Web3-Resources

Basic Concepts

Decentralization & Web3

Networks, tools & processes not controlled by a central entity

Readings:

Blockchain

A database formed by a sequence of entries (blocks)
Blockchains are special computers that anyone can access but no one owns
A decentralized system of peer to peer (P2P) network
Immutable, shared & distributed ledger
Key Features
- Immutable
- Traceable
- Secured

Readings:

Permissionless & Trustless

Permissionless means the ability to participate in a network without the need for application or approval.
Trustless means "trust" is established in a decentralized way, for example via decentralized identity and verifiable credentials.

Digital Assets, Tokens & Coins

An asset normally refers to a physical resource with economic or financial value which is expected to provide benefits to the owner(s) in the future. Assets can be either owned or controlled to produce value and can be either tangible or intangible.
A coin is the official digital currency used by a cryptocurrency platform (i.e. Ether/Eth in Ethereum, XRP in Ripple)
A token is a scarce digital asset that exists on top of an existing coin or blockchain

Smart Contract

A smart contract is a tamper-proof program that runs on a blockchain network when certain predefined conditions are met

Protocol

A protocol is digital infrastructure with a set of rules for how people interact with it. Those rules determine how the system works.
A blockchain protocol is the rules that govern the blockchain network
Protocols aren't exclusive to cryptocurrency. They’re fundamental to how the internet works, governing the transmission of data from one computer to another. Email, for instance, is based on several sets of protocols. The HTTP stands for “hypertext transfer protocol.”

Fungibility

The ability of a good or asset to be interchanged with other individual goods or assets of the same type
It implies equal value between the assets
Simplifies the exchange and trade processes
To put it into perspective, the fungibility of money refers to the fact that all money is the same. It doesn't matter whether you have one $100 bill or one hundred $1 bills. You can use both of them to purchase the same product

Non-Fungible Token (NFT)

A unit of ownership on the internet Ref
NFTs are unique cryptographic tokens that exist on a blockchain and cannot be replicated
NFTs can be used to represent real-world items like artwork, real-estate, tangible items like collectibles
"Tokenizing" these real-world tangible assets allows them to be bought, sold, and traded more efficiently while reducing the probability of fraud
Possession does not equal ownership. NFT decouples these two concepts.
NFTs are just digital abstractions used to represent assets that are one of a kind
NFTs can make fractionalized ownership more accessible. With NFTs, you can also prove that the item is real and tamper proof. This is an issue in the physical collectibles space.
Some have speculated that NFT can be viewed as a tradable API key with limited supply that gives you access to multiple services run by different companies Alex Atallah, Co-Founder & CTO of OpenSea on Twitter

Readings:

Decentralized Autonomous Organization (DAO)

Decentralized means Online, global, uncensorable. Autonomous means Self-governing. And Organization means Coordination & collaboration around shared objectives
A DAO is an internet/online community with a shared interest and a shared crypto wallet/bank account
Cryptoeconomics and monetization strategies in DAOs is a key differentiating factor that make them different from traditional professional working groups and special interest communities

Readings:

Decentralized Finance (DeFi)

Financial instruments without relying on intermediaries such as brokerages, exchanges, or banks by using smart contracts on a blockchain

Readings:

Regenerative Finance (ReFi)

The abbreviation of ReFi is a signal to it’s origins in DeFi (decentralized finance)
Regenerative Finance uses money as a tool to solve climate change, environmental conservation and biodiversity
The primary type of ReFi instrument that in use today are carbon offset credits.
ReFi projects aim to address the existing fraud or double-counting of carbon credits in unregulated carbon credit markets
On-chain carbon credits are traceable and immutable, meaning that no two people are able to claim the same credit twice
Thus, the ReFi movement uses programmable carbon to integrate climate finance into the fabric of economic transactions

Readings:

Basic Web3 Concepts Reading Lists

Wait. Web5?

