay a fee of 0.3028 ETH
for the breeding process
Breeding Cryptokitties
68. 68
▪ CryptoKitties are NOT cryptocurrencies but for a real-world scenario CryptoKitties are
crypto-collectibles
▪ Cryptocurrencies are like USD or EUR whereas cryptokitties or crypto-collectibles are
like unique stamps or a unique artwork that only you own
▪ You can sell a cryptokitty in the marketplace at your desired price & earn a profit
▪ The marketplace is driven by demand and supply & asking prices
▪ It is highly profitable if your kitties are unique and appealing enough to the buyer
▪ Some cryptokitty was sold in the marketplace at a high price at the time of Genesis and
also cryptokitties worth $4 million have been already sold
Can one earn money playing CryptoKitties
69. 69
CryptoKitties was created by Axiom
Zen and spun out into a new company
called Dapper Labs in February 2018,
raising $12.85M from leading
investors including Andreessen
Horowitz, Union Square Ventures, and
the founders of Dreamworks, Reddit,
Coinbase, Zynga, and AngelList, among
others
https://drive.google.com/file/d/1soo-
eAaJHzhw_XhFGMJp3VNcQoM43byS/view
75. 75
The four phases of Ethereum planned development
https://www.draglet.com/ethereum-constantinople/
Frontier Homestead Metropolis SerenityOlympic
76. 76
▪ Frontier – The early groundbreaking and testing of a platform that could support smart
contracts and decentralized applications
▪ Homestead – The formalization of how the Ethereum Virtual Machine works and
strengthening the ecosystem for smart contract development and the Solidity language
▪ Metropolis – Solving the issues that come at scale; making Ethereum more amenable to
large-scale or performance applications and many users
▪ Byzantium – Laying the foundation
▪ Constantinople – Improving performance and setting timeline for Serenity
▪ Serenity – Make Ethereum self-sustaining and highly-scalable with a move to proof of
stake and sharded state channels that allow for concurrent processing of smart contracts
while still maintaining the security of the blockchain
Right from the early days, the core developers created an
outline of a four-staged development plan for Ethereum
77. 77
Ethereum has gone through a number of planned and
unplanned hard forks
Fork Planned? Information Date Forking
Block
Frontier Yes https://blog.ethereum.org/2015/07/27/final-steps/ 07/31/2015 1:26:28 AM 1
Frontier Thawing Yes https://blog.ethereum.org/2015/08/04/ethereum-protocol-update-1/ 09/08/2015 7:33:09 AM 200,000
Homestead Yes https://blog.ethereum.org/2016/02/29/homestead-release/ 03/15/2016 3:49:53 AM 1,150,000
DAO Fork No https://blog.ethereum.org/2016/07/20/hard-fork-completed/ 07/20/2016 11:20:40 PM 1,920,000
Tangerine Whistle No https://blog.ethereum.org/2016/10/18/faq-upcoming-ethereum-hard-fork/ 10/18/2016 11:19:31 PM 2,463,000
Spurious Dragon No https://blog.ethereum.org/2016/11/18/hard-fork-no-4-spurious-dragon/ 11/23/2016 1:15:44 AM 2,675,000
Byzantium Yes https://blog.ethereum.org/2017/10/12/byzantium-hf-announcement 10/16/2017 3:22:11 PM 4,370,000
Constantinople
(and St.
Petersburg)
Yes https://blog.ethereum.org/2019/02/22/ethereum-constantinople-st-
petersburg-upgrade-announcement/
02/28/2019 7,280,000
◦ Fork - A change in protocol causing the creation of an alternative chain, or a temporal divergence in two potential block
paths during mining.
◦ Hard fork - A permanent divergence in the blockchain; also known as a hard-forking change. One commonly occurs when
nonupgraded nodes cannot validate blocks created by upgraded nodes that follow newer consensus rules.
