Hey Guys! In the previous blog, we touched on the basics of blockchain, transactions, etc. In this blog, we are going to see the basics of Ethereum and will move to solidity programming. So let’s begin.
What is Ethereum
Ethereum is a decentralized blockchain platform that helps in establishing a peer-to-peer network that securely executes and verifies application code, called smart contracts.
Smart contracts are basically a piece of code that will get executed when some predefined conditions are met. The nodes in the network will execute certain actions when some predefined conditions are met, and these actions could include releasing funds to the appropriate parties, registering a vehicle, sending notifications, or issuing a ticket, etc. A smart contract can be coded in languages like solidity, viper, etc. We will be focusing on solidity in this series. The solidity language is very much easier if you are already familiar with any OOP programming language. I will explain the basics of solidity through a code sample that is taken from console cow boy’s Youtube channel.
Solidity Programming
pragma solidity 0.6.6;
contract banking {
mapping(address => uint) public balances;
address public owner;
constructor() public payable {
owner = msg.sender;
}
function isOwner() public view returns(bool){
return owner == msg.sender;
}
modifier isownermodifier(){
require(isOwner());
_;
}
function deposit() public payable{
require(balances[msg.sender] + msg.value > balances[msg.sender]);
balances[msg.sender] = balances[msg.sender] + msg.value;
}
function withdraw(uint withdrawamount) public payable{
require(balances[msg.sender] > msg.value);
msg.sender.transfer(withdrawamount);
balances[msg.sender] = balances[msg.sender] – withdrawamount;
}
function withdrawall() public isownermodifier{
msg.sender.transfer(address(this).balance);
}
function getbalance() public view returns(uint){
return balances[msg.sender];
}
}
If you want to deploy the code, the remix is one of the online IDE, where you can deploy your contract, also you don’t need any node., because there are already running nodes having 100 Ethereum balances. So, let’s start understanding the code.
Pragma -> This header will tell you what version of solidity we are using.
Contract -> Contract keyword is necessary at beginning of a contract, here our contract name is banking.
Mapping -> Mapping is a data type, just like a dictionary, which can store key-value pairs. Here we are storing the user’s address and balance.
Address -> An address is a 20 bytes data type. It is specifically designed to hold account addresses in Ethereum, which are 160 bits or 20 bytes in size. It can hold contract account addresses as well as externally owned account addresses.
Constructor -> Constructor is a little bit different in solidity. Generally, In OOP languages constructor is called whenever an object of the class is created, however, in a solidity constructor is called only once when the contract is deployed.
Payable -> A Solidity function with a payable keyword means that the function is able to process transactions with more than zero Ether. The function will be able to transfer and receive ethers in the user’s account.
msg.sender -> It will represent the address of the user which is initiating the transaction.
msg.value -> It will represent the amount that the user is sending.
View -> Adding the keyword view in a function, makes it to have only read access to the state variables. The function couldn’t make any changes in the variables.
Modifier -> Modifiers are executed before any function. If you see the withdrawall function in the second last, you will observe that it also has the modifier “isownermodifier”, so before executing the function, isownermodifier will be executed.
Require -> require is just like if-else statement, anything inside the require will be checked first, if it returns true, then only anything after that will be executed.
.transfer -> It will transfer the amount to receiving account: user_address.transfer(amount)
.balance -> It will return the balance of any user account address.
Gas -> In Solidity, your users have to pay every time they execute a function on your DApp using a currency called gas. Users buy gas with Ether (the currency on Ethereum), so your users have to spend ETH in order to execute functions on your DApp.
Now, let’s understand what our code is doing. The Above code is simply replicating a banking application where users can deposit and withdraw their funds.
Through the deposit function, anyone can deposit their funds into the contract. The function is first checking the amount transferred by the user plus the amount in his account should be greater than the amount present in his wallet, and then updates the user’s balance.
Through withdraw function, the user can withdraw the amount from the contract. First, the function is checking that amount withdrawn should be less than the amount present in his wallet, and then using the “.transfer” funds will be transferred to his account.
But one suspicious function is “withdrawall”. In this function, it first checks with the modifier “isownermodifier” which will ultimately check the “isowner” function which checks whether the user sending the transaction request is the person who deployed this contract or not (owner). If he is the owner, then he would be able to transfer all funds to his account from the contract, which is why this function is a little suspicious! These types of functions are usually present in some scams.
Now, let’s deploy our contract using the remix IDE, and see what happens.
Try to deploy the contract with some ether(20 WEI).
Now, our contract is deployed, you can use the functions that we have written like deposit, withdraw, etc. Let’s deposit some funds into various accounts.
Use another account to deposit some more ether(20 ether). Now, the total balance of the contract should become 40 ethers. (You can also see the gas cost in executing the function)
Now, the scammer(owner) can able to withdraw all the funds to his account.
You can refer to the first picture where owner account balance has been shown,99.99 Ethers.
Now, the scammer (owner) can use the “withdrawall” function and the 40 ethers will be sent to this account, and the total amount in his account will become 139.99 ethers (99.99 + 40 ethers) (refer to the below picture)
So, that’s all basic about solidity. I have missed a few things, which I will cover when we are dealing with different vulnerabilities in solidity in upcoming blogs. Till then Happy Hacking!!
References
Difference Between Bitcoin and Ethereum – GeeksforGeeks
https://cryptozombies.io/
Smart Contract Hacking – 0x01 Intro to the Remix Development Environment – YouTube
What are smart contracts on blockchain? | IBM
