Devcon219 Sep 2016
Notes on presentations
Day One, 19 September 2016
### Martin Becze
He is researching on EVM 2
### Peter Szilagyi
Sorry for network problem
Jeff had a baby (main release) and Peter is in charge of the project now
### Christian Reitwiessner
Working on accelerated interpreter
Remix, mix restart from scratch => serverless IDE
Solidity more flexible and safer
Alex Van de Sande
MIST started from go team and become stand alone team
He is on research of future protocol feature. He and Vlad are working on sharding (there is a test client)
Peter Van Valkenburh
Regulatory considerations for Dapp development
CoinCenter promote regulatory climate preserving freedom to innovate. There are a lot of bitcoin company supporters.
Like Ferdinando they commented ESMA consultation.
They was bitcoin only 2 years ago, (Washington DC at least know it) but now also ethereum and Consensus Open network
They test if something is a good investment under US security laws.
After Paycoin they created a Framework for securities regulations of cryptos, what is less likely to treated as securities:
- Token purchased of use value not for profit expectation
- Token purchased after is already up and running
- Token value is dependent on owners efforts so, things to avoid
- Initial coin offering
- Profit sharing
- Endorsing of unregistered securities
Available to contact for any doubt of offering
Ethereum in 25 minutes, a guided tour through the depths of the Merkle underworld
During 2013 people start thinking blockchain is useful for stuff: Colored coins, dns… But most blockchain single purpose device. They are calculator or swiss army knife.
Ethereum is like a Windows Phone (platform for application)
The State is the current information
- Contract code and storage
History = things happened
Full node keep state and optionally history, every account object has:
- Contract code (empty for user)
- Contract storage root trie
Every node process all tx
- privacy support, zk-snark precompiles ring sig, not at base protocol level
- blockchain representation, vm upgrades
- More flexible use of storage
- Scalability (Sharding)
Panel: Evolving the EVM
- Greg Colvin CPP
- Martin Ethereum JS
- Pawel Bilica EVM JIT
- Christian Reitwiessner Solidity
- Alex Beregszaszi Solidity
EVM 2 will use WebAssembly.
Transpiler is needed from EVM to WebAssembly. Why? Because you are backward compatible with existing smart contract.
Why WebAssemply? Code format for browser fast/efficent/portable designed to run on untrusted environment. Once using WebAssemply you can use any language to write smart contracts.
### Philip Daian
- Scaling / Performance
- Authenticated data
The problems are bugs, security more closely tied than anywhere (attacker anonymously monetize, code is public)
- Formal verification
- Way to escape (curators…)
- Bug bounties
- Specification, the more rigorous the better.
- formal (their work Oyente “Making Smart Contract Smarter”)
Escape hatches, you need a human in the loop
Aron Fischer and Viktor Tron
Swap, Swear and Swindle, Swarm incentivization
Swarm is storage solutios for Ethereum, whisper Get data, calculate H of data and the closest node should store that. Routing continuosly ask nearest peer that gives nearest and so on…
Accounting of used bandwith to reward good behavior and penalize bad ones.
Chequebook smart contract used to not pay for every content served. Only the last cheque is payed. Cheque are different from channel. They are basically trusted promissory notes of small value.
If peers get paid they are incentivized to keep popular content. There are no guarantee that less popular content will remain available -> pay nodes to keep your content.
To guarantee that unpopular content remain available over time, challenge the swarm for proof of custody for the data still available, the proof of custody release the payment. What if you can’t find the data you paid for? Security deposits for insurance -> Swindle.
To ask proof of custody you don’t have to keep all the original file but only a small part and make the challenge of a small subset of the small part of the data.
But if storing just a partial content and if no one answer correctly to the proof of custody there are no way to recover the original data.
Private talk with Joseph Poon
He’s interested in atomic swap between chains, this requires software talking and he is here to let someone code this for him. They probably have 12 persons working on lightning network and they will be probably not in the lab for the hackaton after scaling.
Making the EVM scream
From infinite precision to 512 bit gas from 256 to 64 bits Other changes granting lots of improvement on speed
Raiden Network, Off-chain state network
Problems are: throughput, finality, confidentiality, cost.
