Table of Contents for
Blockchain Developer's Guide

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Blockchain Developer's Guide by Narayan Prusty Published by Packt Publishing, 2018
  1. Blockchain Developer's Guide
  2. Title Page
  3. Copyright
  4. Blockchain Developer's Guide
  5. About Packt
  6. Why subscribe?
  7. Packt.com
  8. Contributors
  9. About the authors
  10. Packt is searching for authors like you
  11. Table of Contents
  12. Preface
  13. Who this book is for
  14. What this book covers
  15. To get the most out of this book
  16. Download the example code files
  17. Conventions used
  18. Get in touch
  19. Reviews
  20. Blockchain 101
  21. Processing a financial transaction
  22. Ledger
  23. Concept of a trustless system
  24. Introducing blockchain
  25. General elements of blockchain
  26. Peer-to-peer network
  27. Block
  28. Block header
  29. Addresses
  30. Wallets
  31. Transaction
  32. Nodes
  33. What does blockchain solve?
  34. Types of blockchains
  35. Public blockchain
  36. Semi-private blockchain
  37. Private blockchain
  38. Consortium blockchain
  39. Byzantine generals problem
  40. Consensus
  41. Blockchain in a nutshell
  42. Benefits
  43. Banking records
  44. Medical records
  45. Government records
  46. Creative and copyright records
  47. University degree records
  48. Challenges
  49. Complexity
  50. Network scalability
  51. Speed and cost
  52. Double spending 
  53. Summary
  54. Components and Structure of Blockchain
  55. Blocks
  56. The chain between blocks
  57. Hashing and signatures
  58. Digital signatures
  59. What are digital keys?
  60. Example block data
  61. Example Ethereum block
  62. Bitcoin block
  63. Global state
  64. Block time and block size
  65. Blockchain miners
  66. Blockchain validators
  67. Smart contracts
  68. Blockchain speed
  69. How to calculate blockchain throughput
  70. Comparisons with traditional networks
  71. Summary
  72. Decentralization Versus Distributed Systems
  73. Distributed systems
  74. Resiliency
  75. Fault tolerance and failure isolation
  76. Consensus and coordination
  77. Backups
  78. Consistency
  79. Peer-to-peer systems
  80. Decentralized systems
  81. Principles of decentralized systems
  82. Open access
  83. Non-hierarchical
  84. Ecosystem diversity
  85. Transparency
  86. Downsides
  87. Speed
  88. Censorship resistance
  89. Chaos and non-determinism
  90. Summary
  91. Cryptography and Mechanics Behind Blockchain
  92. Principles of security
  93. Historical perspective – classical cryptography
  94. Types of cryptography
  95. Symmetric cryptography
  96. Asymmetric (public-key) cryptography
  97. Signatures
  98. Hashing
  99. The avalanche effect
  100. Collisions
  101. Hashing a block
  102. Hashing outside PoW
  103. Summary
  104. Bitcoin
  105. The history of Bitcoin
  106. Why Bitcoin is volatile
  107. Keys and addresses
  108. Currency units
  109. Vanity addresses
  110. Base58 check encoding
  111. Transactions
  112. Types
  113. Pay-to-Public-Key Hash
  114. Pay-to-Script Hash
  115. Blocks
  116. Genesis block
  117. Bitcoin network
  118. Types of nodes
  119. Full node
  120. Lightweight nodes
  121. Other nodes
  122. Network discovery
  123. Finding peers
  124. DNS seeds
  125. Static IPs
  126. Wallets
  127. Types
  128. Deterministic wallet
  129.  Deterministic wallets
  130. HD wallets
  131. Non-deterministic wallet
  132. Summary
  133. Altcoins
  134. Introducing Altcoins
  135. Tokens
  136. Ethereum
  137. Omni Layer
  138. NEO
  139. Waves
  140. Counterparty
  141. Alternative currency
  142. Monetary alternatives
  143. Consensus alternatives
  144. Litecoin
  145. Ether
  146. Ripple
  147. Bitcoin Cash
  148. Acquiring cryptocurrency 
  149. Mining of cryptocurrency
  150. Bitcoin mining
  151. Mining difficulty
  152. Mining pools
  153. Altcoin mining
