Web3-Resources

Basic Concepts

Decentralization & Web3

Networks, tools & processes not controlled by a central entity

Readings:

• Why Decentralization Matters - Chris Dixon
• The Meaning of Decentralization - Vitalik Buterin
• Introduction to Web3 - Ethereum
• Why is Web3 important - Ethereum
• What Is Web 3.0 & Why It Matters
• Why We Need Web 3.0 - Ethereum co-founder Gavin Wood
• Web3 Landscape
• Web3 Lingo
• A Primer to Web3

Blockchain

• A database formed by a sequence of entries (blocks)
• Blockchains are special computers that anyone can access but no one owns
• A decentralized system of peer to peer (P2P) network
• Immutable, shared & distributed ledger
• Key Features
  • Immutable
  • Traceable
  • Secured

Readings:

• A Blockchain Glossary for Beginners
• Blockchain Glossary by Blockchain Hub
• Blockchain 101 - A Visual Demo
• Blockchain 101 - Public/Private Keys & Signing - A Visual Demo

Permissionless & Trustless

• Permissionless means the ability to participate in a network without the need for application or approval.
• Trustless means "trust" is established in a decentralized way, for example via decentralized identity and verifiable credentials.

Digital Assets, Tokens & Coins

• An asset normally refers to a physical resource with economic or financial value which is expected to provide benefits to the owner(s) in the future. Assets can be either owned or controlled to produce value and can be either tangible or intangible.
• A coin is the official digital currency used by a cryptocurrency platform (i.e. Ether/Eth in Ethereum, XRP in Ripple)
• A token is a scarce digital asset that exists on top of an existing coin or blockchain

Smart Contract

A smart contract is a tamper-proof program that runs on a blockchain network when certain predefined conditions are met

Protocol

• A protocol is digital infrastructure with a set of rules for how people interact with it. Those rules determine how the system works.
• A blockchain protocol is the rules that govern the blockchain network
• Protocols aren't exclusive to cryptocurrency. They’re fundamental to how the internet works, governing the transmission of data from one computer to another. Email, for instance, is based on several sets of protocols. The HTTP stands for “hypertext transfer protocol.”

Fungibility

• The ability of a good or asset to be interchanged with other individual goods or assets of the same type
• It implies equal value between the assets
• Simplifies the exchange and trade processes
• To put it into perspective, the fungibility of money refers to the fact that all money is the same. It doesn't matter whether you have one $100 bill or one hundred $1 bills. You can use both of them to purchase the same product

Non-Fungible Token (NFT)

• A unit of ownership on the internet Ref
• NFTs are unique cryptographic tokens that exist on a blockchain and cannot be replicated
• NFTs can be used to represent real-world items like artwork, real-estate, tangible items like collectibles
• "Tokenizing" these real-world tangible assets allows them to be bought, sold, and traded more efficiently while reducing the probability of fraud
• Possession does not equal ownership. NFT decouples these two concepts.
• NFTs are just digital abstractions used to represent assets that are one of a kind
• NFTs can make fractionalized ownership more accessible. With NFTs, you can also prove that the item is real and tamper proof. This is an issue in the physical collectibles space.
• Some have speculated that NFT can be viewed as a tradable API key with limited supply that gives you access to multiple services run by different companies Alex Atallah, Co-Founder & CTO of OpenSea on Twitter

Readings:

• A beginner's guide to NFTs by Linda Xie
• NFT Canon by a16z/Future
• Investopedia
• The Verge
• Techradar
• Mashable
• Coindesk
• First Twitter post sold by Twitter CEO Jack to @sinaEstavi for $2,915,835.47
• NBA Topshot
• The Non-Fungible Token Bible: Everything you need to know about NFTs
• On NFT Twitter by 6529
• NFT Use Cases

Decentralized Autonomous Organization (DAO)

• Decentralized means Online, global, uncensorable. Autonomous means Self-governing. And Organization means Coordination & collaboration around shared objectives
• A DAO is an internet/online community with a shared interest and a shared crypto wallet/bank account
• Cryptoeconomics and monetization strategies in DAOs is a key differentiating factor that make them different from traditional professional working groups and special interest communities

