Published

The Journey to Fundamentals of CS and Smart Contract

Authors

What motivated me to re-enter computer science?

Although I have five years of experience as a software engineer, involved in many systems, which taught me from knowing nothing to how to think, analyze needs, and implement features, As my major is not Computer Science, There are a lack of fundamental knowledge in CS, such as Data structure and algorithm, compiler…

As a presale consultant, I am still interested in data structures and algorithms. Some thoughts or designs are very interesting, though they require a lot of energy to absorb. So, to satisfy my interests, I learned and practiced data structures and algorithms. Honestly, I know it’s not enough. I am just familiar with some concepts. Then, no coding for a long time.

UniSwap’s appearance motivated me to learn more about technology related to the field. Initially, my thought was to build some necessary understanding, which perhaps pushed me forward in this new world. Another critical factor is my English level, so I found DappCamp when I encountered Pretheei’s article introducing The Architecture of a Web 3.0 application. I don’t know whether or not I can understand what other English natives said; I just told myself to try it. One point is to grasp the technology, and another is to check if I can understand what other English natives say.

But there are two algorithm problems before applying, to be honest, which are not easy. The first algorithm I solved when I thought of the problem from the opposite direction. The second problem I thought of for a long time was no solution, then suddenly, the “BFS or DFS” or “recursive” appeared in my mind, and I used this thought to solve this problem, though there was still room to improve the efficiency. (Forgiving me for not remembering the details of the issues; just left out the critical parts of how to solve the problem)

Then, I could not find one Chinese for the first time in a pure English Environment. I was completing the course and some puzzles and watching how others discussed problems. Then, I got one opportunity, though the time was short. Certificate

Although having a basic understanding of solidity and smart contracts, there are many challenges, such as the amount of CTFs and how the EVM works. Can I figure out the complex problem? My past experience in software development made me aware of the difficulty of some topics; I know some topics are very challenging.

One day, I encountered RareSkills’ content, which attracted me so much, and the judgments about web3 situations are objective. So, it’s an excellent opportunity to deepen my understanding and challenge the complex problem. But the first time, I didn’t pass the entrance in a limited time. Kindly supply many helpful materials, including many algorithms courses and practices. One question occurred to my mind: should I learn and practice this? I know many programmers criticize the algorithm problems in the interview, pointing out that working does not need the algorithms. To some degree, I agree with these minds. But after a short time of consideration. I think others argue about the questions, but if I break through the challenge, the question will not be for me.

Refresh Data Structure and Algorithm

So, I eliminate many social activities to give me enough time to break through these challenges.

There are many details I have forgotten, remember the process is frustrating, and trying to figure out one question takes many hours. To my surprise, some solutions only exist no more than one hundred years in human history.

For example, the solution below was proposed in 1959—no more than 100 years.

https://en.wikipedia.org/wiki/Dijkstra's_algorithm

What is the shortest way to travel from Rotterdam to Groningen, in general: from given city to given city. It is the algorithm for the shortest path, which I designed in about twenty minutes. One morning I was shopping in Amsterdam with my young fiancée, and tired, we sat down on the café terrace to drink a cup of coffee and I was just thinking about whether I could do this, and I then designed the algorithm for the shortest path. As I said, it was a twenty-minute invention. In fact, it was published in '59, three years later. The publication is still readable, it is, in fact, quite nice. One of the reasons that it is so nice was that I designed it without pencil and paper. I learned later that one of the advantages of designing without pencil and paper is that you are almost forced to avoid all avoidable complexities. Eventually, that algorithm became to my great amazement, one of the cornerstones of my fame.

— Edsger Dijkstra, in an interview with Philip L. Frana, Communications of the ACM, 2001[5]

Dijkstra thought about the shortest path problem when working at the Mathematical Center in Amsterdam in 1956 as a programmer to demonstrate the capabilities of a new computer called ARMAC.[12] His objective was to choose both a problem and a solution (that would be produced by computer) that non-computing people could understand. He designed the shortest path algorithm and later implemented it for ARMAC for a slightly simplified transportation map of 64 cities in the Netherlands (64, so that 6 bits would be sufficient to encode the city number).[5] A year later, he came across another problem from hardware engineers working on the institute's next computer: minimize the amount of wire needed to connect the pins on the back panel of the machine. As a solution, he re-discovered the algorithm known as Prim's minimal spanning tree algorithm (known earlier to Jarník, and also rediscovered by Prim).[13][14] Dijkstra published the algorithm in 1959, two years after Prim and 29 years after Jarník.[15][16]

The related course

https://learn.udacity.com/courses/ud513

https://jovian.com/learn/data-structures-and-algorithms-in-python

Certificate for the data-structures-and-algorithms-in-python.

