Block 16 at the BuildETH Conference

300 Developers and Some of the Best Companies in the Industry

Last week I got the chance to speak at the BuildETH conference in San Fransisco along with a ton of other amazing speakers. The conference was a mix of advanced developers, people who were just starting to get into the space, and many blockchain companies in the SF community.

Companies such as Coinbase, MakerDAO, Consensys, Amberdata, and many more came out to talk to a few hundred developers and blockchain enthusiasts. There were lots of great talks by members of these companies. Below is a few highlights:

Analysis of Failed Contracts — Joseph Chow

One of my favorite talks of the day, Joseph delved into many of the major attacks that have occurred in the Ethereum ecosystem (the DAO and both Parity hacks) and why they happened.

Explanation of the DAO hack

In a post mortem setting such as this many of these attacks seem like they would be obvious to any average solidity developer. These smart contracts consistently allowed anyone to execute their own code if they did it in the right way or allow for a reentrancy attack in which a user can pull an infinite amount of funds.

Example smart contract that has a reentrancy exploit readily available.

Joseph explained a similar example to the above of how a reentry attack works in an interesting way. In the withdraw function above you do 3 things:

1. Require that the balance of the sender be above 0 wei.
2. Send the full amount of the senders balance in the contact as set up in the balances mapping.
3. Set the balance of the user to 0.

Now in this example above what is basically happening is you have an ATM. Now imagine you had a balance of $100 and the ATM gave you the $100 but then you were able to unplug the ATM before it set your balance to $0. By doing this you can pull out all the money the ATM has and still have a balance.

In this example the way that the money is sent through the msg.sender.call.value()() method a user can cause the function to fail even if the ether has already been transferred. By doing this it never resets their balance to 0.

Along with talking about these major hacks Joseph also brought up the idea of honeypots, smart contracts that trick the attacker into giving your their own money. He explained a simple example of a honey pot that tricked a hacker into to giving their money by setting up code that would look like it would give them all the money in the contract in exchange for their initial sending. It was a very interesting topic and one that can teach you a lot about the deep levels of solidity if you experiment with it.

Introducing the Maker.js library — MakerDAO

I’ve been a big fan of MakerDAO and Dai for awhile. With CDPs (Collateralized Debt Positions) you can do many interesting things such as create your own margin, loan yourself or others money while holding onto your Ether position or many other strange financial systems.

While there’s much you can do the tools can be difficult to use and you have to go through many steps do these types of things listed above. Soon though MakerDAO will be releasing a library to allow you to automate anything to do with CDPs and using their Oasis exchange platform. The tool isn’t out yet but it will be soon and with the hopeful expansion into multi-collateral Dai at the end of this summer there are going to be massive applications that can be built off this system with ease.

I certainly have a few ideas of what to do already.

The Decentralized Developer Toolbox — Petros Ring

I talked about the many tools of the trade for dApp developers who are just starting out to extremely advanced developers creating proxy contracts. I went through the Truffle Suite, IDEs, APIs (such as Block16’s new API), and Canonical Smart Contracts to show how all of these tools in the Ethereum ecosystem allow developers to build smart contract that are extremely powerful very quickly.

The easiest way to get into solidity development, the Truffle Suite.

If you would like to view my slides you can do so here and in the future I will be posting a video of the presentation.

The main point I tried to make in the presentation is that smart contracts are tools. Every smart contract that another company develops can be used by your smart contract because unlike traditional systems where developers need to create an API for someone else to use their system the ABI (Application Binary Interface) allows anyone to interact with the smart contract by default from their own front end interface or with their own smart contract. The network will grow exponentially as more people realize this and build upon the work of others to create the best products possible.

About the Author: Petros is a Blockchain Engineer at a crypto venture studio, Block 16. We are a full service blockchain agency that does crypto-economics, network syndication, marketing services and blockchain development. If you would like to reach out to me send an email to petros@block16.io.