Readings:

• DAO Canon by a16z
• A beginner’s guide to DAOs by Linda Xie
• Key learnings from DAOs
• DAO definitions & differences between DAOs and traditional organizations
• The New Creator Economy - DAOs, Community Ownership, and Cryptoeconomics
• What is a DAO? by Aragon
• DAOs, DACs, DAs and More: An Incomplete Terminology Guide by Vitalik Buterin
• Decentralized Autonomous Organizations: Beyond the Hype - Whitepaper - World Economic Forum

Decentralized Finance (DeFi)

Financial instruments without relying on intermediaries such as brokerages, exchanges, or banks by using smart contracts on a blockchain

Readings:

• DeFi: The Ultimate Beginner's Guide to Decentralized Finance
• What is DEFI? Decentralized Finance Explained.- Finematics
• Top 10 DeFi concepts everyone needs to know
• Standardized Tokens, Synthetic stablecoins and Automated markets, lending & investment strategies

Regenerative Finance (ReFi)

• The abbreviation of ReFi is a signal to it’s origins in DeFi (decentralized finance)
• Regenerative Finance uses money as a tool to solve climate change, environmental conservation and biodiversity
• The primary type of ReFi instrument that in use today are carbon offset credits.
• ReFi projects aim to address the existing fraud or double-counting of carbon credits in unregulated carbon credit markets
• On-chain carbon credits are traceable and immutable, meaning that no two people are able to claim the same credit twice
• Thus, the ReFi movement uses programmable carbon to integrate climate finance into the fabric of economic transactions

Readings:

• Regenerative Finance (ReFi) - CoinMarketCap What is ReFi? Part I — A tour through the climate crypto rabbit hole
• Regenerative Finance: Innovation for a sustainable future
• Carbon Offsets: Last Week Tonight with John Oliver
• What is ReFi — The intersection of crypto and climate

Basic Web3 Concepts Reading Lists

• Web3 Starter Pack - Crypto Society
• Nader’s web3 Resources for Developers
• Gaby's Web3 Reading List
• Justin’s Reading List
• Web3athon/Project Cradl Reading List
• Web3 Resources - Adimverse Community

Wait. Web5?

Components:

1. Decentralized Identifiers
2. Verifiable Credentials
3. Decentralized Web Nodes

Readings:

• What is Web5 - TBD
• Web5 Project - TBD
• Web5 Public Intro - TBD Developers
• Web5 Explained: What It Is and How It Is Different From Web3
• Web5 & Identity Layer - Angie Jones

Critiques

• My first impressions of web3 - Moxie, Founder of SignalApp
• Awesome critique of crypto/web3
• Web3 is Going Just Great

Zero Knowledge Proof (ZKP)

• Zero Knowledge Canon, part 1 & 2
• Abstract examples to comprehend ZKP
• Understanding Zero-Knowledge Proof Technology
• Types & Examples of ZK Projects
• Awesome zero knowledge proofs (zkp)
• Video/Talk - Introduction to Zero Knowledge Proofs' - EthGlobal 2021
• Slides - Introduction to Zero Knowledge Proofs - EthGlobal 21

The Web3 Stack

Web3 Stack by Layers

The OSI and TCP/IP models are logical and conceptual model that defines network communication used by systems. The TCP/IP Protocol Stack is made up of 4 primary layers:

1. Application
2. Transport
3. Internet/Network
4. Link/Network Interface/Physical

And the OSI divided the architecture into these 7 different layers:

1. Application
2. Presentation
3. Session
4. Transport
5. Network
6. Data Link
7. Physical layers

Differences between OSI Reference Model & TCP/IP Coneptual Layes

For blockchain-based systems, the web3 stack can be divided into 5 layers based on the functionalities defined by the aforementioned models:

1. Application
2. Presentation (+Session) Layer
3. Transport/Blockchain Interaction Layer
4. Network/Protocol Layer
5. Infrastructure

Application Layer

Acesss

• Wallet: Metamask, Walletconnect, Coinbase Wallet, Rainbow, Phantom
• Browser: Brave
• Aggregators: Dappradar, Zapper