78. 78
The Frontier and Homestead hard forks established a
fundamental and stable application platform
Fork Purpose
Frontier A transparent and open release for developers to experiment and develop decentralized applications. The first
software release of Frontier had a hardcoded Gas limit per block of 5,000 Gas. Unlike the normal Gas per block
parameter, this special limit would not grow proportionally to the network usage - effectively preventing transacting
during the first few days. This period would enable miners to start their operations and early adopters to install their
clients without having to ‘rush’. Instability of the platform including forks, potential abnormal display of information
on http://stats.ethdev.com page, and various Peer to Peer connectivity issues was expected in the first few days.
Frontier Thawing /
Ice Age
Updated Gas limit from 5k to 3M gas per block making it possible for blocks to be successfully mined. The Gas
required to process a block with one transaction is 21k Gas. Also introduced an exponential difficulty increase (aka
Difficulty Bomb), motivating a transition to Proof of Stake.
Homestead To stabilize the platform with protocol and networking changes. Included EIP2, EIP7, and EIP8.
79. 79
Three unplanned hard forks were initiated in response to
The DAO attacks in 2016
Fork Purpose
DAO Fork Block 1,920,000 contained the execution of an irregular state change which transferred ~12 million ETH from the
“Dark DAO” and “Whitehat DAO” contracts into the WithdrawDAO recovery contract. The recovery contract
returned The DAO token holders’ ETH under the control of a curator contract. The forking caused Ethereum and
Ethereum Classic to split into two competing systems.
Tangerine Whistle Starting from 18th September, 2016, the Ethereum network was under attack by a person or group resulting in large
delays before transactions were processed. The network was then filled with pending transactions which was
causing users delays in processing their transactions. It was essentially a denial of service (DoS) attack on the
Ethereum blockchain. Every operation that an Ethereum contract performs on the network was given a price or gas
fee. Using the ADD operation is less computationally expensive than performing a complex operation such as
hashing a number using SHA256. The attacker performed a DoS attack by repeatedly calling certain operation
codes (opcodes) in their smart contracts that were computationally difficult for clients to process, but very cheap to
add to the network. In order to prevent the attacker(s) from continuing to flood the network with low-priced
contracts with high computational cost, the gas calculation for certain I/O-heavy operations was raised. Included
EIP150 and EIP158.
Spurious Dragon It is the second hard fork of the two-round hard fork response to the DoS attacks on the Ethereum network in
September and October, 2016. The hard fork addressed important but less pressing matters such as further tuning
opcode pricing to prevent future attacks on the network, enabling “debloat” of the blockchain state, and adding
replay attack protection. Included EIP155, EIP160, EIP161, and EIP170.
80. 80
Byzantium and Constantinople hard forks are planned
infrastructure upgrades
Fork Purpose
Byzantium Improved Ethereum’s performance, efficiency, privacy, scalability, and security. Some of the changes were
directed at improving smart contracts by creating a way for developers to program planned contract upgrades. The
most exciting EIP integrated Ethereum with ZK-Snarks, a cryptographic innovation developed in collaboration with
anonymity-centric cryptocurrency Zcash. This technology allows Ethereum users to make transactions that cannot
be traced. Block reward was reduced from 5 ETH to 3 ETH being part of the plan to do away with block rewards
altogether and move towards a Proof of Stake algorithm. Included EIP100, EIP140, EIP196, EIP197, EIP198,
EIP211, EIP214, EIP649, and EIP658.
Constantinople
(and St.
Petersburg)
An infrastructure and protocol improvement for the Ethereum blockchain making the Ethereum faster and less
costly to operate. Miners' reward will be reduced from 3 ETH to 2 ETH and as a result delaying the difficulty bomb
for a period of 12 months. This difficulty bomb would make it impossible to mine after a certain point and would
freeze the entire network, hence its also known as Ethereum's ice age. The developers would keep on improving
and the miners has to adopt the update, else would not be able to profit from mining. Constantinople includes
EIP145, EIP1014, EIP1052, and EIP1234. St. Petersburg includes the removal of EIP1283.