  154. Cryptocurrency exchanges
  155. Cryptocurrency wallets
  156. Summary
  157. Achieving Consensus
  158. Practical Byzantine fault tolerance algorithm 
  159. Byzantine faults
  160. How PBFT works
  161. Proof of Work
  162. How the PoW problem works in Bitcoin
  163. Proof of Stake
  164. The nothing-at-stake attack
  165. Variations
  166. Delegated Proof of Stake
  167. Tendermint consensus
  168. Proof of Authority
  169. Establishing authority
  170. Proof of Elapsed time
  171. Summary
  172. References
  173. Advanced Blockchain Concepts
  174. Blockchain and banks
  175. Unbanked – going pure crypto
  176. Fixing pegs
  177. Buying options
  178. Why regulated exchanges?
  179. Unbanked and unincorporated?
  180. The DAO
  181. Decentralizing an organization
  182. Putting a corporation on a blockchain
  183. Cutting out the middle man
  184. Providing capital
  185. Social purpose – blockchain as leveler
  186. Banking the unbanked
  187. Silk road LLC – privacy and ethics
  188. Tracking all the things
  189. Defeating some privacy issues with zero-knowledge proofs
  190. Unwrapping the concept of zero-knowledge proofs
  191. Summary
  192. Cryptocurrency Wallets
  193. Introduction to cryptocurrency wallets
  194. Transactions in cryptocurrency wallets
  195. Types of cryptocurrency wallets
  196. Currency support
  197. Tenancy 
  198. Software wallets
  199. Hardware wallets
  200. Paper wallets
  201. Brain wallet
  202. Usage frequency
  203. Key derivation
  204. Non-deterministic wallet
  205. Deterministic wallets
  206. Hierarchical deterministic wallets
  207. Mnemonic codes
  208. Key generation process in HD wallets
  209. Child key derivation 
  210. Private key generation
  211. Extended keys 
  212. Summary
  213. Alternate Blockchains
  214. Various uses of blockchain
  215. Government
  216. Healthcare
  217. Medical research
  218. Supply chain
  219. Copyright
  220. Fine art
  221. Shipping
  222. Energy
  223. Computation and data storage
  224. Identification and social security
  225. Enterprise
  226. Ripple
  227. Transactions
  228. Stellar 
  229. Tendermint
  230. Monax
  231. Summary
  232. Hyperledger and Enterprise Blockchains
  233. History of Hyperledger
  234. Hyperledger projects
  235. Hyperledger Burrow
  236. Hyperledger Sawtooth
  237. Sawtooth architecture
  238. Transaction families
  239. Transactions and batches
  240. The key pieces
  241. Hyperledger Fabric
  242. Architecture choices and features
  243. Organizational focus
  244. Private channels
  245. Assets
  246. Smart contracts
  247. Advantages of Fabric
  248. Hyperledger Iroha
  249. Hyperledger Indy
  250. Tools in Hyperledger
  251. Hyperledger Caliper
  252. Hyperledger Composer
  253. Hyperledger Cello
  254. Hyperledger Explorer
  255. Hyperledger Quilt
  256. Relationships between the tools
  257. Which Hyperledger project should you use?
  258. Using Hyperledger
  259. Summary
  260. Ethereum 101
  261. Introducing Ethereum
  262. Components of Ethereum
  263. Ethereum accounts
  264. Ethereum network
  265. Ethereum public MainNet
  266. Ethereum clients
  267. Geth
  268. Installing Geth
  269. Managing accounts
  270. Ethereum gas
  271. Ethereum virtual machine
  272. Execution environment
  273. Ethereum block
  274. Block header
  275. Ommers or uncles
  276. Messages
  277. Ethash
  278. Ether
  279. Procuring ether
  280. Trading
  281. Summary
  282. Solidity 101
  283. Basics of Solidity
  284. The basics of working on Solidity
  285. Using the compiler
  286. Programming in Solidity
  287. Laying out a Solidity file
  288. Importing files
  289. Commenting
  290. Tags
  291. Structure of a contract
  292. State variables
  293. Functions
  294. Function modifiers
  295. Events
  296. Types
  297. Value types
  298. Boolean
  299. Integers
  300. Address
  301. Array value type
  302. Literal
  303. Enums
  304. Function