To be honest, I haven't formed solid intuition to quickly come up with a solution to estimate the time and space complexity.

The journey to deepen my understanding of smart contract

After refreshing Data Structure and Algorithms, I applied RareSkills again. Many talented people have already worked in some top-tier web3 companies. Once again, I tell myself to try it; imagining I am in the math or the physical course allows me to challenge myself.

I have completed all assignments, which can be taken as real-world production problems; most features should be based on understanding many concepts or edge considerations and then implemented correctly and efficiently.

The assignments can be seen below list.

  1. https://github.com/sodexx7/week1_ERC1363_Tokens_and_Bonding_Curves
  2. https://github.com/sodexx7/Week2_NFT_Staking_Security
  3. https://github.com/sodexx7/Rebuild_Uniswap_V2
  4. https://github.com/sodexx7/security_related
  5. https://github.com/sodexx7/huff-puzzles
  6. https://github.com/sodexx7/yui_erc1155
  7. https://github.com/sodexx7/RealWorldGasOptimization
  8. https://github.com/sodexx7/proxies
  9. https://github.com/sodexx7/gasless_exchange_relayer
  10. https://github.com/sodexx7/Elliptic-Curves-Basics
  11. https://github.com/sodexx7/EIP712_TRY_BY_SCAFFOLD-ETH_2

The related topics

Below is a summary of these topics.

The DeFi-related protocols include Rebuild_Uniswap_V2 Boding_Curves; another well-known business is NFT staking.

One most critical concern is security issues, From the fist to last assignment, each protocol should consider the securities issues, not only the common vunlunerabilties such as re-entrance, but also the project-specific vunlunerabilties such as front-running. Another standard practice is to try to solve the CTF, which involves ethernaut, damnvulnerabledefi, and capturetheether… often when the CTF becomes more complex, I always should focus many hours analyzing the business logic and try to solve it.

For security considerations, in addition to security awareness while implementing protocols, solving CTFs, and finding possible vulnerabilities, another point is to use which security tool to find weaknesses.

Gas optimization is another big topic for the community. RealWorldGasOptimization This has shown my some work of the actual projects.

How the EVM work? The advanced smart contracts developer needs a fundamental understanding and grasp of using EVM. https://github.com/sodexx7/yui_erc1155, which was implemented by the pure YUI.

Almost most top protocols use proxies, which allow for the flexibility to upgrade code but also bring hidden risks if not used carefully. https://github.com/sodexx7/proxies This thorough summary of Openzepplin’s proxies shows some code how easily it can make mistakes.

Sometimes, users don’t want to pay for gas; how to implement the feature? Currently, some approaches exist to implement the feature. gasless_exchange_relayer combining the signature and the openzepplin defender implementing the features while simulating the off-chain exchange. One demo about sign EIP721 data can be seen there(should connect sepolia network), repo_here.

What’s the math behind the Elliptic Curve? Some Info can check this.

Dig more into some topics

Below, I pick some topics that will give more details.

REBULD_UNISWAP-V2

For the most well-known AMM protocol, uniswap-v2, which drives the Defi summer in 2020, I tried to rebuild uniswap v2. As we know, uniswap -v2 has existed for over four years. What gives me a deep impression are the many details involved with the design and creative thoughts.

  1. The use of create2 by using create2, one can know the smart contract’s address in advance.
  2. The design of TAWP( time-weighted average prices) prevents attack control of the token price.
  3. Why define liquidity using the math formula: Math.sqrt(uint256(_reserve0) * (_reserve1)), where_reserve0 and_reserve1 represent the pair token’s amount?

The rebuild process made me aware of the many tricks behind the design.

uniswap-v2 has existed for over four years; this field has evolved fast, and more best practices have emerged. One of my goals is to implement uniswap-v2 using the latest best practices.

