Certified Solution Architect Flashcards
Name a language that can be used for each layer in a dApp
Front - HTML
Middle - JavaScript
Blockchain - Solidity
What are function modifiers?
Can be used to limit access to or use if a function based on an account/node
What is Ganache used for?
In memory blockchain testing (runs a simulated node)
A DApp resembles a typical …………………..
Full stack web app
Describe a dApp front end
User interface for interacting with your blockchain dApp
No special technology front-end requirements Presentation layer: HTML/CSS Mobile app Even Alexa
Describe the technology of a dApp middle layer
Interface between the UI and the blockchain
Can use:
Node.js
Server side code
All comes to and from the blockchain is in byte-code
Middle layer abstracts the bytecide with JS libraries (e.g. Truffle)
What is contained in a dApp middle layer?
Validation and exception handling
Business logic should live in this layer
Which languages can you use for the middle layer?
Solidity/Viper to write the contracts
Describe the blockchain layer of a dApp
Biggest learning curve
Contracts can call other contracts
What is a centralised ledger?
Contains all the transactions
Controlled by a single entity
Double-entry accounting is…
A record for tracking debits and credits.
Blockchain is…(3)
A record keeping system
An event tracking system
A workflow platform
Changing the data on any block will result in……..
A different hash
Group Consensus is reached when how many members agree?
51% or more
Blocks in Blockchain are “chained” together by:
By hashing the previous block and embedding that hash into the new block’s header
Give 3 examples of Blockchain transactions
Two or more parties, exchange of monetary value such as cryptocurrency.
Two or more parties, but no exchange of monetary value such as updates to medical records.
One party announcing an important event such as supply chain management, business process automation, creation/auditing of financial records.
A decentralized ledger acts as a …………………….., like a bank.
trust broker
Blockchain was documented and released via a whitepaper by:
Satoshi Nakamoto
Blockchain provides the same services as a traditional bank, except for:
Providing Certificates of Deposit
Hyperledger and Ethereum both went live in which year?
2015
What are the benefits of Blockchain?
Trust
Security
Decentralization
Immutability
In Proof of Work consensus what happens when you add another node to the network?
Security time is increased by 1/N
Transaction time is increased by 1/N
(where N equals the number of nodes on network)
The Private Key does what?
Used to sign any transaction that might be made by the holder of the key pair
What is Cryptographic hashing?
A one-way function that encrypts information that can not be decrypted.
A ‘hard fork’ occurs when:
New Blockchain software is released which breaks or modifies existing rules.
Some nodes decide to keep a different version of the ledger then others
Proof of Stake consensus aims to do what? (3)
Improving transaction capacity
Lower energy consumption
Removing the need for specialized hardware
On a public Blockchain such as Ethereum, transactions are………… before they’re added to the block.
validated
The Merkle Tree serves which important function in Blockchain?
It acts as an index, allowing transactions to be found quickly regardless of their location on the Blockchain
What are the key terms used in Cryptography? (4)
The secret
The key
The function
The cypher
A public closed Blockchain allows…
Many people to write, only a few can read
Blockless platforms offer which advantage?
Greater transaction processing capacity
Each block in a Blockchain is linked to what?
The preceeding block
Must users explicitly purchase gas before using a Blockchain solution?
No
Name the three main Ethereum token standards:
ERC20
ERC223
ERC721
A ……… Blockchain would be a good choice for situations where only a few people should be able to write data, but a large number of people should be able to consume that data.
private / open
Give an example for a ‘blockless’ platform:
IoTA
What happens if a function call runs out of gas?
The function rolls-back
The user loses the gas
Which token standards is used for non-fungible, non-transferrable assets on the Ethereum Blockchain?
ERC721
An …………. Blockchain architecture should be used in cases where public verification is important.
Open
Blockchain Smart Contracts are analogous to:
Firmware
……….. provide greater fault-tolerance than …………..
Public Blockchain networks
Databases
Are Public Blockchains the ideal solutions when data sovereignty is a concerned?
No
Smart Contracts exist as …………… records on the Blockchain once deployed
permanent
Unlike conventional networks, Peer-to-Peer networks do not contain ……………………………..
both clients and servers.