The Ethereum Ice Age is a difficulty adjustment tactic which was implemented to make sure that everyone is motivated to transition to the new
blockchain after the hard-fork takes place. It is set to raise difficulty exponentially. It will be difficult for miners to carry on with the intensification of
difficulty which would increase block time and it would lead to the freezing of the blockchain, hence this period being dubbed the Ice Age.
81. 81
Serenity is the last phase and has
one key principle – to switch the
Ethereum network from Proof of
Work (Pow) to Proof of Stake (PoS)
– essentially reducing the power
consumption of the Ethereum
network
The Serenity phase will follow and bring the breakthrough to
the mainstream
▪ PoW means miners are in competition for the block rewards while they are proving their
computers are calculating compute cycles
▪ PoS means the miners use invested ether to simulate the actual mining process to
compete for the block reward
85. 85
▪ “The DAO” is the name of a particular Decentralised
Autonomous Organisation (DAO), conceived of and
programmed by the team behind German startup Slock.it
that builds “smart locks” to let people share things (cars,
boats, apartments) in a decentralized version of Airbnb
▪ “The DAO” was launched on 30th April, 2016, with a 28-
day funding window
▪ “The DAO” was the largest crowdfunding in history
▪ Offered and sold approximately 1.15B DAO Tokens in exchange
for a total of approximately 12M ETH, valued at approximately
US$150M from 11,000+ members
▪ It can be said that the marketing was better than the
execution, for during the crowdsale, several people
expressed concerns that the code was vulnerable to attack
“The DAO” was the largest crowdfunding in history,
having raised $150M+ from 11,000+ members
86. 86
The DAO initial offering, project selection, and token
monetisation processes
The DAO
Curators
Redemption
Process
Investors
Secondary Markets
Funded Projects
Contractor
Whitelisted Project
ETH
DAO
TokensDAO
Tokens
currency
initial offering
DAO entity split
DAO
Tokenscurrency
The DAO
project proposal
Contractor
funding in ETH
profits
approval
votes
acceptance
Stephen TualChristoph Jentzsch Simon Jentzsch
Founders
87. 87
▪ Once the crowdsale was over, there was much
discussion of first addressing the vulnerabilities
before starting to fund proposals
▪ In particular, Stephan Tual, one of creators of
“The DAO”, announced on June 12 that a
“recursive call bug” had been found but that “no
DAO funds [were] at risk”
▪ At the time, more than 50 project proposals
were waiting for token holders of “The DAO” to
vote on them
“The DAO” was aware of the re-entrancy vulnerability but
misjudged the potential impact
88. 88
▪ An unknown attacker began exploiting the re-
entrancy vulnerability to start draining “The DAO”
of ether collected from the sale of its tokens
▪ By Saturday, 18th June, the attacker managed to
drain more than 3.6M ether (worth ~US$70M at
the time) into a “child DAO” that has the same
structure as “The DAO”
▪ The price of ether dropped from over US$20 to
under US$13
By exploiting the re-entrancy vulnerability, an attacker
managed to drain 3.6M+ ether from “The DAO” contract
89. 89
▪ “The DAO” contained roughly 15% of all ether,
so a failure of “The DAO” would have a
negative impact on the Ethereum network and
its cryptocurrency
▪ Dozens of startups were working on DAO or
governance products, many smart contracts
had similar vulnerabilities and building complex
software using smart contracts was still in its
infancy
▪ All eyes were on “The DAO” and the Ethereum
Foundation, hoping for a resolution that would
allow the ecosystem to continue to develop as it
had been before
All eyes were on “The DAO” and the Ethereum
Foundation to resolve the issue & resume business
90. 90
▪ In order to prevent the hacker from cashing in the ether from the “child DAO”
after the standard 28 days, a soft fork was voted on and it was really close to
being introduced
▪ A few hours before it was supposed to be released a few members of the
community found a bug with the implementation that opened a denial-of-service
attack vector
▪ This soft fork was designed to blacklist all the transactions made from “The
DAO” and the fact that such a soft fork was not possible to implement meant
that the Ethereum blockchain was immune to transaction censorship
A soft fork proposal was a good news for everyone but it
turned out to be unfeasible
91. 91
▪ The Ethereum Foundation had a lot at stake there
▪ They wanted the network to be rock solid, to
support billions of dollars worth of commerce, and