  1. Separate Flashloan from the original function “swap,” EIP-3156 proposed the new standard of flash loan
  2. One common vulnerability of implementing ERC20 is that it doesn’t return a bool value when calling the erc20 transfer function; uniswap-v2 solves it by itself. Openzepplin has supplied the lib SafeERC20.sol to solve it, so using the latest practice is convenient.
  3. For saving gas, uniswap defines the reserve’s type as ‘’uint112 private reserve0; uint112 private reserve1; along with the question: how do we keep the precision? I applied prb-math

So let me summarize: many tricks and math behind the design and the emergence of new best practices.

Security issues

After thinking about many possible security issues while implementing the protocols and trying to solve the CTFs, the awareness about security always blows my mind, which makes me believe there are significant differences when one tries to implement one protocol versus finding the possible issues.

From the developers’ perspective, quickly implementing the features should set as first priority. Actually, many even ignore the necessary tests. I have seen one who just implemented one feature in remix and then just made a successful on-chain tx, shows the feature is OK, no unit tests, and of course, no 100% coverage. I don’t say remix is not good enough, which is very convenient when doing things like showing demos, and trying to understand some things. Even in web2, some tests can be ignored, and other people can help the developers do more thorough tests, but for web3, if there is no enough security, and the whole protocol will be ruined one day.

The security checklist is enormous: here and here. Only reading can’t help one grasp the security mindset, just like only watching codes can't help one truly grasp programming skills. security_relatedECDSA_CTFs_Related records the CTFs I try to solve. These CTFs involved ethernaut, damnvulnerabledefi, and capturetheether.

Given the complexities of security, it’s necessary to use some wonderful tools to help us identify vulnerabilities and even prevent hidden security issues. The enough unit test, 100% coverage test, and foundry fuzzing test — I believe these three tools can prevent many basic mistakes. Other tools I have applied can be checked here, here, and here.

Mutation testing, which makes me remember the Contraposition.

Except for Hardhat and foundry, the involved security tools as below

Slither

Slither is a Solidity & Vyper static analysis framework written in Python3

Mythx

Mythx is under the ConsenSys and uses the detectors based on the swc-x

vertigo-rs(Mutation Tool)

It supports the foundry framework, and the test coverage should be 100% before using mutation.

Echidna

Property-based fuzzier

EVM

Having a good sense of how EVM works is fundamental to many other aspects; as we can see, many solidity codes are embedded in the assembly code; the most often-see code I see is below.


function _delegate(address implementation) internal virtual {
        assembly {
            // Copy msg.data. We take full control of memory in this inline assembly
            // block because it will not return to Solidity code. We overwrite the
            // Solidity scratch pad at memory position 0.
            calldatacopy(0, 0, calldatasize())

            // Call the implementation.
            // out and outsize are 0 because we don't know the size yet.
            let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)

            // Copy the returned data.
            returndatacopy(0, 0, returndatasize())

            switch result
            // delegatecall returns 0 on error.
            case 0 {
                revert(0, returndatasize())
            }
            default {
                return(0, returndatasize())
            }
        }
    }

When it comes to calculating the gas cost, a deep dive into the fundamental components at the bytecode level is necessary. Estimating the gas cost based on the opcodes is a practical skill that, once mastered, will give you the confidence to optimize your code effectively.

When want to understand the mechanism of how solidity language works, such as how it deals with the memory, storage, and stack while the EVM executes the smart contract codes. A better understanding of how EVM works will make the coder mindset cleaner.

I have implemented the yui_erc1155 according to the EIP-1155 by pure YUI, which implements the features by dealing with memory and storage.

Gas Optimization

Try to gas optimization on the real-world projects==>RealWorldGasOptimization. The code of

synthetix and looksRare gave me a deep impression. So much is worth learning.

The details of other aspects if you are interested in, you can check the below list

  1. https://github.com/sodexx7/proxies
  2. https://github.com/sodexx7/gasless_exchange_relayer
  3. https://github.com/sodexx7/Elliptic-Curves-Basics
  4. https://github.com/sodexx7/EIP712_TRY_BY_SCAFFOLD-ETH_2

Closing Thoughts

This is an overview of my recent technology journey, especially for the smart contract’s content; this is not the end for me, as with the rapid development of web3, more and more genesis ideas emerge, and I expected more exciting ideas to become a reality.