Blockchain will be a better fit over a traditional database system when:
Public validation is required
Infinite scalability is needed
No single authority can or should own the data
When a Smart Contract is killed it…
No longer accepts new transactions but remains on the Blockchain forever
Hypermedia Distributed File System is …
A content-based addressing system
Name some primary network architectures:
Decentralized
Distributed
Centralized
DApp stands for
Decentralized Application
Remix is a browser-based IDE for editing Smart Contracts on which platform?
Ethereum
How do Smart Contracts access data outside the Blockchain?
Using Oracles
What does the middle layer of a Blockchain application contain?
Business logic
Does developing a user interface for a public Blockchain application require developers to learn new skills?
No
What are the two types of transactions in the Hyperledger Fabric?
Deploy and Invoke
To develop in Hyperledger, you use which tool?
Composer
What does DAO stands for?
Decentralized Autonomous Organization
Other tools and frameworks to be familiar with when building Blockchain applications include:
Ganache, Truffle and Web3.js
A good solution can and often does incorporate Blockchain along with …………………..
more conventional technologies.
Which design artifact describes what a solution should do without focusing on how it should be done?
Functional requirements
Once a contract has been killed you cannot….
revive it
Take funds out of it
Can a user can have multiple personas?
Yes
User stories will help to create:
Functional Requirements
Which design artifacts describes how a functional requirement will be fulfilled?
Technical requiement
What are the base columns you should have in your Task estimation worksheet?
Task Name
Task Owner
Estimated Time to Complete
Skillset Required/Role
List 3 Blockchain architecture fundamental questions?
BETTER - Does the use of Blockchain create a better end-user experience?
HEAVY USE - heavy use on day 1?
VIEW RIGHTS - Who needs to see the data? Who should NOT see the data?
………… Blockchains offer lower transaction speed than ……… Blockchains.
Public
Private
According to the Sandwich Complexity Model, the bulk of the application logic should live at which layer?
Middle
Technology decisions do not ……………… to design a good Blockchain solution.
made up-front
A modular design pattern for Smart Contracts is generally preferable unless which feature is desired?
Security
…….. payments are the desired pattern for giving funds to a user.
Pull
What are some of the best practices for testing a Blockchain application?
Local testing -> test network -> production network
Use a local Blockchain tool like Ganache when doing development and initial testing
When developing a Blockchain application always align _____________ to your guiding principles.
Personas
What is the risk of using a Monolithic architecture for an application or Smart Contract?
There is a single attack surface or single point of failure
All Smart Contract function calls should be wrapped in:
Try / Catch statement
Is data on a public Blockchain is automatically encrypted?
No
Name an Ethereum test network
Ropsten
Name the types of bugs
Security
Logic
Integration
How can you add value to bug reports
Make them multimedia (a picture speaks a thousand words)
Traditional testing time should be scaled up how much in the Blockchain world?
5-10 times up
Shift-Left Testing is…
Involving your testers earlier in the project lifecycle.
Name the types of testing
Unit
Configuration
Regression
Stress
______________ should be the start of your test cases.
Personas
What is the ideal but not realistic target for test coverage of a Blockchain application?
100%
What is a bug bounty?
Offering a reward to others who find flaws, security holes or exploits in your code.
Name 3 Blockchain Testing best practices:
SEPARATE - (dev/test environments)
MULTIPLE times/views (from the point of view of multiple users)
State UNTESTED platforms (that are not supported by your Blockchain application)
What is the synchronicity or determinism problem?
When nodes do not execute a function at exactly the same time and thus the data retrieved from an Oracle is not consistent between the nodes.
(Only happens when the data being retrieved is changed frequently)
When is an Oracle most reliable?
When it is retrieving historical data
What is the Oracle-architecture pattern?
A method to access off chain external data and bring it onto the chain
Oracles are not part of the …………..
Consensus mechanism
What is a centralized ledger?
Contains transactions
Controlled by single entity
Anything in the world which has a financial value needs a ledger
What is a distributed ledger?
A database that is consensually shared and synchronized across multiple sites, institutions or geographies.
It allows transactions to have public “witnesses,” thereby making a cyberattack more difficult.