  305. Function Modifiers
  306. Reference types
  307. Structs
  308. Data location
  309. Mapping
  310. Units and global variables
  311. Summary
  312. Smart Contracts
  313. Why smart contracts?
  314. Automating processes and resolutions between parties
  315. Real-world example
  316. Increased transparency
  317. Ending centralized data
  318. Increased fairness
  319. Smart contract approaches
  320. Example Ethereum smart contracts
  321. The promises
  322. Security considerations
  323. Dealing with threats in smart contracts
  324. Limitations of smart contracts
  325. Data quality and mistakes
  326. Legal validity
  327. Stability of meaning
  328. Summary
  329. References
  330. Ethereum Accounts and Ether Tokens
  331. Introducing Ethereum accounts
  332. Ethereum state transition function
  333. Genesis block
  334. Transaction receipts
  335. Elements
  336. Post-transaction state
  337. Gas used
  338. Set of logs
  339. The bloom filter
  340. Structure
  341. Transaction sub state
  342. Suicide set
  343. Log series
  344. Refund balance
  345. Messages
  346. Calls
  347. Ethereum block validation
  348. Uncles validation
  349. Block difficulty
  350. Block finalization
  351. Disadvantages of Ethereum-based tokens
  352. Summary
  353. Decentralized Applications
  354. What makes an application decentralized
  355. Defining a decentralized application
  356. Decentralized apps and blockchain
  357. Using blockchain does not make an application decentralized
  358. Major decentralized blockchain applications
  359. Aragon
  360. district0x
  361. What is a district?
  362. Ethereum name service
  363. Civic/uPort
  364. Gnosis
  365. Steemit
  366. CryptoKitties
  367. Summary
  368. References
  369. Mining
  370. Cryptocurrency mining
  371. The mining process
  372. Algorithms 
  373. Mining hardware
  374. CPU-based mining
  375. GPU-based mining
  376. FPGA-based mining
  377. ASIC-based mining
  378. Miner types
  379. Cloud mining
  380. Hardware mining
  381. Mining rigs
  382. Mining pools
  383. Pay-per-share – PPS
  384. Proportional – PROP
  385. Pay-per-last-N-shares – PPLNS
  386. The double geometric method – DGM
  387. Shared maximum pay per share – SMPPS
  388. Equalized shared maximum pay per share – ESMPPS
  389. Recent shared maximum pay per share – RSMPPS
  390. Capped pay per share with recent backpay – CPPSRB
  391. Bitcoin pooled mining – BPM
  392. Pay on target – POT
  393. SCORE
  394. Popular pools
  395. Mining software
  396. Summary
  397. ICO 101
  398. The current state of the ICO market
  399. Increasing volume of ICOs
  400. Typical aspects of an ICO campaign
  401. Whitepaper
  402. Private placement
  403. Pre-sale
  404. Good pre-sale practices
  405. Public sale
  406. Capped sale
  407. Uncapped sale
  408. Dutch auction
  409. Influencer marketing
  410. PR campaigns
  411. Content marketing
  412. ICO reviewers
  413. Smart contract and prototype development
  414. Code audits
  415. Bounty campaigns
  416. Airdrops
  417. Road shows
  418. Issues with ICOs and blockchain projects
  419. Proof of product-market fit and traction
  420. Low barrier to entry
  421. Does a project really need the blockchain?
  422. Misleading token practices
  423. Legality
  424. Utility versus Security
  425. Other considerations
  426. Sustainability
  427. Advantages of ICOs
  428. Liquidity
  429. Lack of gatekeepers
  430. Minimal investment sizes
  431. Notable scams 
  432. Onecoin
  433. Pincoin and iFan
  434. Bitconnect
  435. Other problems
  436. Major hacks
  437. The DAO
  438. Parity
  439. Securing an ICO
  440. SSH key locked servers
  441. DNS security
  442. Intrusion detection
  443. Purchase related domains
  444. Monitor social channels
  445. Multi-signature wallets
  446. Code audits
  447. Conclusion
  448. References
  449. Creating Your Own Currency
  450. Understanding types of cryptocurrency