to be “the operating system of the future”
▪ If they did nothing, the Ethereum network would
suffer a setback that could take years to recover
from; if they intervened, they would set a
dangerous precedent that eroded the social
contract they set up with their network of
independent nodes
The Ethereum Foundation did not design the network
to be the judge & jury when some parties got injured
92. 92
▪ The attacker withdrew ether from “The DAO” contract
multiple times using the same DAO Tokens
▪ This was possible due to what is known as a recursive call
exploit
▪ In this exploit, the attacker was able to "ask" the contract
(DAO) to give the ether back multiple times before the
contract could update its own balance
▪ There were two main issues that made this possible: the
fact that when “The DAO” contract was created the
coders did not take into account the possibility of a
recursive call and the fact that the smart contract first
sent the ETH funds and then updated the internal token
balance
The attacker withdrew ether from “The DAO” multiple
times before it could update its own balance
93. 93
The following is a simplified representation of “The DAO”
smart contract
contract DAO {
// This declares a state variable that stores the token balance for each possible address
mapping (address => uint) private balances;
// To withdraw the amount given in the parameter from the contract
function withdraw(uint x) {
// The balance of the sender must be more than the amount to withdraw
if (balances[msg.sender] >= x) {
// Invoke the caller’s function using amount to withdraw as a parameter
// The () represents the fallback function
msg.sender.call.value(x)();
// Reduce the token balance of the sender by the amount withdrew
balances[msg.sender] -= x;
}
}
}
94. 94
A transaction will involve a wallet smart contract interacting
with “The DAO” smart contract
contract DAO {
mapping (address => uint) private balances;
function withdraw(uint x) {
if (balances[msg.sender] >= x) {
msg.sender.call.value(x)();
balances[msg.sender] -= x;
}
}
}
“The DAO” contract
function doWithdraw() {
A.withdraw(100);
}
function() {
EventMoneyReceived(msg.value);
}
Wallet contract
balance: 300
balances[A]: 100
balance: 0balance: 100
balance: 200
balances[A]: 100
balance: 200
balances[A]: 0
95. 95
A transaction will involve a wallet smart contract interacting
with “The DAO” smart contract
contract DAO {
mapping (address => uint) private balances;
function withdraw(uint x) {
if (balances[msg.sender] >= x) {
msg.sender.call.value(x)();
balances[msg.sender] -= x;
}
}
}
“The DAO” contract
function startAttack() {
A.withdraw(100);
}
function() {
A.withdraw(100);
}
Attacker contract
balance: 300
balances[A]: 100
balance: 0balance: 100
balance: 200
balances[A]: 100
balance: 100
balances[A]: 100
balance: 0
balances[A]: 100
balance: 200balance: 300
96. 96
▪ A more conclusive hard fork solution was then put up
for vote
▪ This hard fork had the sole function of returning all
the ether taken from “The DAO” to a refund smart
contract with a new contract having only one
function: withdraw
▪ “The DAO” token holders can request to be sent 1
ETH for every 100 DAO
▪ This proposal created a lot of controversy among the
Ethereum community, which was split into 2 groups:
supporters and non-supporters
The hard fork proposal was controversial among the
Ethereum community causing the birth of Ethereum Classic
99. 99
▪ On Wednesday July 19, 2017, a bug found
in the multi-signature wallet (“multi-sig”)
code used as part of the Parity Wallet 1.5
software was exploited resulting in 3 (out of
596 vulnerable) multi-sig wallets being
compromised losing 153,037 ETH worth
US$30+M
▪ US$78M worth of tokens and 377,105+
ETH (around US$72M) that were potentially
vulnerable to the issue were recovered by
the white hat hackers, and returned to their
rightful owners
The first Parity Wallet attack in July, 2019 resulted in a loss
of US$30M
100. 100
▪ The bug was in a pair of extremely sensitive functions
designed to allow the set-up of "multi-sig" wallets in the
Parity Wallet software
▪ The functions should have been protected in order that
they be usable only in one specific circumstance, as the
contract was being created
▪ However, they were entirely unguarded, which allowed
the attacker to reset the ownership and usage
parameters of existing wallets arbitrarily
▪ Though the code was open and public, and thus the bug
could have been discovered, reported and fixed before
any damage done, there was no incentive to ensure
good-natured eyes from the community inspected it!