What is the difference between a centralized and decentralized ledger?
Centralised and decentralised refer to control.
centralised controlled by one person or entity
Decentralised controlled by all or multiple persons or entities
What is the difference between decentralised and distributed?
Centralised/decentralised refer to CONTROL
Distributed refers to LOCATION (all on one server in one place, or distributed over multiple servers and geographical locations)
What is a block?
A block is like a page of a ledger or record book.
Each time a block is ‘completed’, it gives way to the next block in the blockchain.
What is contained on a block?
Transactions Height Timestamp Nonce Hash of previous block
What is the difference between possession and ownership?
The main difference is:
Possession is requiring a physical custody or control of an object.
(library book in your possession)
Ownership is the right which grants a person an object.
(that is owned by the library)
What is the difference between Double vs. Triple Entry accounting?
Triple-entry accounting creates a link between the two double-entry systems documenting that the transactions in the two systems go together.
What is Group Consensus?
Consensus decision-making is a group decision-making process in which group members develop, and agree to support a decision in the best interest of the whole group or common goal.
How are blocks chained together?
Every block contains a hash of the previous block
Name three types of blockchain
Public
Private
Hybrid
Name 3 types of blockchain transaction
Involving transfer of value
Declaring an event
Not involving money
What are the benefits of blockchain? (5)
Greater transparency. Enhanced security. Improved traceability Increased efficiency and speed Reduced costs
What is Cryptography
Techniques for secure communication in the presence of third parties called adversaries.
What is Public Key Cryptography?
Public-key cryptography, or asymmetric cryptography, is a system that uses pairs of keys:
public keys which may be disseminated widely
private keys which are known only to the owner.
What is Cryptographic Hashing?
It is a mathematical algorithm that maps data of:
- arbitrary size to a bit string of a fixed size
- one-way function, that is practically infeasible to invert
What is Proof of Stake Consensus?
Consensus algorithm used to VALIDATE blocks
First implemented in 2012.
What is entropy in relation to IDs?
Now entropy is said to be a measure of randomness to determine how difficult it is for an attacker to be successful.
Pending transactions on the Ethereum Blockchain are always …
Ordered by the highest fee paid to lowest, and then written to the block in that order.
What are the weaknesses of blockchain?
Scalability Excessive energy consumption Slow transaction processing time Cost of data storage Get external triggers on chain Getting currency off chain
What is the difference between a public key and a private key?
The public key can be shared with everyone
The sender will use the receivers public key to encrypt the contents and only the receiver
can unencrypt it with their private key.
The private key is kept secret.
It is used to unencrypt data encrypted with their public key
And to sign transactions to prove who they come from
How does blockchain enable trustless environments?
Parties do not need to trust each other or a third party
All information being transacted across the network is:
- independently verified
- immutably stored
What makes trustless environments viable?
combination of: Proof of Work cryptography merkle chains P2P networks
How is cryptographic hashing used to protect anonymity?
To complete
What is the nothing at stake problem?
Only happens in the event of a fork
The optimal strategy is to mine on every chain, so that the miner gets their reward no matter which fork wins.
An attacker may be able to send a transaction in exchange for some digital good, receive the good, then start a fork of the blockchain from one block behind the transaction and send the money to themselves instead.
Even with 1% of the total stake the attacker’s fork would win because everyone else is mining on both. This assumes a large number of economically interested miners
Summarise POS
The higher your balance, the higher the chance that you’ll forge the next block.
Actual block generation is randomized by the protocol.
Simple, fast, efficient, no energy waste, and it can even run on a low power device or cheap VPS node.
What is chain code?
Hyperledger name for smart Contract
How does gas work in relation to transaction time?
Wait longer = pay less gas
Execute faster = pay more gas
All transactions on the Ethereum network cost a certain amount of gas, depending on the…………….. and the …………… of the contract one is trying to execute.
current demand for gas
size and speed
Every transaction or smart contract executed on the Ethereum blockchain requires ………
Gas
Gas economics as a way to make sure that the network does not………………. on securing pointlessly long-winding transactions. The gas system ………………… first by making their computational costs and rewards publicly known to the miners.
waste energy
prioritizes important transactions
What is ERC?