Use Case

• DeFi: UniSwap, Aave
• NFT: OpenSea, Raribale,
• Content/Social: Lens, Mirror
• Gaming: Decentraland, Axie Infinity

Presentation+Session Layer

• Client: Web3JS, EthersJS
• Development Environment: Hardhat, Truffle, Foundry, Brownie
• File Storage: IPFS, Arweave, Filecoin, Filebase

Transport/Blockchain Interaction Layer

• Data Access: The Graph, Chainlink, Ceramic, Alchemy
• Block Explorer: Etherscan, Snowtrace, Polygonscan

Network/Protocol Layer

• L1: Ethereum, Solana, Near, Avalanche, Polkadot, Celo
• L2: Polygon, Arbitrum, ZkSync, Starknet
• Bridge: Synapse, Anyswap, Hop

Infrastructure

• Identity & Auth: ENS, SpruceID, Ceramik SelfID
• Node Provider: Alchemy, Moralis, Infura, Thirdweb

Tech Stack Readings

• Alchemy - A Developer’s Guide to the Web3 Stack
• Moralis - Web3 Stack
• Nader Dabit/Edge & Node - Defining the web3 stack
• Coinbase - A simple guide to the Web3 stack
• 101 Blockchains - Web 3.0 Blockchain Technology Stack: The Comprehensive Guide

Starter Developer Resources

Tutorials

• Learn Blockchain, Solidity, and Full Stack Web3 Development with JavaScript – 32-Hour Course
• Hello World Smart Contract for Beginners - Ethereum
• Deploy Your First Smart Contract - Chainlink
• Blockchain Education
• Public Good Blockchain Development Guide
• useWeb3.xyz - A curated overview of the best and latest resources on Ethereum, blockchain and Web3 development
• CryptoZombies - Learn to Code Blockchain DApps by Building Simple Games
• Figment - The Web 3 education platform for developers, by developers.
• a16z Crypto Startup School
• Consensys Academy
• Binance Academy
• Ledger Academy

Common Developer Resources

• Solidity - The most popular smart contract language.
• Metamask - Browser extension wallet to interact with Dapps.
• Truffle - Most popular smart contract development, testing, and deployment framework. Install the cli via npm and start here to write your first smart contracts.
• Hardhat - Flexible, extensible and fast Ethereum development environment.
• Cryptotux - A Linux image ready to be imported in VirtualBox that includes the development tools mentionned above
• OpenZeppelin Starter Kits - An all-in-one starter box for developers to jumpstart their smart contract backed applications. Includes Truffle, OpenZeppelin SDK, the OpenZeppelin/contracts-ethereum-package EVM package of audited smart contract, a react-app and rimble for easy styling.

Cheatsheets, Terminologies, Glossary

• A Blockchain Glossary for Beginners
• Blockchain Glossary by Blockchain Hub
• Crypto Glossary by Coinmarketcap
• Solidity Cheatsheet

Patterns & Best Practices

Patterns for Smart Contract Development

• Ethereum Smart Contract Best Practices
• Dappsys: Safe, simple, and flexible Ethereum contract building blocks
  • provides building blocks for the MakerDAO or The TAO
  • should be consulted before creating own, untested, solutions
  • usage is described in Dapp-a-day 1-10 and Dapp-a-day 11-25
• OpenZeppelin Contracts: An open framework of reusable and secure smart contracts in the Solidity language.
  • Likely the most widely-used libraries and smart contracts
  • Similar to Dappsys, more integrated into Truffle framework
  • Blog about Best Practices with Security Audits
• Advanced Workshop with Assembly
• Simpler Ethereum Multisig - especially section Benefits
• CryptoFin Solidity Auditing Checklist - A checklist of common findings, and issues to watch out for when auditing a contract for a mainnet launch.
• EIP-2535 Diamond Standard
  • Organize contracts so they share the same contract storage and Ethereum address.
  • Solves the 24KB max contract size limit.
  • Upgrade diamonds by adding/replacing/removing any number of functions in a single transaction.
  • Upgrades are transparent by recording them with a standard event.
  • Get information about a diamond with events and/or four standard functions.
• Clean Contracts - A guide to writing clean code

