Godīgi sakot, es jūtos mazliet kā tajā attēlā. Pēdējo dažu dienu laikā esmu sācis veikt savu pirmo auditu programmā code4rena, un kopā ar Smart Contract kursu un manu darbu tas ir diezgan daudz jārisina.



Jā, galvenokārt tāpēc, ka es par to samaksāju. Bet tas man tikai palīdzēja to uztvert vēl nopietnāk.

Un tad pirms nedēļas atstāju malā savas “bailes” nesagatavoties un reģistrējos code4rena, apņēmības pilna piedalīties nākamajā audita konkursā. Un tā arī izdarīju. Pāris dienas pēc tam sākās asimetrijas konkurss, un es tajā iedziļinājos.



Pirmkārt, es palīdzēšu jums vienkāršā veidā saprast, kas ir atkārtotas iekļūšanas uzbrukums un kā jūs varat to novērst, un pēc tam es iedziļināšos kodu piemēros, lai parādītu, kur ir ievainojamības, kāds būtu uzbrucēja kods. un pats galvenais, es jums parādīšu jaunākās pārbaudītās metodes, lai aizsargātu ne tikai vienu, bet arī visus viedos līgumus jūsu projektā.

Spoileris: Ja esat jau dzirdējis par nonReentrant() modifikatoru, turpiniet lasīt, jo jūs gatavojaties atklāt dažas rindiņas zem globalNonReentrant() modifikatora un pārbaužu-efektu-mijiedarbības modeli.



When I first discovered Blockchain and started to read about the potential that it has and how much certainly present is going to be a big thing in the near future I wanted to tell everyone about it and I found myself in a situation where I was not even able to explain what it is and what is it applied to.

“Blockchain is the new internet” — I was saying.

Okay, but tell me more about it, sounds interesting

“The internet will be decentralized thanks to this new technology” — I was mentioning next

Well, that was about it that I could explain. Honestly, I could not even guess what it is all about because I was never involved with crypto even for a moment and didn’t read anything about Bitcoin and what it really is.

Learning about what Bitcoin is, can give you a great idea of what is the main goal of Blockchain.

So, what was my next move? How did I continue to get into Blockchain?

Well, I knew I was not interested in trading or suddenly start to learn all about investing in crypto. What I was interested in was that I knew there was a new programming language and that now there is the so-called Blockchain developer. I wanted that.

I wanted to learn to code in Solidity!

So, what were my first steps to get into this new world? How did I finally start to move toward my goal of becoming a Blockchain developer?

I started an online course to learn about what is Bitcoin, what is a Blockchain and how many exist and what is the so-called “DeFi” and what is this all about.

Couldn’t I just jump directly into learning about Solidity?

No, because I needed to understand more of what is this all about, I needed to understand why is it called decentralized and how much truth there is in that.

I started to combine the course with a book I bought called “Blockchain Revolution: How the Technology Behind Bitcoin Is Changing Money, Business, and the World”.

From the course, I learned what is an Exchange, what is lending and borrowing, what is UniSwap, what are the different types of protocols in blockchain and so much more about how people are nowadays involved with blockchain.

And from the book I learned the potential that Blockchain has in the world. How it can change everything. How the world would look like with a voting system decentralized, with a decentralized system in hospitals, many usabilities, and let me tell you I loved all of it.

But, did I start learning Solidity or not?

Yes, I got to both, learn Solidity from an introductory class in the online course and on my own research.

And then, little by little I started to move my interests and time, more towards Solidity and how to program smart contracts.

And a few months later came Auditing to my life… but that’s for another day.

________________

So, for those enthusiast programmers that want to go all in with Smart Contracts.

Learn first about the history of Money, the history of blockchain and bitcoin, and also how decentralized finance work.



You might have come across some Solidity tips to improve your code skills in order to save some gas, but, today I want to focus more on how understanding the Ethereum Virtual Machine can effectively save you gas costs on your smart contracts.

Since we are going to dive into Ethereum, I am going to leave here the snippet of its Yellow Paper which specifies the gas costs of the opcodes, and during the article we will be referring to them.



Tip #1: Cold access VS warm access

Gcoldsload: 2100 gas

Gwarmaccess: 100 gas

There we have our first OPCODES, the first one is specifying how much it costs to access a variable for the first time (or cold access) while the second one specifies how much it costs to access the variable a second time and further (warm access). As you can see the difference in price is quite big, so understanding this can make a big difference in the costs of your smart contract’s transactions. Let’s see an example.





Caching the data inside a function in Solidity can result in lower gas usage, even if it needs more lines of code. In this case, it is by switching the location of the array and instead of using it from storage and hence cold accessing it every time in the loop, it stores the array in memory where is cheaper to access it.