Scaling to 1M+ tx/s, ERC20 compatibilities, Atomic Swaps
They already have a working prototype, showing us an IoT demo on using Raiden Network to pay for electricity
Collaborating with swarm guys
On chain Exchange -> maker broadcast offer, taker ask for atomic token Swap Problem of free option, party that commits first offers free options. Tokens locked till timeout. Possible solutions is commitment deposits from a third party but Limited trust required
Truebit: Trying to fool a blockchain
Wokrs by doing a 1M step computation of the state root hash by both parties. at some time they differ and I don’t understand why this is useful
Towards web3 infrastructure
Swarm build on chunks of 4Kb. Chunks hashes build a merkle tree granting compact merkle proof and built-in integrity. Who/How the merkle tree is stored???
Gavin Wood is not available because he is becoming dad. Written in Rust, language from Mozilla foundation.
UI running on a web browser from localhost:3000 very cool
State channels: making your application practical
Contract between two parties transacting directly Judge not in the blockchain, in the end multisig with judge outside state channel parties must be online or the can leave promises with hired “bystanders”.
concrete example: etherdice. user submit bets, and hashes for random. bets stop, bets confirmed, preimage communicated, winner executed. Lot of tx lot of Problems.
With state channel zero tx or almost zeros
Martin Becze and Alex Beregszaszi
VM is the core. Performance are needed
EVM has 256 bit words of computation
It has special instructions GASLIMIT, BALANCE, SHA3, they should’t be missing instructions.
WebAssembly has: portable size, Efficient load time. Secure sandbox. Toolchain compatibility, RISC, compact binary representation, fast decoding, single pass validation, Integer and Float operations.
(the latter not included in EVM2).
Defines as AST abstract state machine which easily processed and transformed.
Already implemented in Chrome, Firefox nightly, edge, nodejs 7.0,
It is Proposed replacement for current EVM, restricted set of WASM, ex no float point operations. Defines backward compatibility for existing smart contract code with EVM2WASM translate from evm to wasm producing very fast code. 5000 line of wasm, 400 of js.
Metering injection, decoupling from VM. Inserting calls for gas calculation at run time.
EEI Ethereum interface VM semantic 3 new rules
- check contract for ewasm signauture
- call EVM2WASM
- use sentinel contract
Light client easily written integrating the kernel <1000 lines of WebAssembly.
Zcash could be build on WebAssembly
There is a ewasm-libc so you can write smart contract in C.
GAS on EVM1 calculated by benchmarking on Vitalik’s laptop. With WASM gas cost will be based on the cycle count. The gas cost table will be stored in a contract so any client shouldn’t changes for changes in gas (it’s an update on data not an update on code).
Web assembly use less cycle for example for sha256 that could be implemented as real instructions not special precompiled one.
A Correct-by-Construction Asynchronous Casper Protocol
Byzantine consensus safety on 2/3 in async network, 1/2 in sync one estimates are non finalized decisions or decision proposals adversary try to change an estimates.
He is trying to demonstrate proof of stake validity in asyncronous network (even if a syncronous assumption could be enough for crypto network) because is more general assumption (isn’t solving proof of stake enough?)
Interesting that Vlad wrote on twitter that privacy and anonimity of zcash could be dangerous, and from zcash blog post he is one of the investor
Ethereum on Ruby
Core principle of Ruby is happyness -> readability and flexibility
Teth is a smartcontract testing Framework. Test runs without chain and mining. Emulates the EVM to run unit tests.
Zcash + Ethereum = <3
- Append only - immutability
- Canonicity - single source of truth
- Encryption for privacy and selectively disclosure
Zcash first of his kind to have all this properties! Zooko has no idea what you can do with this.
Privacy is fundamental human right. It has: individual, social, business and economic value.
If you encrypt transaction, how nodes could validate transaction? zk-SNARK! With ZKP you can make crypto proof so they know noone can know that proof without knowing the private key of that output.
How to combine privacy & programmibility? Baby ZoE add zsnark precompiler in Ethereum.
Project Alchemy, include verify zcash pow in solidity, like BTCRelay this is ZRelay. Smart contracts could fullfill orders (decentralized exchanges) but also ethereum contracts could send and receive zcash.