Upgradability & Proxy Patterns

In a scenario of a deployed smart contract with user funds having a vulnerability, a hot fix should be required to be deployed without delay. Traditional smart contract patterns don’t allow such hot fixes. Instead, the developers need to deploy a new contract every time they want to add a feature or fix a bug. To address this, upgradability patterns have been introduced. Upgradability means that the client always interacts with the same contract (proxy), but the underlying logic can be changed (upgraded) whenever needed without losing any previous data. There are three types of proxy patterns:

• Diamond pattern : EIP-2532
• Transparent proxy pattern : EIP-1967
• Universal upgradeable proxy standard (UUPS): EIP-1822

OpenZeppelin suggests using the UUPS pattern as it is more gas efficient. One of the main caveats is that because the upgrades are done via the implementation contract with the help of upgradeTo method, there’s a higher risk of newer implementations to exclude the upgradeTo method, which may permanently kill the ability to upgrade the smart contract.

Ref: Using the UUPS proxy pattern to upgrade smart contracts - LogRocket

Security Best Practices & Resources

• Smart Contract Weakness Classification and Test Cases - SWC Registry
• List of known attacks - Consensys
• Security Tools List - Consensys
• Solidity Smart Contract Security Best Practices - 101 Blockchains

Technical Architecture of Full Stack dApps

• The Architecture of a Web 3.0 application

Gas Optimizations

• Gas Optimizations for the Rest of Us
• A Collection of Gas Optimisation Tricks

Developer Tools

Smart Contract Languages

• Solidity - Ethereum smart contracting language
• Vyper - New experimental pythonic programming language

Frameworks

• Truffle - Most popular smart contract development, testing, and deployment framework. The Truffle suite includes Truffle, Ganache, and Drizzle. Deep dive on Truffle here
• Hardhat - Flexible, extensible and fast Ethereum development environment.
• Brownie - Brownie is a Python framework for deploying, testing and interacting with Ethereum smart contracts.
• Embark - Framework for DApp development
• Waffle - Framework for advanced smart contract development and testing, small, flexible, fast (based on ethers.js)
• Dapp - Framework for DApp development, successor to DApple
• Etherlime - ethers.js based framework for Dapp deployment
• Parasol - Agile smart contract development environment with testing, INFURA deployment, automatic contract documentation and more. It features a flexible and unopinionated design with unlimited customizability
• 0xcert - JavaScript framework for building decentralized applications
• OpenZeppelin SDK - OpenZeppelin SDK: A suite of tools to help you develop, compile, upgrade, deploy and interact with smart contracts.
• sbt-ethereum - A tab-completey, text-based console for smart-contract interaction and development, including wallet and ABI management, ENS support, and advanced Scala integration.
• Cobra - A fast, flexible and simple development environment framework for Ethereum smart contract, testing and deployment on Ethereum virtual machine(EVM).
• Epirus - Java framework for building smart contracts.

IDEs

• Remix - Web IDE with built in static analysis, test blockchain VM.
• Ethereum Studio - Web IDE. Built in browser blockchain VM, Metamask integration (one click deployments to Testnet/Mainnet), transaction logger and live code your WebApp among many other features.
• Atom - Atom editor with Atom Solidity Linter, Etheratom, autocomplete-solidity, and language-solidity packages
• Vim solidity - Vim syntax file for solidity
• Visual Studio Code - Visual Studio Code extension that adds support for Solidity
• Ethcode - Visual Studio Code extension to compile, execute & debug Solidity & Vyper programs
• Intellij Solidity Plugin - Open-source plug-in for JetBrains IntelliJ Idea IDE (free/commercial) with syntax highlighting, formatting, code completion etc.
• YAKINDU Solidity Tools - Eclipse based IDE. Features context sensitive code completion and help, code navigation, syntax coloring, build in compiler, quick fixes and templates.
• Eth Fiddle - IDE developed by The Loom Network that allows you to write, compile and debug your smart contract. Easy to share and find code snippets.