Components:

Decentralized Identifiers
Verifiable Credentials
Decentralized Web Nodes

Readings:

Critiques

Zero Knowledge Proof (ZKP)

The Web3 Stack

Web3 Stack by Layers

The OSI and TCP/IP models are logical and conceptual model that defines network communication used by systems. The TCP/IP Protocol Stack is made up of 4 primary layers:

Application
Transport
Internet/Network
Link/Network Interface/Physical

And the OSI divided the architecture into these 7 different layers:

Application
Presentation
Session
Transport
Network
Data Link
Physical layers

Differences between OSI Reference Model & TCP/IP Coneptual Layes

For blockchain-based systems, the web3 stack can be divided into 5 layers based on the functionalities defined by the aforementioned models:

Application
Presentation (+Session) Layer
Transport/Blockchain Interaction Layer
Network/Protocol Layer
Infrastructure

Application Layer

Acesss

Wallet: Metamask, Walletconnect, Coinbase Wallet, Rainbow, Phantom
Browser: Brave
Aggregators: Dappradar, Zapper

Use Case

DeFi: UniSwap, Aave
NFT: OpenSea, Raribale,
Content/Social: Lens, Mirror
Gaming: Decentraland, Axie Infinity

Presentation+Session Layer

Client: Web3JS, EthersJS
Development Environment: Hardhat, Truffle, Foundry, Brownie
File Storage: IPFS, Arweave, Filecoin, Filebase

Transport/Blockchain Interaction Layer

Data Access: The Graph, Chainlink, Ceramic, Alchemy
Block Explorer: Etherscan, Snowtrace, Polygonscan

Network/Protocol Layer

L1: Ethereum, Solana, Near, Avalanche, Polkadot, Celo
L2: Polygon, Arbitrum, ZkSync, Starknet
Bridge: Synapse, Anyswap, Hop

Infrastructure

Identity & Auth: ENS, SpruceID, Ceramik SelfID
Node Provider: Alchemy, Moralis, Infura, Thirdweb

Tech Stack Readings

Starter Developer Resources

Tutorials

Common Developer Resources

Solidity - The most popular smart contract language.
Metamask - Browser extension wallet to interact with Dapps.
Truffle - Most popular smart contract development, testing, and deployment framework. Install the cli via npm and start here to write your first smart contracts.
Hardhat - Flexible, extensible and fast Ethereum development environment.
Cryptotux - A Linux image ready to be imported in VirtualBox that includes the development tools mentionned above
OpenZeppelin Starter Kits - An all-in-one starter box for developers to jumpstart their smart contract backed applications. Includes Truffle, OpenZeppelin SDK, the OpenZeppelin/contracts-ethereum-package EVM package of audited smart contract, a react-app and rimble for easy styling.

Cheatsheets, Terminologies, Glossary

Patterns & Best Practices

Patterns for Smart Contract Development

Ethereum Smart Contract Best Practices
Dappsys: Safe, simple, and flexible Ethereum contract building blocks
- provides building blocks for the MakerDAO or The TAO
- should be consulted before creating own, untested, solutions
- usage is described in Dapp-a-day 1-10 and Dapp-a-day 11-25
OpenZeppelin Contracts: An open framework of reusable and secure smart contracts in the Solidity language.
- Likely the most widely-used libraries and smart contracts
- Similar to Dappsys, more integrated into Truffle framework
- Blog about Best Practices with Security Audits
Advanced Workshop with Assembly
Simpler Ethereum Multisig - especially section Benefits
CryptoFin Solidity Auditing Checklist - A checklist of common findings, and issues to watch out for when auditing a contract for a mainnet launch.
EIP-2535 Diamond Standard
- Organize contracts so they share the same contract storage and Ethereum address.
- Solves the 24KB max contract size limit.
- Upgrade diamonds by adding/replacing/removing any number of functions in a single transaction.
- Upgrades are transparent by recording them with a standard event.
- Get information about a diamond with events and/or four standard functions.
Clean Contracts - A guide to writing clean code