Zcash launches on 28 October. Bitmex already trade Future Zcash today and they are priced at around 0.08 BTC
Lucius Greg Meredith
#### Types for tokens (on agenda: Behavioural types for smart contracts)
Colletive intelligence, swarm intelligence in bees is like global consensus. So it’s present in nature!
We need new kind of disciplines, not just data access errors. A lot of verification is possible at compile time.
We need formal verification for mission-critical systems, formal verification need to lower the cost to achieve global adoption. When you recode the DAO bug in rholang is a Race condition.
Rholang is synereo’s blockchain-based social contracting language with a built-in behavioral typing mechanism. All programming languages are generated by monads that are an abstraction. The reason to achieve this level of abstraction is because you can make formal verification easier.
Ethereum for resource-limited devices
CEO of doublethink
Resource-costrained device are less capable then desktop machine, limited in cpu, memory, storage, connectivity, batteries or operating system.
Why ethereum on this devices? ie. mobile computing is today mainstream computing.
Java Ring, in 1998 public key encryption and lot of things we are talking now!
2016, samsung watch, ESP8266 2$ wifi enabled chip
Ethereum scale of options, sign locally trusted sever, light client, full node, archival node, cross-cpp-ethereum to cross build in various env, also arm linux. Go version already work on android. Ethereum light client run on raspberry 25MB binary 50Mb chain cpu 12% ram 162MB, 9 min sync
Whisper development has been restarted
Virgil Griffith and Vikram Verma
Designs fot the L4 contract programming language
legalese.com is developing a software translating a smart contract to english legalese.
how do you call a runtime debugger? litigation
The Mauve Revolution
What sucks on Ethereum:
- Privacy (Zcash and ring signature)
- PoS because PoW Cost
Virtual Mining (PoS)
- pow 1000$ miner
- pos 1000$ => 83 ETH => virtual miner
Casper PoC3 approach
A special contract could be invoked with some ether deposited. With Parameter validation_code, random source, withdrawal address, if the call is made in epoch 1 you became a validator at the start of epoch+2.
While in the pool you could be assigned to create a block with a probability proportional to ether deposited.
A block must contain a signature of the validator (using Lamport signature which are quantum resistant)
If you want you can withdraw the eth (which you can’t with physical miner) and the effects after 2 epoch. you get your deposit + rewards - penalties
- Stake grinding
- Marginal cost => marginal revenue?
- Only the validator of the next block is know
- What if validator selected is not available, a list of validator is selected, every one has 4+8i time to answer
- nothing at stake
- In PoS you can vote for 0.9 chain A AND 0.1 chain B (in PoW you have to choose A or B). We need Dunkles, if you make a block that doesn’t go in the chain you lose the block rewards (penalties)
- In Casper wins the blockchain with most value at loss backing wins. How much validator will have to lose…? Finality why? make rollbacks expensive. Light client syncing in O(1)
onchain scaling to tens of thousands tx every node keep small tx of the transaction but can merkle verify any tx There is home shard
State channels security considerations and solutions
On the Blockchain economic considerations are security considerations.
One of the partecipants in channel could allow one party to prove some state otherwise a timeout trigger.
Use relative timestamps the cost of enforcing is smaller, it’s really important to keep it simple, solving the free option problem by requiring 10k steps to realize the tx, so minimizing the free option opportunity
Day two, 20 September 2016
Security learning from BTC Relay -> another name
DAO bug could be solved by swapping two lines!
Starting security repo: smart-contract-security-repo
- Prepare for failure
- Roll out carefully, testnet, beta on mainnet, production
- Keep contract simple
- Calling untrusted contract is always dangerous
- Function to check balance, checked every second, sending out funds if alarm trigger
- Do not use call.value(), use .send()
- Handle errors in raw calls
- Pull over push for external contract
pull over push is instead of sending, save in an array the amount due to someone, and write a method that withdraw checking the amount due.
How do you spot smart contract security vulnerabilities?
