Mostly Software

  • Monday

    • Steph allstar game mvp, 50pts – shot 75% from 3 for almost the whole game.
    • Buildspace: web3 app to wave, solidity, eth.
      • https://github.com/buildspace/buildspace-projects/tree/main/Solidity_And_Smart_Contracts.
      • Hardhat project. Remember contracts (solidity), scripts (deploy, js), test (js), artifacts (abi), cache (json). Deploy uses hre.ethers.getContractFactory, as usual. Hre = hardhat runtime environment. You never need to import it, hardhat will provide the object.
      • msg.sender commonly used.
      • “view” function does not modify state.
      • hre.ethers.getSigners for owner address.
      • By default, when you run the deploy script, it will create the local blockchain then deploy the contract then tear it down. For a persistent network, npx hardhat node.
      • Then instead of hardhat node, switched to alchemy: cloud node/blockchain/network instead of local. Just like before; create an app on a specific network, then copy http key (secret, don’t commit) to hardhat config. Notice that you still run hardhat locally to talk to the alchemy node; you just don’t need to run a local hardhat node.
      • Used chainlink’s rinkeby faucet: https://faucets.chain.link/rinkeby.
      • Then instead of talking to the contract via our deploy script + vscode + hardhat, switched to replit: online IDE with templates for many common languages/frameworks. https://replit.com. Can do the same from a standard react app.
      • It connects through the browser wallet, allowing transactions on the blockchain for the current user. If the user has metamask, it will inject the “ethereum” object into window. Then eg use ethereum.request({ method: “eth_accounts” }) to grab the accounts. https://docs.metamask.io/guide/ethereum-provider.html -> https://docs.metamask.io/guide/rpc-api.html#ethereum-json-rpc-methods.
      • Then the frontend connects to the contract via the “ethers” package. Eg ethers.providers.Web3Provider(ethereum).
        • https://docs.ethers.io/v5/
      • Use ethers to grab the signer (requiring a connected wallet account, as above), then grab the contract using its (1) address and (2) ABI, then you can interact with the blockchain contract from the browser app.
        • https://docs.soliditylang.org/en/v0.5.3/abi-spec.html
      • When you redeploy a smart contract (after ANY change), the contract address and ABI get updated too (which is desired behavior, contracts on the chain are immutable). You need to modify the frontend with the new values.
      • Reads and writes are pretty similar. Writes will pop up metamask for approval. The contract will return the transaction hash which can be scanned by the user until it’s confirmed.
      • Declare events with “event” and trigger with “emit” – this are automatically logged by the EVM.
        • Oversimplified: events are messages that contracts emit; frontend dapp can catch them in realtime.
      • “struct” just custom datatype to hold whatever you want.
      • Made the contract send eth back (conditionally) on wave. Just (msg.sender).call{value: prizeAmount}(“”)
      • “require” statements like “assert” statements. Check if the contract has enough money to send back (a contract can have money, needs to be funded. use hre.ethers.utils.parseEther()).
      • Rng is tough on chain. People can just see what the algorithm for randomness is, and then game it.
        • Basically regenerate a new random number with “seed = (block.timestamp + block.difficulty + seed) % 100;” where seed is set to something arbitrary in the constructor. Not true random, but close.
      • Can store specific information for users. Eg, prevent spamming by only allowing users to enter a contest once every hour. Just create a “mapping” of msg.sender:block.timestamp then add a require statement that checks.
      • Add { gasLimit: X } to the frontend. In the gas with rng on our contract, if that extra clause is entered then the user pays more gas because more code was executed. Limit this. Metamask does an ok job of estimation, but there are obviously nondeterminate factors.
      • Remember to use events to update the frontend. Everything you’d expect; show the user that the transaction is being mined, is complete, etherscan link, etc.
      • And of course, remember .env with secrets, process.env in hardhat.config.js, and .env in .gitignore.
    • Npm advisories, hardhat brings a lot of trash:
      • Inefficient regular expression complexity in chalk/ansi-regex: https://github.com/advisories/GHSA-93q8-gq69-wqmw.
      • Prototype pollution in yargs-parser: https://github.com/advisories/GHSA-p9pc-299p-vxgp.
      • Insecure credential storage in web3 (can get wallets with csrf): https://github.com/advisories/GHSA-27v7-qhfv-rqq8.
      • Arbitrary code execution in underscore: https://github.com/advisories/GHSA-cf4h-3jhx-xvhq.
      • ReDoS in normalize-url: https://github.com/advisories/GHSA-px4h-xg32-q955.
    • Downgraded node 17.4 to 16.13.2 (LTS) for this: https://stackoverflow.com/questions/69692842/error-message-error0308010cdigital-envelope-routinesunsupported. npm and nvm from 8.4.0 to 8.1.2.