The bug was in a pair of functions designed to allow the set-
up of "multi-sig" wallets in the Parity Wallet software
101. 101
▪ The attacker sent two transactions to each of the affected contracts: the first to
obtain exclusive ownership of the MultiSig, and the second to move all of its
funds
The attacker obtained exclusive ownership of the MultiSig
wallets through changing the constructor function
// Constructor – just pass on the owner array to the multiowned and the limit to daylimit
function initWallet(address[] _owners, uint _required, uint _daylimit) {
initDaylimit(_daylimit);
initMultiowned(_owners, _required);
}
▪ This function was probably created as a way to extract the wallet’s constructor
logic into a separate library
▪ The wallet contract forwards all unmatched function calls to the library using
delegatecall, in line 424 of the wallet
102. 102
The attacker changed all public functions from the library
including initWallet to be callable by anyone
Function() payable {
// just being sent some cash?
if (msg.value > 0)
Deposit(msg.sender, msg.value);
else
_walletLibrary.delegatecall(msg.data);
}
▪ Unfortunately, initWallet has no checks to prevent an attacker from calling it
after the contract was initialized
▪ The attacker exploited this and simply changes the contract’s m_owners state
variable to a list containing their address and requiring just one confirmation to
execute any transaction
103. 103
▪ This execution was automatically authorized, since the attacker was
then the only owner of the MultiSig, effectively draining the contract of
all its funds
After that, it was just a matter of invoking execute to send
all funds to an account controlled by the attacker
https://medium.com/@JusDev1988/recreating-the-multisig-exploit-code-along-3abfbe77bd35
104. 104
▪ On Monday November 6, 2017, a vulnerability (uninitialized owner) in the
“library” smart contract code, deployed as a shared component of all Parity
MultiSig wallets deployed after July 20, 2017, was found by an anonymous user
▪ The user decided to exploit this vulnerability and made himself the owner of the
“library” contract and subsequently killed the “library” contract
▪ Since Parity MultiSig wallets depend on this contract, this action blocked funds
in 587 wallets locking up a total amount of 513,774.16 Ether and additional
tokens (worth US$150+M)
▪ Subsequent to destroying the “library” contract, GitHub user “devops199” posted
issue #6995 that prompted the investigation into the matter
The second Parity Wallet attack on November 6, 2017
locked up US$150+M
105. 105
▪ The “library” code was written to protect itself from being killed by someone
other than an owner, and also to protect itself from having its ownership being
taken over
▪ However, and this is a big however, the “bug” that was exploited was that it
allowed an owner to get set the first time calling it
▪ The only way that the attacker could have taken ownership is if the Parity wallet
contract was deployed without an initial owner
▪ So, is that a bug in the code, or a bug in the deployment process?
▪ The library code was put out there and left defenseless due to failing to do the
next step to initialize the owner
The “library” code was put out there and left defenseless
due to failing to initialize the owner
https://medium.com/@DaveChappell_83345/detailed-analysis-of-the-300m-ethereum-wallet-breach-83d41fe36dd0