  451. Tokens based on existing blockchains
  452. Creating a new blockchain from scratch
  453. A forked blockchain with one's own genesis block
  454. Litecoin's development
  455. The process
  456. Creating one's own cryptocurrency
  457. Setting up Litecoin
  458. Platform selection
  459. Preparation
  460. Dependency installation
  461. Build instructions
  462. Setting up our own coin
  463. Port selection
  464. The setting of block-related parameters
  465. Amount limit
  466. The coinbase maturity number
  467. Genesis block creation
  468. Wallet address
  469. Checkpoints
  470. Creatives and graphics
  471. Summing up 
  472. Summary
  473. Scalability and Other Challenges
  474. Scalability and decentralization
  475. Blockchains in business
  476. Usability
  477. Lack of protection
  478. 51% attacks
  479. Network forks
  480. Catastrophic bugs
  481. Lack of interoperability
  482. Low availability of blockchain skills
  483. Privacy
  484. Energy consumption
  485. Summary
  486. References
  487. Future of Blockchain
  488. Ongoing fragmentation and specialization
  489. Video games
  490. Real estate
  491. Logistics
  492. Licensing
  493. Industry consortiums
  494. A large number of total-loss projects
  495. Legal and regulatory evolution
  496. Security token offerings
  497. Aggregate and insurance products
  498. Technological stabilization
  499. Ethereum and Hyperledger 
  500. Service consolidation and product offerings
  501. Cross-chain communication
  502. Intersecting with AI and IoT
  503. Blockchain-intersecting AI
  504. Blockchain-intersecting IoT
  505. Summary
  506. Understanding Decentralized Applications
  507. Decentralized autonomous organization
  508. User identity in DApps
  509. User accounts in DApps
  510. Accessing the centralized apps
  511. Internal currency in DApps
  512. Disadvantages of internal currency in DApps
  513. What are permissioned DApps?
  514. Popular DApps
  515. Bitcoin
  516. What is a ledger?
  517. What is blockchain?
  518. Is Bitcoin legal?
  519. Why would someone use Bitcoin?
  520. Ethereum
  521. The Hyperledger project
  522. IPFS
  523. How does it work?
  524. Filecoin
  525. Namecoin
  526. .bit domains
  527. Dash
  528. Decentralized governance and budgeting
  529. Decentralized service
  530. BigChainDB
  531. OpenBazaar
  532. Ripple
  533. Summary
  534. Understanding How Ethereum Works
  535. Transactions
  536. Timestamp
  537. Nonce
  538. Block time
  539. Forking
  540. Genesis block
  541. Peer discovery
  542. Whisper and Swarm
  543. Ethereum Wallet
  544. Serenity
  545. Payment and state channels
  546. Proof-of-stake and casper
  547. Sharding
  548. Summary
  549. Writing Smart Contracts
  550. Solidity source files
  551. The structure of a smart contract
  552. Data location
  553. What are the different data types?
  554. Arrays
  555. Strings
  556. Structs
  557. Enums
  558. Mappings
  559. The delete operator
  560. Conversion between elementary types
  561. Using var
  562. Control structures
  563. Creating contracts using the new operator
  564. Exceptions
  565. External function calls
  566. Features of contracts
  567. Visibility
  568. Function modifiers
  569. The fallback function
  570. Inheritance
  571. The super keyword
  572. Abstract contracts
  573. Libraries
  574. Using for
  575. Returning multiple values
  576. Importing other Solidity source files
  577. Globally available variables
  578. Block and transaction properties
  579. Address type related
  580. Contract related
  581. Ether units
  582. Proof of existence, integrity, and ownership contract
  583. Compiling and deploying contracts
  584. Summary
  585. Getting Started with web3.js
  586. Introduction to web3.js
  587. Importing web3.js
  588. Connecting to nodes
  589. The API structure
  590. BigNumber.js
  591. Unit conversion