Upgradability & Proxy Patterns

In a scenario of a deployed smart contract with user funds having a vulnerability, a hot fix should be required to be deployed without delay. Traditional smart contract patterns don’t allow such hot fixes. Instead, the developers need to deploy a new contract every time they want to add a feature or fix a bug. To address this, upgradability patterns have been introduced. Upgradability means that the client always interacts with the same contract (proxy), but the underlying logic can be changed (upgraded) whenever needed without losing any previous data. There are three types of proxy patterns:

Diamond pattern : EIP-2532
Transparent proxy pattern : EIP-1967
Universal upgradeable proxy standard (UUPS): EIP-1822

OpenZeppelin suggests using the UUPS pattern as it is more gas efficient. One of the main caveats is that because the upgrades are done via the implementation contract with the help of upgradeTo method, there’s a higher risk of newer implementations to exclude the upgradeTo method, which may permanently kill the ability to upgrade the smart contract.

Ref: Using the UUPS proxy pattern to upgrade smart contracts - LogRocket

Security Best Practices & Resources

Technical Architecture of Full Stack dApps

The Architecture of a Web 3.0 application

Gas Optimizations

Developer Tools

Smart Contract Languages

Solidity - Ethereum smart contracting language
Vyper - New experimental pythonic programming language

Frameworks

Truffle - Most popular smart contract development, testing, and deployment framework. The Truffle suite includes Truffle, Ganache, and Drizzle. Deep dive on Truffle here
Hardhat - Flexible, extensible and fast Ethereum development environment.
Brownie - Brownie is a Python framework for deploying, testing and interacting with Ethereum smart contracts.
Embark - Framework for DApp development
Waffle - Framework for advanced smart contract development and testing, small, flexible, fast (based on ethers.js)
Dapp - Framework for DApp development, successor to DApple
Etherlime - ethers.js based framework for Dapp deployment
Parasol - Agile smart contract development environment with testing, INFURA deployment, automatic contract documentation and more. It features a flexible and unopinionated design with unlimited customizability
0xcert - JavaScript framework for building decentralized applications
OpenZeppelin SDK - OpenZeppelin SDK: A suite of tools to help you develop, compile, upgrade, deploy and interact with smart contracts.
sbt-ethereum - A tab-completey, text-based console for smart-contract interaction and development, including wallet and ABI management, ENS support, and advanced Scala integration.
Cobra - A fast, flexible and simple development environment framework for Ethereum smart contract, testing and deployment on Ethereum virtual machine(EVM).
Epirus - Java framework for building smart contracts.

IDEs

Remix - Web IDE with built in static analysis, test blockchain VM.
Ethereum Studio - Web IDE. Built in browser blockchain VM, Metamask integration (one click deployments to Testnet/Mainnet), transaction logger and live code your WebApp among many other features.
Atom - Atom editor with Atom Solidity Linter, Etheratom, autocomplete-solidity, and language-solidity packages
Vim solidity - Vim syntax file for solidity
Visual Studio Code - Visual Studio Code extension that adds support for Solidity
Ethcode - Visual Studio Code extension to compile, execute & debug Solidity & Vyper programs
Intellij Solidity Plugin - Open-source plug-in for JetBrains IntelliJ Idea IDE (free/commercial) with syntax highlighting, formatting, code completion etc.
YAKINDU Solidity Tools - Eclipse based IDE. Features context sensitive code completion and help, code navigation, syntax coloring, build in compiler, quick fixes and templates.
Eth Fiddle - IDE developed by The Loom Network that allows you to write, compile and debug your smart contract. Easy to share and find code snippets.

