Chapter 1
- In the first chapter, we discussed many different properties of blockchain. Of those properties, immutability and replacing trust are the most unique. If your application needs these properties, then blockchain should be used; otherwise, it is not recommended that you use blockchain as part of your application.
- Blockchain is also called distributed database and distributed ledger technology. As it is a distributed database, it offers many benefits, which we discussed in the chapter on the properties of blockchain; however, centralized databases and other kinds of database have their own benefits. For example, centralized databases are fast in transaction processing, they can handle large amounts of data, and keeping each storage cell persistent does not require any kind of fee. Hence, blockchain technology is not going to replace traditional databases.
- Blockchain technology...
Chapter 2
- Both of these functions are available with the address data type. The transfer call fails even when an internal function call throws an error; however, the send function returns the bool type as false in the event of a failure.
- If you use the send function in your contract, then you would need to explicitly check for the returned bool type, which could be missed, which would lead to a higher chance of getting it wrong. Even if there is no more gas left during the send call and an out-of-gas exception is thrown, it will return false as a result. For these reasons, it is recommended that you use transfer rather than the send function.
- It is not recommended that you use the delegatecall function. This functions use low-level calls. These calls use the code from another contract, but use the storage...
Chapter 3
- A Solidity contract can be large enough to be deployed into a single block of Ethereum blockchain. An Ethereum block has a maximum gas limit that, at the time of writing, is 8 million gas units. If your contract takes 8 million or less gas units at the time of deployment, you can deploy your contract on the blockchain. If it takes more gas than 8 million gas units, consider enabling optimization on your contract; this would reduce the amount of gas significantly. If, even after enabling optimization, your contract is still taking more than 8 million gas units, then you would have to break your contracts into multiple contracts and link those contracts together with interfaces.
- Prior to Solidity version 0.4.22, you could define a function as having the same name as the contract. That function becomes the constructor of the contract; however, this was deprecated...
Chapter 4
- You can create as many accounts as you want in MetaMask. MetaMask supports the BIP-44 (short for Bitcoin Improvement Proposal) algorithm to create new EOA accounts using the same secret seed phrase. You can keep on creating new accounts in MetaMask by clicking on Create Account, and it will generate a new account. Using the same secret seed phrase, you can create the same accounts again in the same order on another MetaMask instance on other browsers or computers.
- Yes, you can connect MetaMask to your own private blockchain by configuring the Custom RPC URL in the MetaMask. To do this, choose Custom RPC from the network list; it will ask you the RPC URL to connect to.
- The MetaMask secret seed is also called a mnemonic. The mnemonic is created from the English word list so that it can be remembered by humans easily. Using these mnemonics, the user can generate...
Chapter 5
- Ganache GUI provides full UI/UX control, with lots of advanced features that you can configure. The Ganache GUI can be used while you are doing local development; however, the Ganache CLI is the command-line version of Ganache. You can use ganache-cli for your local development environment, as well as automated testing or scripting.
- You can use Ganache as a personal Ethereum blockchain. It is lightweight and easy to set up. However, for a private Ethereum blockchain, you can also use the Geth or Parity blockchain and run it locally.
- Yes, you can use the Truffle framework for deploying contracts using migration scripts in a production environment (mainnet). Truffle maintains the migration status locally, which means that, in future, you'll be able to add more migration scripts and can get your production contract states updated. Normally, the users should not run...
Chapter 6
- The Solidity linters do report some security issues at the Solidity level. They also help in finding common security issues.
- No, having 100% contract coverage does not mean that testing is done efficiently. It only suggests that all the possible branches have been covered by the test cases. However, there could be more test scenarios that are not covered by the test cases; they must be included in the test suite by the developers.
- When you are trying to debug and find out the internal function traces of a specific function, function traces should be used. This will help you understand the transaction flow in the case of complex contract structures.
- It is good practice to use the Solidity linters for projects. The linters find the common issues that would improve your code quality, and sometimes also report common security issues.
Chapter 7
- Ether is not ERC20 compliant, and so it does not support functions such as ERC20 which are applied on ERC20 standard token.
- Let's say that there is a contract that provides a periodic service to subscribed accounts. To subscribe for this service, the contract accepts a certain amount of a specific ERC20 token as a subscription fee. To do this, the contract must have a public or external function that calls the token.transferFrom() function and charges the caller in an ERC20 token. This way, a user can pay for the service using the ERC20 token. Note that you should not transfer the ERC20 token directly to the service contract, as you might lose your tokens.
- Yes, there are some other token standards that have been proposed, such as ERC223 and ERC777. Some of these are still under consideration, and are not widely used in production. As of today...
Chapter 8
- The ERC165 standard is used in the ERC721 standard so that it knows which functions are supported by the contract. Similarly, you can use the ERC165 standard in any other standard or contract to let the client know about the functions supported by the standard or the contract.