  592. Retrieving gas price, balance, and transaction details
  593. Sending ether
  594. Working with contracts
  595. Retrieving and listening to contract events
  596. Building a client for an ownership contract
  597. The project structure
  598. Building the backend
  599. Building the frontend
  600. Testing the client
  601. Summary
  602. Building a Wallet Service
  603. hooked-web3-provider and ethereumjs-tx libraries
  604. Introduction to LightWallet
  605. HD derivation path
  606. Building a wallet service
  607. Prerequisites
  608. Project structure
  609. Building the backend
  610. Building the frontend
  611. Testing
  612. Summary
  613. Building a Smart Contract Deployment Platform
  614. Calculating a transaction's nonce
  615. Introducing solcjs
  616. Installing solcjs
  617. solcjs APIs
  618. Using a different compiler version
  619. Linking libraries
  620. Updating the ABI
  621. Building a contract deployment platform
  622. The project structure
  623. Building the backend
  624. Building the frontend
  625. Testing
  626. Summary
  627. Building a Betting App
  628. Introduction to Oraclize
  629. How does it work?
  630. Data sources
  631. Proof of authenticity
  632. Pricing
  633. Getting started with the Oraclize API
  634. Setting the proof type and storage location
  635. Sending queries
  636. Scheduling queries
  637. Custom gas
  638. Callback functions
  639. Parsing helpers
  640. Getting the query price
  641. Encrypting queries
  642. Decrypting the data source
  643. Oraclize web IDE
  644. Working with strings
  645. Building the betting contract
  646. Building a client for the betting contract
  647. Projecting the structure
  648. Building the backend
  649. Building the frontend
  650. Testing the client
  651. Summary
  652. Building Enterprise Level Smart Contracts
  653. Exploring ethereumjs-testrpc
  654. Installation and usage
  655. The testrpc command-line application
  656. Using ethereumjs-testrpc as a web3 provider or as an HTTP server
  657. Available RPC methods
  658. What are event topics?
  659. Getting started with truffle-contract
  660. Installing and importing truffle-contract
  661. Setting up a testing environment
  662. The truffle-contract API
  663. The contract abstraction API
  664. Creating contract instances
  665. The contract instance API
  666. Introduction to truffle
  667. Installing truffle
  668. Initializing truffle
  669. Compiling contracts
  670. Configuration files
  671. Deploying contracts
  672. Migration files
  673. Writing migrations
  674. Unit testing contracts
  675. Writing tests in JavaScript
  676. Writing tests in Solidity
  677. How to send ether to a test contract
  678. Running tests
  679. Package management
  680. Package management via NPM
  681. Package management via EthPM
  682. Using contracts of packages within your contracts
  683. Using artifacts of packages within your JavaScript code
  684. Accessing a package's contracts deployed addresses in Solidity
  685. Using truffle's console
  686. Running external scripts in truffle's context
  687. Truffle's build pipeline
  688. Running an external command
  689. Running a custom function
  690. Truffle's default builder
  691. Building a client
  692. Truffle's server
  693. Summary
  694. Building a Consortium Blockchain
  695. What is a consortium blockchain?
  696. What is Proof-of-Authority consensus?
  697. Introduction to parity
  698. Understanding how Aura works
  699. Getting parity running
  700. Installing rust
  701. Linux
  702. OS X
  703. Windows
  704. Downloading, installing and running parity
  705. Creating a private network
  706. Creating accounts
  707. Creating a specification file
  708. Launching nodes
  709. Connecting nodes
  710. Permissioning and privacy
  711. Summary
  712. Other Books You May Enjoy
  713. Leave a review - let other readers know what you think

