L8 - Ethereum Design Patterns Flashcards

1
Q

programming idioms

A

language-specific patterns for recurring programming problems (lower abstraction than design patterns)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

design patterns

A

template solutions for recurring software engineering problems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

solidity idiom

A

practice-proven code pattern for a recurring coding problem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are access restriction idioms used for?

A

protect contract functions from unauthorized calls.

  • all external and public functions can be called by anyone, third parties might execute a function they are not allowed to
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do access restriction idioms work?

A

Through function modifiers

modifier onlyOwner() {
require (owner = msg.sender);
_;
}
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why is the secure ether transfer idiom needed?

A

So that a malicious attacker cannot exploit the property of the transfer function to freeze the contract.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How is the transfer function used for malicious purposes in bidding?

A
contract BadAuction {
address highestBidder; uint highestBid; 
function bid() public payable {
require(msg.value >= highestBid); if (highestBidder != 0) {
highestBidder.transfer(highestBid); }
highestBidder = msg.sender; highestBid = msg.value;
}
} 

When the contracts wants to send the money back to the previous highest bidder (= malicious attacker) the malicious attacker throughs an exception and the sending contract gets disabled. Now the malicious bidder stays the highest bidder.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the secure ether transfer idiom?

A

Pull over push

  • functions which send Ether should be isolated. A common pattern is to have a separate, isolated function which needs to be actively called by the sender (pull)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can gas be saved with an idiom?

A

By tight variable packing.

  • group all data types that should belong together into a single 32-byte slot and declare them one by one.
contract StructPacking{
// 2 strage slots
struct CheapStruct{
   uint 128 a;
   uint 128 c;
   uint 256 b;
}
}
contract StructWithoutPacking{
// 3 strage slots
struct ExpensiveStruct{
   uint 128 a;
   uint 256 b;
   uint 128 c;
}
}
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Why are design patterns specifically important for smart contract development.

A
  • Determinism by design makes use of external data and random numbers challenging
  • code is immutable –> contracts cannot be updated
  • financial value is at risk
  • transaction finality –> stolen money is gone forever
  • availability of source and bytecode makes it easier for attackers to find potential vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How can smart contracts use external data?

A

Through oracles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Two types of orcales

A
  • synchronous oracle
  • asynchronous oracle

–> draw both

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How does a synchronous oracle contract work?

A

The oracle service pushes data regularly to the smart contract.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does the asynchronous oracle work?

A

Oracle service waits for the emission of an event to act.

So my smart contract executes the getOracleData() function. Then the oracle contract executes the function invokeOracle() which reads data from an external oracle server (api).
Then the external Oracle server invokes a callback() function in the Oracle contract which then calls a function in my smart contract called _OracleCallback() external onlyOracle this writes back the message from the external server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How to limit the forwarded gas?

A

(gas _gas)

–> _gas defines the to-be forwarded amount of gas.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Advantages of oracle pattern

A
  • enables data retrieval from external sources
  • either easy to use (synchronous Oracle) or live data (asynchronous Oracle)
  • can be used for different purposes (randomness, stock data, weather data)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Disadvantages of oracle pattern

A
  • costly in terms of gas consumption

- dependence on a third party in terms of data manipulation and availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are randomness patterns used for?

A
  • Solidity does not provide any functions that generate random numbers due to the deterministic behavior. Having random numbers would make it impossible for other nodes to validate the correct output of a function.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

How does the randomness pattern work?

A
  • Oracles can provide random numbers from local sources or servers like WolframAlpha
20
Q

Limitations of randomness patterns from Oracles

A
  • costly in terms of gas consumption
  • dependent on a third party in terms of data manipulation
  • potential predictability
21
Q

Randomness pattern - pseudo-random numbers

A
  • use the hash of the currently mined block

- but potentially predicable by miners who could manipulate the block hash by deciding which transactions are included.

22
Q

What is a third approach to generate randomness patterns?