- Array griefing, array grow enough that cannot iterate over it
- underflow/overflow example unsigned int check
How to detect:
- Static analysis works without executing
- Solidity parser -> abstract tree
- Solgraph analysis from abstract tree to see Untrusted code. As Example used on DAO will warn on reentrancy
- We need standardized unit testing
There are three developer type:
- Web developer, Java, Python.. simplicity, usability and praticality. They undervalue security
- System engineer c++ assembly. they undervalue abstraction
- Academic formal verification. they undervalue praticality (small group)
- Non developer no ability to understand difficulty
Ethereum security overview
ISOLATION, in the hot wallet amount spending everyday. The cold wallet is the bank, frozen backups, and in exchange only amount you could lose
cold electronic wallet, ledger nano S first USB armory is a generic computer ORWL backup against fire, electric failure, water, thieves, and brain could failure multi sig contracts, spread across people and devices
Watch out for:
- Sybil attack
- Rage quitting, party quitting locking the contract? operator close and collect money
The web is broken, centralized, competing standard, no governing security model dapp browser, check https, check recipient address match the contract, do not use CDN (other are serving the program). JS injection can execute code and change your address. Audit and test contract, python vm source code is 600 lines have a look. Code usually is not robust against chain reordering (as example in commit and reveal scheme)
Many EIP for finding solution pro security:
- EIP 116 static call to a contract that cannot modify the state of the calling contract
- EIP 101 big arithmetics…
Christian Reitwiessner, Yoichi Hirai @pirapira
Writing correct code is hard.
Correct means the mental model is the same executed by the code. As example, for transfer function (example doesn’t check overflow) formal verification can check that total sum of funds isn’t changed after calling the function (thus discovering the unchecked overflow).
Formal verification is coming in ethereum. Microsoft research INRIA Harvard many are working on
Tools exist for C (Frama-C), Java (Krakatoa), Ada (Spark). This tools works by annotating methods with pre and post condition (why3 compile this in checks and test it). Example of why3 annotation on the before transfer example.
Since Ethereum specification exist and is 32 pages long Yoichi could write a formal verification for it
- Focus on internals, written in rust which grants memory safety and concurrency safety guarantee without GC.
- High throughput, low latency and low footprint
- Secure transaction, signer is in a isolated environment.
- Private chains supported on parity (PoA proof of authority)
- State trie pruning
- Warp sync and other
- BFT PoA chains
- Stratum protocol
- Light client
Imandra contracts: Formal verification for Ethereum
The state on Ethereum (after the DAO) is a dream for formal verification experts.
They formalized the EVM and now they can do formal verification things like symbol execution!
Ultra cool video
Problems: lack of automated audit tools, bugs, risk management, translate tools ie ethereum to consultation-distributed-ledger-technology-applied-securities-markets
Me and Marco thought this presentation and the video was too curated and marketing oriented, but Joey Krug from Augur told us that he tried the resources and are probably the best formal verification tools available for Ethereum right no.
Full stack of Ethereum
Ethereum studio is a full stack ide, debugging…
EthereumJ is used by many big customer: Deloitte, Clearmatics, Gemini, Santander, Rootstock
Santander is issuing IOU asset on Eth (they are still waiting final permission from the regulator).
hack.ether.camp Virtual Accelerator 50.000$ price in crypto.
Judges are Primavera De Filippi, Adam Draper and others. Valuated by the free market. Very soon they publish white paper, formalizing the process of the virtual Accelerator.
MetaMask bridging browsers to blockchains
The core idea is easy of adoption.
It’s online on the chrome store, coming out on opera, firefox and edge. Safari is not supported cause it’s not following extensions standards.
You can create a vault.
How it works without tcp/udp and syncing? With a trusted rpc server.
Building the light client
Quick syncing, from 1 to 5 minutes for sync (cpu bounded on building canonical hash tree).
Low resource requirement: less than 100MB of db 500MB of ram.
RPC compatible with full node (already working with mist)
Ethereum from Go and beyond
geth started from the beginning, everything built on top in the faster way, network majority prevented to drop features -> it is getting tech debt and using as library is unfeasible
geth 1.5 a new dawn
- Client side account management
- 10 line for account management without node
- why RPC spec?
- Remote node API
- 10 line of code to query blockchain through IPC, Http or WebSocket. With push notification!
- Why Ethereum ABI?
- Let’s switch to automatic bindings to contracts
- Native binding generator, with a type-safe Go binding
- why third party node?
- In process ethereum client
- run eth node inside a go app
What about Android and iOS?