Security considerations

It is important to understand smart contracts in the domain in which they live: decentralized, asynchronous networks. As a result of living in this ecosystem, there are security considerations that are not always obvious and can lead to issues. To illustrate, we are going to look into two related functions of the ERC20 standard: approve and transferFrom. Here is code for the approve function from OpenZeppelin:

function approve(address _spender, uint256 _value) public returns (bool) {
   allowed[msg.sender][_spender] = _value;
   emit Approval(msg.sender, _spender, _value);
   return true;
 }

The approve function allows a token owner to say that they have approved a transfer of their token to another account. Then, in response to different events, a future transfer can take place. How this happens depends on the application, but such as the token sale, by approving a transfer, a blockchain application can later call transferFrom and move the tokens, perhaps to accept payment and then perform actions. Let's look at that code:

function transferFrom(address _from,address _to,uint256 _value) public returns (bool) {
   require(_to != address(0)); // check to make sure we aren't transfering to nowhere.

   // checks to ensure that the number of tokens being moved is valid.
   require(_value <= balances[_from]); 
   require(_value <= allowed[_from][msg.sender]);

   // execute the transfer.
   balances[_from] = balances[_from].sub(_value);
   balances[_to] = balances[_to].add(_value);
   allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);

   //Record the transfer to the blockchain.
   emit Transfer(_from, _to, _value); 
   // let the calling code or app know that the transfer was a success.
   return true;
 }

The two functions work together. The user wishing to use the app uses approve to allow payment, and the app calls transferFrom in order to accept. But because of the asynchronous nature of the calls, it is possible for flaws to exist.

Imagine an app where users can pay tokens in order to join a digital club—40 tokens for a basic membership and 60 tokens for an enhanced membership. Users can also trade the tokens to other people or sell them as they wish. The ideal case for these two functions is where a user approves 40 tokens and the application registers this and calls transferFrom to move the 40 tokens, and then grants access as part of the smart contract. So far so good.

It's important to keep in mind that each action here takes time, and the order of events is not fixed. What actually happens is that the user sends a message to the network, triggering approve, the application sends another message, triggering transferFrom, and then everything resolves when the block is mined. If these transactions are out of order (transferFrom executing before approve), the transaction will fail. Moreover, what if the user changes their mind and decides to change their approval from 40 to 60? Here is what the user intends:

  1. Userapprove 40 (block 1)
  2. Userapprove 60 (block 1)
  3. ApptransferFrom 60 to App (block 1)
  4. App: Grant enhanced membership (block 2)

In the end, the user paid 60 tokens and got what they wanted. But because each of these events are asynchronous and the order is decided by the miners, this order is not guaranteed. Here, is what might happen instead:

  1. Userapprove 40 (block 1)
  2. ApptransferFrom 40 to App (block 1)
  3. Userapprove 60 (block 2, as the miners did not include it in block 1)
  4. ApptransferFrom 60 to App (Block 2)

Now the user has paid 100 tokens without meaning to. Here is yet another permutation:

  1. Userapprove 40 (block 1)
  2. Userapprove 60 (block 1)
  3. ApptransferFrom 40 to app (block 2)
  4. App: Grants basic membership (block 2)
  5. ApptransferFrom 60 to app (block 3) | fails

At the end of this sequence, the user still has 20 tokens approved, and the attempt to get the enhanced membership has failed. While an app can and should be written without these issues by doing such things as allowing upgraded membership for 20 tokens and checking the max approval before transferFrom is called, this attention to detail is not guaranteed or automatic on the part of application authors.

The important thing to understand is that race conditions and ordering issues are extremely important in Ethereum. The user does not control the order of events on a blockchain, nor does an app. Instead, it is the miners that decide which transactions occur in which blocks and in which order. In Ethereum, it is the gas price that affects the priority that miners give transactions. Other influences can involve the maximum block gas limit, the number of transactions already in a block, and whether or not a miner that successfully solves a block has even seen the transaction on the network. For these reasons, smart contracts cannot assume that the order of events is what is expected.