Tip #2: Zero vs non-zero values and gas refunds

Gsset = 20,000 gas

Rsclear = {discount on execution price}

Changing a value from 0 to non-zero on the Ethereum blockchain is expensive as we see in the price of Gsset, but changing a value from non-zero to 0, can give you a refund in gas value as per the opcode Rsclear. In order to not take advantage of the refund, it is established that you can only get refunded by up to a maximum of 20% of the total transaction cost.

You can find such a scenario in a very common scenario on blockchain, which is updating the balance of addresses in smart contracts. Let’s see an example of each:





In the first example ZeroToNonZero contract, non-zero to non-zero (5,000 gas*) + zero to non-zero (20,000 gas) = 25,000 gas

In the second example NonZeroToZero contract, Non-zero to zero (5,000 gas*) + zero to non-zero (20,000 gas) — Refund (4,800 gas) = 21,200 gas

*2,100 (Gcolssload) + 2,900 (Gsreset) = 5,000 gas

Tip #3: Order of state variables matter

The Storage is like a key-value data structure that holds the state variables values of a Solidity smart contract.

You can think of storage as an array which will help to visualize this. Each space in this storage “array” is called a slot and holds 32 bytes (256 bits) of data and each state variable declared in the smart contract will occupy a slot depending on its declaration position and its type.

Not all data types take all the 32 bytes of each slot as there are some data types (bool, uint8, address…) that take less than that.

The trick here is that if two/three or more variables together are 32 bytes or less, solidity’s compiler will try to pack them together in a single slot, but these variables need to be defined next to each other.





Here we are using the data types bool (1 byte), address (20 bytes), and uint256 (32 bytes). So, knowing the size of these variables you can easily understand that in the first example in the TwoSlots contract since we have bool and address together (1 + 20 = 21 bytes, which is less than 32 bytes) they will occupy one slot. On the ThreeSlots contract since bool and uint256 cannot be in the same slot (1 + 32 = 33 bytes, which is bigger than the slot capacity) in total we will be using three slots.

Now, why is this so important?

SLOAD opcode costs 2100 gas and it is used to read from Storage slots, so if you can store the variables in fewer slots, you will end up saving some gas.

Tip #4: uint256 is cheaper than uint8

We have learned in tip #3, that uint256 (256 bits = 32 bytes) occupies by itself a slot and we have learned as well that uint8 is less than 32 bytes. So, while it is kind of straightforward that 8 bits are smaller than 256 bits, how come uint256 is cheaper?

In order to understand that it is important to know that if a variable does not fill itself the whole slot and if this slot is not filled by any other variable, the EVM is going to fill the rest of the remaining bits with “0”s in order to be able to manipulate it.

This “0” addition performed by the EVM will cost gas, meaning that in order to save transaction gas, it is better to use uint256 instead of uint8.

__________________

Hopefully, while finding out about these tips to reduce the gas costs in your smart contracts you have learned as well a bit of how the EVM works.

__________________

Twitter @TheBlockChainer to find more daily updates about Smart Contracts, Web3 Security, Solidity, Auditing smart contracts, and more.

__________________

To start, let me mention I am a Software Engineer in Test, aka QA. I have been working on testing mobile apps and writing some automated tests for over 7 years.

Now, how does a QA end up involved in the world of Blockchain?

Was it through Bitcoin? or Trading? or any kind of crypto investment? Not even close. I have never been interested or involved in anything related to crypto. And I will tell you more I had never even heard the word Blockchain until the day I caught up with a good old friend.

You know those moments when you are speaking with someone about what has he/she been up to and mentions a few words you didn’t fully understand but you let him/her continue so that you don’t, both, interrupt or seem -for lack of a better expression- less smart? Well, that time I did actually ask and I must say that doing so, has changed the path and plans I had for my professional life.

So, once you discover you are interested by Blockchain, how do you even start learning about it?

Most relevant places to find and consume Blockchain material

From my experience, the best places to find and consume material about Blockchain are YouTube, like for most of things, and Twitter, yup, that place where in the last decade has lived a bunch of haters also has a growing community of blockchain enthusiasts which are constantly sharing knowledge and material, both in tweets and links to articles from multiple places.

So, after some time watching videos and following a few Twitter accounts I realized I had lots of noise on both my Youtube home and in my personal Twitter feed, so what did I do? I created a separate Twitter account to only follow and interact with Blockchain-related tweets and the same with Youtube, I created a new account where I would only watch only Blockchain things. And like that, I would be getting rid of lots of distractions in order to ease the findings in the topic.

After setting this up, you will little by little be finding the right and most popular Youtubers and Twitter accounts which will lead you to find the right path, the right places to start. How? You will start discovering what it is all about, and from those things you will start to do research about those that caught your attention, and those that made you slip a “wow” or a “Jesus! I don’t know anything about it but sounds quite interesting”.

And that’s just the beginning.