Ethereum

• Eth Dev Tools List

Wallet

• Metamask
• Celo Extension Wallet
• Valora

Faucet

• Faucet to fund testnet with Celo
• Faucet to fund 5 testnet with ETH, wETH, DAI & NFTs - Paradigm Faucet
  • Sign in via Twitter is a must
  • Your Twitter account must have at least 1 Tweet, 15 followers, and be older than 1 month.
  • The faucet drips 1 ETH, 1 wETH, 500 DAI, and 5 NFTs (ERC721).
  • You will receive these tokens on Kovan, Görli, Optimistic Kovan, Polygon Mumbai and Avalanche Fuji.
  • You can claim from the faucet once every 24 hours.

Others (Custom RPC, ABI, etc.)

Steps to add Custom RPC (i.e. Celo Alfajores Network) on Metamask

• After opening up Metamask wallet account, open the Chrome extension & click on the network dropdown
• Click on "Custom RPC"
• Put "Alfajores Network" as Network Name (you can put anything else to your own convenience)
• Put this URL as New RPC URL
• Put 44787 as Chain ID
• Currency Symbol & Block Explorer URL are fields optional

Convert a contract into an interface/Generate a Solidity interface from a given ABI

• Run forge inspect CONTRACT abi
• Paste into https://gnidan.github.io/abi-to-sol

Or,

• forge inspect CONTRACT abi > abi.json
• cast interface abi.json > IFace.sol

References:

1. Transmissions11
2. Cast Interface - Foundry Book

Q&As/Interview Questions

Fundamentals

Briefly explain Consensus mechanism in Blockchain

A consensus algorithm is a method through which all the peers of the blockchain network reach a standard agreement of the present state of a distributed ledger. It achieves high reliability and establishes trust between unknown peers in the distributed computing environment.

There are different types of consensus algorithms:

• Proof-of-Work(PoW)
• Proof-of-Capacity (PoC)
• Proof-of-Activity (PoA)
• Delegated Proof-of-Stake(DPoS)
• Proof-of-Stake(PoS)
• Proof-of-Authority
• Proof-of-Burn
• Unique Node Lists
• Proof-of-Weight
• Proof-of-Elapsed Time
• SIEVE
• Byzantine Fault Tolerance

What's Markel Tree

Merkel Tree is a data structure that is used for verifying a block.

• Each leaf node is a hash of a block of transactional data
• Each non-leaf node is a hash of its leaf node
• The Merkel root or hash root is the final hash root of all the transaction hashes. It encompasses all the transactions that are underlying all the non-leaf nodes.

The importance of a Merkle tree in the blockchain is that if anyone wants to verify the specific transaction in a block, they can download the chain of block headers instead of downloading every transaction and every block.

In what order blocks are linked in blockchain?

All the blocks in the blockchain are linked in the backward order or each block links with its previous block.

What's a 51% attack/double-spend attack?

A 51% attack or double-spend attack occurs when a group of miners on a blockchain controls >50% of the network’s mining hash rate or computing power. They can reverse completed transactions & thus double-spend coins.

• In a PoW, Any malicious user would need to have 51% of computation power to solve the problem and thereby add the wrong block.
• In a PoS, any malicious user would need to have 51% of the total money on the network to add a wrong block.

What does nonce mean?

A nonce is an abbreviation for "number only used once". A blockchain nonce is a number added to a hashed—or encrypted—block in a blockchain. A single-use arbitrary string or number generated for verification purposes to prevent replaying past transactions.

What's an oracle?

Entities that can prove provenance and properties of online data from existing data sources or legacy systems. They act as on-chain APIs you can query to get information into your smart contracts. Oracles can also be bi-directional, used to "send" data out to the real world.

It’s important to note that a blockchain oracle is not the data source itself, but rather the layer that queries, verifies, and authenticates external data sources and then relays that information. The data transmitted by oracles comes in many forms – price information, the successful completion of a payment, or the temperature measured by a sensor.

What's the oracle problem & how to avoid it?

