Interview Bank
  • Interview Bank
  • Web
    • Persistent Connection and Non Persistent
    • CDN
    • Code Review
    • JWT
      • JWT vs Session Based Authentication
      • JWT Challenge
      • JWE
      • JWS
    • Content Security Policy (CSP)
    • Same-origin Policy (SOP)
    • Cross-Origin Resource Sharing (CORS)
      • Exploiting CORS
    • HTTP Strict Transport Security (HSTS)
    • SQL Injection (SQLi)
    • Password Encryption in Login APIs
    • API Security
      • API Principles
    • Simple bypass PHP
    • Server-side Template Injection (SSTI)
    • Javascript Object and Inheritance
    • HTTP/2
    • Cookie vs Local vs session Storage
    • XML External Entity (XXE)
    • What happened when enter domain name in browser
    • Prototype Pollution - Part 1
    • Prototype Pollution - Part 2
    • Nginx vs Apache
  • OT Security
    • Securing Operational Technology: Understanding OT Security
  • Quantum Computing
    • Quantum Computing: Unveiling the Cryptographic Paradigm Shift
    • Quantum Obfuscation: Shielding Code in the Quantum Era
  • DevSecOps
    • Continuous Integration/Continuous Deployment Pipeline Security
    • Chaos Engineering Overview
      • Security Chaos Engineering
    • Mysql VS redis
    • Kubernetes (k8s)
    • How MySQL executes query
    • REDIS
    • Difference between cache and buffer
  • Windows
    • Pentesting Active Directory - Active Directory 101
    • Pentesting Active Directory - Kerberos (Part 1)
    • Pentesting Active Directory - Kerberos (Part 2)
    • AD vs Kerberos vs LDAP
    • Active Directory Certificate Services Part 1
    • Unconstrained Delegation
    • AS-REP Roasting
    • NTLM Relay via SMB
    • LLMRN
    • Windows lateral movement
    • Constrained Delegation
    • Resource-Based Constrained Delegation
  • UNIX
    • Setuid
  • Large Language Models (LLMs)
    • Tokens
    • LangChain
    • Integration and Security
  • Android
    • Keystore
  • Red team development
    • Secure C2 Infrastructure
    • P Invoke in c#
    • D Invoke
  • Blue Team
    • Indicators of Compromise
    • Methods to prevent Email domain spoofing
    • Windows Prefetching
  • CVE
    • XZ Outbreak CVE-2024-3094
    • Log4J Vulnerability (CVE-2021-44228)
    • SolarWinds Hack (CVE-2020-10148)
    • PHP CGI RCE (CVE-2024-4577)
    • Windows Recall
  • Software Architecture
    • Microservices
    • KVM
  • Docker
    • Overview
    • Daemon Socket
    • Tips to reduce docker size
  • Blockchain
    • Overview
    • Smart Contract
  • Business Acumen
    • Market Research Reports and Perception
    • Understanding Acquisitions
    • Cybersecurity as a Business Strategy
  • Cyber Teams
    • Introduction to Purple Teaming
  • Malware
    • Dynamic Sandbox Limitations
Powered by GitBook
On this page
  • What are smart contracts?
  • Languages used for smart contracts in EVMs
  • High Level Languages
  • Low Level Languages
  • How does transaction occur in smart contracts?
  • Interview Questions
  • Author
  • References
  1. Blockchain

Smart Contract

PreviousOverviewNextMarket Research Reports and Perception

Last updated 10 months ago

What are smart contracts?

Smart contracts are used on blockchain networks to offer interactions with developers to make transactions occur after specific parameters or functions. They are widely used in Ethereum Virtual Machines (EVM) blockchain networks with some implementation in other blockchain networks such as Plutus in Cardano or Script in bitcoin. Having a smart contract allows automation of transaction when specific event occurs or allowing easy transaction to transfer money to another address via function invoke, thus allowing flexibility and liquidity in a blockchain network.

Languages used for smart contracts in EVMs

High Level Languages

  • Solidity

  • Vyper

Both are high level programming languages used to design smart contracts for EVM based blockchain networks which will be converted into bytecode using Application Binary Interface (ABI) before deploying into the network. Solidity allows inheritance, modifiers and various manipulations of contract even at runtime after deploying to execute complex functions. Vyper is security focused language and loses on flexibility in the language thus, making it used for simpler use cases, reduce writing vulnerable code and allow easier audit of contract.

Low Level Languages

  • Huff

Huff is a low level programming language that can be used to produce highly optimized smart contracts. It uses macros and opcodes to craft the contracts and does not require an ABI for deployment. Due to a lack of ABI, it can convert the smart contract into smaller bytecodes for deploying, reducing potential gas fees for the contract.

How does transaction occur in smart contracts?

A developer would draft up a smart contract between 2 parties once the terms are agreed upon mutually. After developing the smart contracts, it will be deployed onto the blockchain network and exists with an address that may or may not allow external invocation.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;

contract ReceiveEther {
    // Function to receive Ether. msg.data must be empty
    receive() external payable {}

    // Fallback function is called when msg.data is not empty
    fallback() external payable {}

    function getBalance() public view returns (uint256) {
        return address(this).balance;
    }
}

contract SendEther {

    function sendViaSend(address payable _to) public payable {
        // Send returns a boolean value indicating success or failure.
        // This function is not recommended for sending Ether.
        bool sent = _to.send(msg.value);
        require(sent, "Failed to send Ether");
    }

    function sendViaCall(address payable _to) public payable {
        // Call returns a boolean value indicating success or failure.
        // This is the current recommended method to use.
        (bool sent, bytes memory data) = _to.call{value: msg.value}("");
        require(sent, "Failed to send Ether");
    }
}

Above shows 2 contracts, one is to send and one is to receive ETH. While it is not necessary to have a contract to receive ETH as you can directly send to their Ethereum wallet public address, it depends on the use case. Both functions in the SendEther contract will only transfer money when their functions are called externally.

// example values using hardhat environment
const contract = await hre.ethers.getContractAt("SendEther", 12312312412352346234);
contract.sendTransaction({
    to: 7897897789789789,
    value: ethers.utils.parseEther("1.0"),
});

After transactions have occured, both the action of sending and receiving ethers will be recorded onto the blockchain usually with a transaction hash to signify the record. This allows audit of the record to ensure no malicious man in the middle tampering of the transactions and transparency for everyone in the blockchain network.

Interview Questions

  • What are the various languages used to develop smart contracts?

  • Explain the transaction process in a smart contract.

  • What are some vulnerabilities in the example smart contract code?

Author

  • Zheng Jie 🍞

References

  1. Alchemy - Solidity vs Vyper

Stefanos - Smart contract transaction