Ethereum

Eth Dev Tools List

Wallet

Faucet

Faucet to fund testnet with Celo
Faucet to fund 5 testnet with ETH, wETH, DAI & NFTs - Paradigm Faucet
- Sign in via Twitter is a must
- Your Twitter account must have at least 1 Tweet, 15 followers, and be older than 1 month.
- The faucet drips 1 ETH, 1 wETH, 500 DAI, and 5 NFTs (ERC721).
- You will receive these tokens on Kovan, Görli, Optimistic Kovan, Polygon Mumbai and Avalanche Fuji.
- You can claim from the faucet once every 24 hours.

Others (Custom RPC, ABI, etc.)

Steps to add Custom RPC (i.e. Celo Alfajores Network) on Metamask

After opening up Metamask wallet account, open the Chrome extension & click on the network dropdown
Click on "Custom RPC"
Put "Alfajores Network" as Network Name (you can put anything else to your own convenience)
Put this URL as New RPC URL
Put 44787 as Chain ID
Currency Symbol & Block Explorer URL are fields optional

Convert a contract into an interface/Generate a Solidity interface from a given ABI

Run forge inspect CONTRACT abi
Paste into https://gnidan.github.io/abi-to-sol

Or,

forge inspect CONTRACT abi > abi.json
cast interface abi.json > IFace.sol

References:

Q&As/Interview Questions

Fundamentals

Briefly explain Consensus mechanism in Blockchain

A consensus algorithm is a method through which all the peers of the blockchain network reach a standard agreement of the present state of a distributed ledger. It achieves high reliability and establishes trust between unknown peers in the distributed computing environment.

There are different types of consensus algorithms:

Proof-of-Work(PoW)
Proof-of-Capacity (PoC)
Proof-of-Activity (PoA)
Delegated Proof-of-Stake(DPoS)
Proof-of-Stake(PoS)
Proof-of-Authority
Proof-of-Burn
Unique Node Lists
Proof-of-Weight
Proof-of-Elapsed Time
SIEVE
Byzantine Fault Tolerance

What's Markel Tree

Merkel Tree is a data structure that is used for verifying a block.

Each leaf node is a hash of a block of transactional data
Each non-leaf node is a hash of its leaf node
The Merkel root or hash root is the final hash root of all the transaction hashes. It encompasses all the transactions that are underlying all the non-leaf nodes.

The importance of a Merkle tree in the blockchain is that if anyone wants to verify the specific transaction in a block, they can download the chain of block headers instead of downloading every transaction and every block.

In what order blocks are linked in blockchain?

All the blocks in the blockchain are linked in the backward order or each block links with its previous block.

What's a 51% attack/double-spend attack?

A 51% attack or double-spend attack occurs when a group of miners on a blockchain controls >50% of the network’s mining hash rate or computing power. They can reverse completed transactions & thus double-spend coins.

In a PoW, Any malicious user would need to have 51% of computation power to solve the problem and thereby add the wrong block.
In a PoS, any malicious user would need to have 51% of the total money on the network to add a wrong block.

What does nonce mean?

A nonce is an abbreviation for "number only used once". A blockchain nonce is a number added to a hashed—or encrypted—block in a blockchain. A single-use arbitrary string or number generated for verification purposes to prevent replaying past transactions.

What's an oracle?

Entities that can prove provenance and properties of online data from existing data sources or legacy systems. They act as on-chain APIs you can query to get information into your smart contracts. Oracles can also be bi-directional, used to "send" data out to the real world.

It’s important to note that a blockchain oracle is not the data source itself, but rather the layer that queries, verifies, and authenticates external data sources and then relays that information. The data transmitted by oracles comes in many forms – price information, the successful completion of a payment, or the temperature measured by a sensor.

What's the oracle problem & how to avoid it?

Blockchains cannot pull in data from or push data out to any external system as built-in functionality. At the same time, relying on a single source of truth to provide data is insecure and invalidates the decentralization of a smart contract. This is known as the oracle problem.