A technical standard used for smart contracts on the Ethereum blockchain for implementing tokens
Name 5 blockless blockchains
Iota Nano Byteball Travelflex IOT chain
What technology is used in a blockless chain?
DAG
What is the main problem that blockless blockchains solve?
Scaleability
What is a distributed system?
A system whose components are located on different networked computers, which communicate and coordinate their actions by passing messages to one another
What is peer to peer?
A network of computers where each computer can act as a server for the others, allowing shared access to files and peripherals without the need for a central server.
What is Hypermedia Distributed File System?
Content-addressable, peer-to-peer method of storing and sharing hypermedia in a distributed file system.
Name a Hypermedia Distributed File System
IPFS
How can the IPFS system be accessed?
In a variety of ways, including via FUSE and over HTTP.
IPFS uses a …………… to track content across the entire web
Merkle tree
What is firmware development?
Firmware is part of the machine, and it would not function without it.
Having a dev with the mindset of a Firmware dev is crucial as like firmware Smart Contracts can not be changed therefore you have to get them right first time.
What is the Kill function?
A function to deactivate a smart Contract
How do you call a kill function?
Selfdestruct()
Can you transfer money out of a smart Contract when you kill it?
Yes…
Enter the address to transfer to in the function parameters
Selfdestruct(address)
When you implement a kill function to destroy a contract, ………………….. lets you protect the contract from getting destroyed by the wrong person
checking the identity of the caller
Differences between Blockchain vs. Databases?
The primary difference between a blockchain and a database is centralization.
While all records secured on a database are ………………., each participant on a blockchain has a secured copy of all records and all changes so each user can view the ……………… of the data.
centralized
provenance
What is Data Sovereignty?
The idea that data are subject to the laws and governance structures within the nation it is collected.
Or
Data sovereignty is the concept that information which has been converted and stored in binary digital form is subject to the laws of the country in which it is located.
What is a Decentralized App?
A.K.A - Smart Contract
A decentralized application is a computer application that runs on a distributed computing system.
What is user interaction layer?
Front end UI
DApps/products sit at the ……….. and is the part that the consumer or user interacts with.
In this sense you could consider that it’s the currency (like ………..)
Or
The DApp that people use (like ………..)
top layer
Bitcoin
Cryptokitties
………… are where the DApps/products are built on. They make use of the rules of the ………………../ to form it’s basis and can be thought of taking the protocol down a specific use case (like supply chain for instance).
The platform will have chosen the protocol to build on, based on what it’s rules allow for.
Platforms
protocol level
What is a protocol?
The set of rules that govern the network that the platforms and DApps sit on.
What is Remix?
An IDE that is web browser based that allows you to write Solidity smart contracts, then deploy and run the smart contract.
What is the set of collaboration tools for building blockchain business networks that make it simple and fast for business owners and developers to create smart contracts and blockchain applications to solve business problems?
Hyperledger Composer
What is an Oracle?
An agent that finds and verifies real-world occurrences and submits this information to a blockchain to be used by smart contracts.
- Provide external data
- Trigger smart contract executions when pre-defined conditions are met
What is Remix?
Remix is a Solidity IDE that’s used to write, compile and debug Solidity code.
What is Solidity?
Solidity is a high-level, contract-oriented programming language for writing smart contracts.
What is a Smart Contract?
A trust-less agreement between two parties that makes use of blockchain technology, to enforce the parties to adhere to the terms.
What is Mist?
The Ethereum Dapp browser
What are “Invoke” and “Deploy” transactions?
Hyperledger transactions
Name the 2 types of Hyperledger transactions
Invoke
Deploy
What do deploy transactions do?
Installs chaincode to the chain
- Creates new chaincode and takes a program as parameter
- When a deploy transaction executes successfully, the chaincode has been installed “on” the blockchain.
What do invoke transactions do?
Calls a function on a chaincode Contract
- This may involve modifying the corresponding state, and returning an output.
What are Guiding Principles? (4)
Feature heavy/feature light?
Collaborative/Security focused?
Centralised support model/Decentralised?