- Geth 1.3 already ran on mobile, not really embeddable and good for release
- Geth 1.5 runs with full java bindings
- The go wrapper works also as JavaWrapper, so you can ask a contract and call the method in java
- Binding works also on iOS
Scalable decentralized application for Swarm and Ethereum
Things needed for web 3.0
- Swarm (which could adopt same address system used by IPFS, uris begin with bzz
- Blockchain based consensus
- Asyncronous messaging (whisper)
URL begins with a collections root hash (in binary, similar to a directory), any change put & delete
Root hashes can be registered in the blockchain name system ENS.
Distributed photo app already exist, web app and data are stored in the same root hash. Generating thumbnails? Created client side at creation phase. So this was easy more computationally expensive task could be built with delegated computation specifying data, task and reward.
Another example is distributed dropbox, or distributed github, or distributed wikipedia with no official truth
Dapple Dev workflow
Dapple is a development tool with package dapp descriptor format chain forks and EVM extension
New and future features of Solidity
- Inline assembly
- Internal library functions (string utils for example)
- Using x for y (use reference of strings and not copy of it)
Safety: exception on division by zero, failed creation and call to non-contract.
Payable modifier on methods. modifier do not skip anymore the tail part.
Talk about Oraclize, the callback function could change and not be fixed like it is now
How to develops app using Embark
- First Framework for building dapps.
- Compatible with any build pipeline
- Supports solidity and serpent
- Dependent contract deployment
- Extended use of promises
- Automatic type conversion and parameter
- Supports messaging system with whisper, eth contract or telehash
- Supports storage with IPFS, swarm, smart contract, maidsafe, storj
- Supports distribution deploying on IPFS
- Builds desktop app on mac, windows and linux
Truffle development framework
Project has 421 github stars.
ethereumjs-testrpc in memory ethereum client. Instant mining, account creation, hd wallet, programmable. no chain required. Super useful for testing.
You can also fork live chain using onchain data up to the fork.
ENS ethereum name systems
- There are 14 domain name server we should have one!
- We now have 15 systems
What do we need?
- separation of concerns
- distributed authority and implementation
- Forward compatibility
- Efficient on chain search
Registrars -> End Registry -> Resolvers
registry tree structure
Names are stored on a flat map: the key is an hashchain of the tree elements sha3(sha3(sha3(swarm) + “eth”) + “root”)
Every name owner has authority on subnodes
Technically is all here, but governance…
When .eth launched registration timeframe open.
Submission for registration during the timespan works with a blind action: the highest bidder wins the name, he pays the second highest bid. Deposits are keeped until you abandon the name (then another auction start).
Making smart contract Smarter
Oyente analyzer, find popular bugs: TOD, reentrancy …
Puzzle Solver example:
if submit solution and collect rewards happens in the sam block there is a transaction ordering problem.
Oyente from the bytecode and the Ethereum state visualize possible problems.
Symbolic execution take any possible branch caused by input in the program and try all the possibilty.
oyente is under github.com/ethereum
combine static and dynamic code execution
CarbonVote working by sending an empty transaction to yes or no, the amount of the sending address is evaluated as weight
During the DAO Carbonvote was:
- 87% Yes for fork
- 13% No
Ethereum meets the outdoors
Sikorka facilitates deploy contracts in real world locations. Proof of presence!
Sikorka is Geobit on Ethereum.
Potential applications: Loyalty programs, attendance in a specific location, augmented reality games
Combination of: geolocation, challenge question/answer, image data
Using specialized hardware: QR code, RFID tag, bluetooth, NFC?
Deployed contracts follow specific interface. Parameters are name, location, question and answer hash.
System allows users to search for nearest Sikorka contracts. There is a modifier if user give valid proof of presence.
Remix and other tools
Remix is a rewrite from the beginning of mix, written in js
Git on Ethereum, IPFS and Swarm
Git is a versioning system. It was create with distribution in mind, but there was no decentralized tools.
- Do not trust github as central repository
- Every changes has a proof of existence (timestamp) prior art (like Peter Todd git timestamp?)
- Storing large files as single block (only differences are restored, all same chunk are not restored??? what if content shifted???)
- Ethereum is decentralized, even the repo should be decentralized
Git is working on local system
Every object is referenced with sha1 compressed hex
Commit is an authorization with name of the editing.