Blockchains cannot pull in data from or push data out to any external system as built-in functionality. At the same time, relying on a single source of truth to provide data is insecure and invalidates the decentralization of a smart contract. This is known as the oracle problem.

The entire point of a smart contract is to achieve determinism in accordance to the contract’s terms as opposed to probabilistic execution carried out by human enforcement. To achieve this end, the blockchain cannot have any single point of failure, i.e. a centralized blockchain oracle. So we can avoid the oracle problem by using a decentralized oracle that pulls from multiple data sources; if one data source is hacked or fails, the smart contract will still function as intended.

Readings & Summaries

DECO: Liberating Web Data Using Decentralized Oracles for TLS

• DECO (short for DECentralized Oracle) allows users to prove that a piece of data accessed via TLS came from a particular website and optionally prove statements about such data in zero-knowledge, keeping the data itself secret
• A three-party handshake splits a shared TLS session key between provers and verifiers, where the prover uses a zero-knowledge proof to verify the data without revealing its type or contents
• The prover cannot forge data, and the verifier cannot access additional data
• Data validation happens on a public blockchain without revealing the data to anyone, keeping sensitive information secure
• A single instance of DECO could enable anyone to become an oracle for any website
• Works with modern TLS versions, requires no trusted hardware and no server-side modifications

Sources:

• Whitepaper
• Ari Juels DECO Presentation: Liberating Web Data Using Decentralized Oracles for TLS
• DECO FAQ

Town Crier: An Authenticated Data Feed for Smart Contracts

• Addresses the question of "Who can be trusted to provide data to smart contracts in a trustworthy way?"
• The Town Crier (TC) system addresses this problem by using trusted hardware, namely the Intel SGX instruction set, a new capability in certain Intel CPUs.
• How it works:
  • When it receives a query from an application contract, the TC server fetches the requested data from the website and relays it back to the requesting contract.
  • Query processing happens inside an SGX-protected environment known as an “enclave”.
  • The requested data is fetched via a TLS connection to the target website that terminates inside the enclave
  • SGX protections prevent even the operator of the server from peeking into the enclave or modifying its behavior, while use of TLS prevents tampering or eavesdropping on communications on the network
• DECO and Town Crier
  • The two systems have similar goals, but differ in their trust models and implementations
  • Town Crier can achieve all of the functionality of DECO and more.
  • DECO constrains the Prover to interaction with a single Verifier. In contrast, Town Crier enables a Prover to generate a publicly verifiable proof on data fetched from a target server, i.e., a proof that anyone, even a smart contract, can verify directly.
  • Town Crier can also securely ingest and make use of secrets (e.g., user credentials).
• The main limitation of Town Crier is its reliance on TEEs.

Sources:

• Town Crier Whitepaper
• How Town Crier Works: The Big Picture
• ChainLink 2.0 v2 Whitepaper

Chainlink 2.0: Next Steps in the Evolution of Decentralized Oracle Networks

• Decentralized Oracle Networks (DON) are designed to enhance and extend the capabilities of smart contracts on a target blockchain or main chain through functions that are not available natively.
• They do so by providing the three basic resources found in computing systems:
  • Networking
  • Storage, and
  • Computation
• A DON acts as a blockchain abstraction layer, providing interfaces to off-chain resources for both smart contracts and other systems.
• DON improves the scaling of blockchain-enabled smart contracts by shifting the main locus for transaction processing from blockchain to itself
• Decentralized Oracle Network Transaction-Execution Framework (DON-TEF) or TEF is a design pattern for the construction and execution of a performant hybrid smart contract
• How TEF works
  • An original target contract SC is refactored into a hybrid contract
  • This refactoring produces the two interoperating pieces of the hybrid contract:
    • A MAINCHAIN contract/an anchor contract: custodies users’ assets, executes authoritative state transitions, and also provides guard rails (see Section 7.3) against failures in the DON
    • An executable on a DON: sequences transactions and provides associated oracle data for them. It can bundle transactions for the anchor contract
• In TEF schematic, transactions pass through the mempool of a smart-contract enabled blockchain (MAINCHAIN) via Mempool Services (MS) to the DON

Sources: Chainlink whitepaper v2