A
  • commit and reveal scheme
    1. Users hash their random number and publish it to the smart contract
    2. users reveal their random number and the smart contract calculates a random number from these commits
23
Q

Commit and reveal explained

A

A “naive” scheme where users simply send random numbers and the results are calculated via hashing their common product, is a bad scenario. In this case, the last player can choose his own random number to control the result. That is why it is better to use a well-known commit-reveal pattern. First, participants send hashes of their random numbers (i.e. “commits”), then submit the original random numbers (“reveals”). The “reveal” phase starts as soon as all necessary commits are collected, i.e. participants can only send a random number of the previously submitted hash. Now we will add block parameters - better to use those of a future block, as random numbers will appear only in one of the next blocks - and voila! Randomness is here! Now any player may affect the resulting randomness and is able to “defeat” a malicious BP by blocking it with its own unpredictable randomness… You can also increase protocol security by requesting some transaction fee for “commit” - a security deposit, that will be returned only during the “reveal” procedure. In this case, committing without revealing will be unprofitable.

24
Q

Limitations of commit and reveal

A
  • requires user interaction
  • users could withhold their reveals (possible solution: if information is not revealed, the stakes are distributed among other players
25
Q

What are the problems with replacing a contract with another version ?

A
  • each contract deployed on the blockchain gets a new address –> entities referencing a previous version of the contract need to be notified about the update
  • each contract has its own state –> state migration is not straightforward as more recent contract must inherit not only the data but all permissions as well
  • potential state inconsistencies when the previous contract version is still used by some entities.
26
Q

What is close coupling and when is it a problem?

A

It is when you do not separate state data from business logic.
It becomes a problem whenever the contract needs to be replaced by a newer version.

27
Q

What is data segregation and why is it useful?

A

Decoupling business logic from the state data (raw data storage) by using two contracts.

28
Q

Which functions must the storage contract have?

A

All the necessary getter and setter functions

29
Q

Advantages of data segregation

A
  • separation of concerns - low coupling
  • updating the business logic of a contract is straight forward
  • migration to a new business logic does not require migration of the state
30
Q

Disadvantages of data segregation

A
  • user has to trust the maintainer of the contract
  • requires lifecylce management
  • applications need to be notified about the contract address of the new version
31
Q

What problem does a proxy contract solve?

A
  • the account address stays the same in the case of an update
32
Q

How is a proxy contract set up?

A
  • separate the business logic and the data from the actual, application-facing contract
  • implement a proxy contract which forwards all calls to the contract with the business logic.

draw this

33
Q

Advantages of a proxy contract?

A
  • separation of concerns - low coupling
  • updating the business logic of a contract is straightforward
  • no address change
34
Q

Disadvantages of a proxy contract?

A
  • trust the maintainer of the proxy not to replace the business logic with malicious code
  • interface is still immutable. It is not possible to add new callable functions
35
Q

What are tokens?

A

Smart contracts that implement a standardized interface and are currently the main use case in the Ethereum ecosystem.

36
Q

Two most common contracts and use-cases

A

ERC 20: ICOs and crowd funding

ERC 20 & ERC 721: Gaming

37
Q

What are fungible tokens?

A
  • all tokens are indistinguishable and have exactly the same value
38
Q

What are non-fungible tokens?

A
  • each token is uniquely identifiable by an ID
39
Q

What is the ERC-1155 multi-token standard?

A

Allows for each token ID to represent a new configurable token type, which may have its own metadata, supply and other attributes

40
Q

Which tokens are NFTs?

A

Non-fungible tokens (ERC 721) and ERC-1155 tokens. ERC-1155 are used for collections of artworks. ERC-1155 are for fungible and non-fungible tokens

41
Q

Which standard defines fungible tokens?

A

ERC 20

42
Q

Does ERC20 specify the actual implementation of the functions?

A

No, only the interface a contract must implement to be ERC20 compliant.

43
Q

stablecoins

A

digital currencies whose value is linked to a real-world asset such as the US dollar

44
Q

exchange token

A

digital asset that is unique to a cryptocurrency exchange. Most exchange tokens are aimed to boost the exchange’s liquidity.

45
Q

DeFi tokens

A

collection of coins that are native to automated, decentralized networks that use smart contracts to function. These provide customers access to a suite of blockchain-based financial applications and services