Consistency/Specialisation?
Define the Feature heavy or feature light guiding principle
As much functionality as possible (like Excel)
Vs
Simple(like Google)
Define the Collaborative or Security focused guiding priciple
Communication, content sharing (Facebook)
Vs
Defined walls and boundaries (online banking)
Define the Centralised support model or Decentralised
Dedicated trained staff for support (for medical diagnostic app)
Vs
Forum to browse for answers (like Instagram)
Define the Consistency or Specialisation guiding principle
All uses have the same access and treated the same (Facebook)
vs
Different access for different roles. (World of Warcraft)
What is a problem with using hashes to anomyise data?
Hashes are deterministic and if there are limited inputs an attacker can use a brute force attack.
Ensuring anonymous record security relies on …………. which is just a fancy way of saying ……………….
entropy
randomness
If the anonymous record keys are……………., or low on …………., then the attacker can simply brute force all possible keys and match them to record identifiers.
There is a way of militating against this threat with a security mechanism called a …………..
poorly constructed
entropy
salt
What is the name of the security mechanism that can help protect against attacks on anonymised data?
Salt
How does salt work?
A ‘salt’ is an extra piece of information that is baked into a hash record. If every single record has its own unique salt, then an attacker can’t crack all records in one pass.
Salt is useful in the case of………….. brute force attacks but less useful for ………. attacks.
large scale
Single record
What is a disadvantage of using salt?
As the anonymised identifier depends on the salt, it is difficult to compare participants across multiple studies.
Salt is akin to a …………. in blockchain
Nonce
Name the block header fields (5)
Version Last Block Merkle Root Timestamp Target
What is Meta mask?
Browser extension wallet.
Connects to Ethereum blockchain
What is the difference between a message and a transaction?
Message - between smart contracts
Transaction - between external accounts
What are the functions of gas?
Incentivises noses to process contracts
Decentivises spam and other abuses
Helps prevent bad code or infinite loops (too expensive or gas runs out)
What are calling contracts?
Design pattern
When you have multiple versions of a smart Contract on the blockchain,
Middle layer is coupled to calling contract it decides which child contract to pass to.
What is the advantage of the calling contract?
Easier to manage multiple versions (to go to the current version where old ones exist)
And multiple versions simultaneously
How do calling contracts decide which contract to call?
Either logic in the calling contract
Or
Oracle to get info from external data source
What is the zero defects philosophy?
Do it right first time
Cost of preventing problems is less than fixing them later
What is the purpose of regression testing?
To check for:
Reintroduction of old bugs
New bugs
What is regression testing?
Testing all code, including deployed code or code that hasn’t been changed to check for introduced or re-introduced bugs
What is Mocha?
JavaScript test framework
Runs on Node.js and in the browser
Allows asynchronous testing
What is Chai?
A BDD / TDD assertation library
For node and the browser
Can be paired with any javascript testing framework (e.g. Mocha)
Use:
assert.typeOf(foo, ‘string’);
What is BDD?
Behaviour driven development
Name the Chai interfaces (3)
Should
Expect
Assert
What assumptions must you not make with Smart Contracts?
That the contract has a 0 balance
That the variables are uninitialised
(because someone may have interacted with your contract before you)
What is a buffer overflow attack?
Each variable has an allocated amount of memory
When you exceed it, the variable will reset itself to the lowest number
(E.g. -127)
This can be used to steal money from a contract
Remember, anyone can ………. and ………. a function in your contract or deposit funds into a contract.
View
Invoke
What is CI/CD?
Continuous Integration
continuous delivery
What is GO?
A development language that can be used in Hyperledger Fabric
How is Contract data stored?
In hex
Automated testing allows you to test ………… not ………….
Faster
Better
In addition to testing your code, you should also test your. ………… and ……………
Documentation
Support materials
Testing is not an expense but a …………………
Risk mitigation strategy
How is the creator of the next block is determined in POS?
By a RANDOMISED system that is, in part, dictated by:
HOW MUCH - cryptocurrency a user is holding
HOW LONG - they have been holding that particular currency.
What are the main advantages of proof of stake?
ENERGY EFFICIENCY
SECURITY