- The ERC721 NFT standard should be used when you have some digital assets that are nonfungible. Nonfungibility means that you cannot further subdivide these assets. As an example, digital collectible cards are nonfungible, and each one is different from others.
- The _mint() and _burn() functions are both internal functions, and so these can be called from the implementing contract. The _mint() function is used to create a new, unique ERC721 NFT token and send it to the given address. On the other hand, the _burn() function is used to burn a given NFT...
Chapter 9
- It is bad practice to copy and paste the OpenZeppelin library code and use it in your project. You must install the OpenZeppelin npm package in your project. You can stick to using a specific version of the library files in your project.
- You should not make any modifications in the OpenZeppelin library files present in the node_modules folder. These library files are thoroughly tested, and so if you need a modified version of the files, copy it from the library and maintain your version separately in your project.
- Sometimes, there are requirements for which you do not need some of the functions of the OpenZeppelin library files. In such cases, you can override specific functions in your implementation to always revert a transaction. This is the best way to handle and remove these functions from the library contract files.
- You can use the mathematical...
Chapter 10
- There are many multisig wallet contracts available that can be used by the developer and projects in production. Apart from the Gnosis multisig wallet that we discussed in this chapter, there is a new product from Gnosis, called Gnosis Safe (https://safe.gnosis.io/). The Gnosis Safe has recently been built and has not been battle-tested; however, Gnosis multisig is used mostly by projects, and had been battle-tested.
- Yes, using the Gnosis multisig wallet contract you can receive or transfer any type of ERC token standard, such as ERC20 and ERC721 tokens.
- Yes, a MultiSig-A wallet can also control a MultiSig-B wallet. For this to happen, the MultiSig-B contract must have the MultiSig-A's address as the owner in the owner's list.
- As of now, if the number of owners in a Gnosis multisig wallet is greater than the number of required signatures, you cannot...
Chapter 11
- No, it is only when you require your upgradable contracts that you should use the ZeppelinOS framework; otherwise, it is better to use Truffle.
- No, you should not have constructors defined for your upgradable contracts, as contract initialization is performed via the Proxy contract.
- To achieve true decentralization, you need to ensure that future rule changes are not allowed in contract. Using the immutable property of blockchain, smart contracts are made immutable so that the logic or rules cannot be changed once deployed; however, using a ZeppelinOS-like framework, you can create contracts that can be upgraded in the future. This is a centralized form of control and not a decentralized form of control. When using upgradable contracts, your users cannot trust your model, as it can be changed at any time. Hence the ZeppelinOS framework should be used only when...
Chapter 12
- Always use the latest version of the Truffle framework. The new Truffle framework has new tools and bug fixes available. Also, for OpenZeppelin, make sure that you check the bug fixes present in the library files. If you are using library files from old versions of OpenZeppelin, make sure that there are no issues found in the library after the version you are using; otherwise, it is recommended that you use the latest version of OpenZeppelin.
- Truffle reads the mnemonics seed phrase from the .secret file when using the HD wallet provider. Ensure that the file is kept on a secure machine and that only authorized people have access to that machine. If the machine is compromised, the .secret file could be leaked to attackers.
- Always perform the tests on a local blockchain environment first, such as Ganache. Then, you can perform the tests on testnets (such as...
Chapter 13
- Yes, you can write a withdrawal function to withdraw ERC20 tokens from the contract; otherwise, you would have to send ERC20 tokens from the contract to multiple addresses.
- Based on your system architecture and role-based access, you can apply access restrictions to some or all of the functions present in a contract. If there is no access restriction required by your contracts, you can avoid using this pattern.
- The emergency stop pattern is used in contracts to stop or pause the contract's main behavior when an unfavorable event occurs. The contract should be paused when any bug is found in the contract to stop and migrate to a new contract; however, this pattern is a problem for a truly decentralized system.
- It is recommended that the creation of a new contract is performed via the factory pattern; however, if there is no specific setup required in...
Chapter 14
- Ethereum is a public blockchain, hence all account addresses and transaction data are visible to everyone. There has been some research going on regarding the use of zk-SNARK (zero-knowledge succinct non-interactive argument of knowledge) to perform private transactions on the Ethereum blockchain.
- The delegatecall function should not be used at first. If it is required, then it should be used with extra care to ensure that delegatecall does not allow unauthorized code execution.
- To prevent your contracts from re-entrancy attacks, you must ensure that the state variables are updated before sending ether using the <address>.transfer() function. In other words, the transfer function should be called at the last step in the function.
- The Solidity language uses the intX and uintX data types. Both of these data types are prone to integer overflow...
The rest of the chapter is locked
You have been reading a chapter from
Mastering Blockchain Programming with SolidityPublished in: Aug 2019Publisher: PacktISBN-13: 9781839218262
© 2019 Packt Publishing Limited All Rights ReservedRegister for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $15.99/month. Cancel anytime
Author (1)