The entire point of a smart contract is to achieve determinism in accordance to the contract’s terms as opposed to probabilistic execution carried out by human enforcement. To achieve this end, the blockchain cannot have any single point of failure, i.e. a centralized blockchain oracle. So we can avoid the oracle problem by using a decentralized oracle that pulls from multiple data sources; if one data source is hacked or fails, the smart contract will still function as intended.

Readings & Summaries

DECO: Liberating Web Data Using Decentralized Oracles for TLS

DECO (short for DECentralized Oracle) allows users to prove that a piece of data accessed via TLS came from a particular website and optionally prove statements about such data in zero-knowledge, keeping the data itself secret
A three-party handshake splits a shared TLS session key between provers and verifiers, where the prover uses a zero-knowledge proof to verify the data without revealing its type or contents
The prover cannot forge data, and the verifier cannot access additional data
Data validation happens on a public blockchain without revealing the data to anyone, keeping sensitive information secure
A single instance of DECO could enable anyone to become an oracle for any website
Works with modern TLS versions, requires no trusted hardware and no server-side modifications

Sources:

Town Crier: An Authenticated Data Feed for Smart Contracts

Addresses the question of "Who can be trusted to provide data to smart contracts in a trustworthy way?"
The Town Crier (TC) system addresses this problem by using trusted hardware, namely the Intel SGX instruction set, a new capability in certain Intel CPUs.
How it works:
- When it receives a query from an application contract, the TC server fetches the requested data from the website and relays it back to the requesting contract.
- Query processing happens inside an SGX-protected environment known as an “enclave”.
- The requested data is fetched via a TLS connection to the target website that terminates inside the enclave
- SGX protections prevent even the operator of the server from peeking into the enclave or modifying its behavior, while use of TLS prevents tampering or eavesdropping on communications on the network
DECO and Town Crier
- The two systems have similar goals, but differ in their trust models and implementations
- Town Crier can achieve all of the functionality of DECO and more.
- DECO constrains the Prover to interaction with a single Verifier. In contrast, Town Crier enables a Prover to generate a publicly verifiable proof on data fetched from a target server, i.e., a proof that anyone, even a smart contract, can verify directly.
- Town Crier can also securely ingest and make use of secrets (e.g., user credentials).
The main limitation of Town Crier is its reliance on TEEs.

Sources:

Chainlink 2.0: Next Steps in the Evolution of Decentralized Oracle Networks

Decentralized Oracle Networks (DON) are designed to enhance and extend the capabilities of smart contracts on a target blockchain or main chain through functions that are not available natively.
They do so by providing the three basic resources found in computing systems:
- Networking
- Storage, and
- Computation
A DON acts as a blockchain abstraction layer, providing interfaces to off-chain resources for both smart contracts and other systems.
DON improves the scaling of blockchain-enabled smart contracts by shifting the main locus for transaction processing from blockchain to itself
Decentralized Oracle Network Transaction-Execution Framework (DON-TEF) or TEF is a design pattern for the construction and execution of a performant hybrid smart contract
How TEF works
- An original target contract SC is refactored into a hybrid contract
- This refactoring produces the two interoperating pieces of the hybrid contract:
  - A MAINCHAIN contract/an anchor contract: custodies users’ assets, executes authoritative state transitions, and also provides guard rails (see Section 7.3) against failures in the DON
  - An executable on a DON: sequences transactions and provides associated oracle data for them. It can bundle transactions for the anchor contract
In TEF schematic, transactions pass through the mempool of a smart-contract enabled blockchain (MAINCHAIN) via Mempool Services (MS) to the DON

Sources: Chainlink whitepaper v2

SaadAAkash / web3-resources

Web3-Resources

Basic Concepts

The Web3 Stack

Application Layer

Acesss

Use Case

Presentation+Session Layer

Transport/Blockchain Interaction Layer

Network/Protocol Layer

Infrastructure

Starter Developer Resources

Patterns & Best Practices

Developer Tools

Q&As/Interview Questions

Fundamentals

Readings & Summaries

About