Tree refer to other tree
Merge reference multiple object
Naive implementation store everything in blockchain -> too expensive -> use IPFS and swarm.
But there is an Issue: need to map git identifiers which are sha1. The solustion is a snapshot that is a mapping between sha1 and ipfs multihash.
git push means a call in the contract with the commit hash and the snapshot reference (140k gas)
There is one contract for every repo, managing access control.
Using ENS for symbolic names.
Future of Mango:
- Git nodes for viewing repo locally
- Store issues within git
- Store releases within git
- Store pull request within git
Day 3, 21 September 2016
A lap around developing cryplets (Microsoft)
Cryplet is a secure execution environment by Microsoft
everything blockchain in Microsoft is called bletchey
Using SGX in its base
secure execution with enclaves on demand, end to end attestation. Today released whitepaper Ethereum consortium Blockchain network.
Alex Van de Sande
Mist Why, How
He build the site, author of claims “How the internet was supposed to work”, “Build unstoppable application”. He is a little bit of sorry for this claims but he still believe they are true.
Client server model has single point of failure and mobile client has more power now. Isolation of information for company interests.
- devcon1 ethereum wallet (dynamic interface)
- Mist light client sync in less than one minute (show parameters)
- In browser you can paste an hash and the app will be downloaded from swarm (ENS in future) authenticated binaries and interface from swarm.
- swarm dashboard use resource disk bandwith and rewards
- erc67, uri scheme to create contract by click
Build the internet like roads usable for centuries not railroad that become unusable if failure/blocked
Project passed by Jeffrey Wilcke => Marek Kotewics => Fabian Vogelsteller
- web3 rewriting. will be sockets IPC and/or WS
- filter system changed
- better modular structure
- going on promises instead of syncronous calls. also for contract calls
Smart contract security
- cap contracts
- check invariants
- centralization, going stepwise from centralization to decentralization (digix is still a central trusted authority)
- establish security patterns
- updateable contracts
- time delays gives central authority time to act (no central auth in splitDAO)
- minimal complexity
- reuse trusted proven code like standard token contract and multising and hopefully one DAO standard framework. This approach could be dangerous because widely used.
- better tools
A Provably Honest Oracle Model: Auditable Offchain Data Gathering and Computations
- Tls notary
- Android Safety new way.
- Intel SGX (enclave remote attestation by intel)
- Oraclize computation through ipfs and aws
They incorporate companies.
Why the chartered company? We achieve wonderful things because we are organized. This is the best use case for ethereum smart contracts.
In history, growing level of decentralization, chartered company 1268, dutch east company 1602, post war industries, moderna corporation, blockchain, Decentralized autonomous organization.
everything works on The identity smart contract and the company smart contract
### Juan Bennet
Juan announced is going to build filecoin to incentivize the IPFS network upon ethereum
divided in collateral token (like REP in augur) and outcome token can a bet beat alpha go?
IPFS + ethereum networking
Build libp2p which is modular and includes (webrtc, torrent, rlp, tls, tcp, pubsub, tor …)
With such infrastructure physical link and virtual link are separated. Virtual can be built on virtually any transport layer.
What do we need to run ethereum in the browser? Run EVM in the browser with the transpiler. Fetch blocks from peers directly from the browser.
Joey Krug (Augur)
Private key update the contracts, or multisignature.
Once the EVM run on WebAssembly you can write smart contract on any language for example in Ada which is the language which was always used for mission-critical task and has the most formal verification tool and security process to grant the higher level of security of code ever.
In private talks he is a smart guy.
Roeven Heck and Christian Lundkvist
uPort universal identity platform consensys
key management, UX, dapps on mobile, identity and data ownership.
Key recovery inside android tee? controller contract => Recovery contract => application context
They have built a system where you can delegate key recovery to choosen trusted friends.
- No skewed incentives
- No double vote => Identity to avoid
- No bandwagon vote => Commitment
You can move token.
At the moment the poll close you get counted.
Extend ERC20 to allow the lock of funds.
Double linked list for votes When counted votes they are removed from the doubly linked list. Then released the token. Using a doubly linked list is perfect in case of finishing the gas in the transaction cause you could resume work in a later transaction.