Thoughts after reading 'Mastering Ethereum' (part 1 of 2)
Here are my some of my naive thoughts after reading the book 'Mastering Ethereum' by Andreas Antonopoulos and Gavin Wood. 'Naive', because this is the first comprehensive material that i read to understand Ethereum and Solidity, nevertheless the book was a a great read to understand Ethereum from various perspectives - technical, economic, political, philosophical, etc.
Prior to reading this book, I had the impression of Ethereum only as the second major cryptocurrency that can also store few digital assets (tokens) and perform some computing in the form of 'smart contracts'. May be my assumption still holds true because this is what Ethereum does by and large, at least as of today.
However I was so enthralled to see the underlying vision of Ethereum from a much broader perspective - 'A Global Computing Platform' or 'The World Computer' as described in the book. The vision may not have become a complete reality today such as to do everything in a public blockchain due to the scalability limitations and costs associated. However such a vision to execute programs and record important transactions that will become immutable in history and in a decentralized way was truly visionary, certainly during its time of conception.
While Bitcoin's vision was to be a global P2P currency, Ethereum doesn't want to be just a decentralized cryptocurrency but a 'world wide computer operating under consensus' as stated in the book by one of its founders. For me this was the most striking aspect and biggest revelation from the book !!
The list of possible 'transactions' could range anything in the future - from paying your electricity bills TO signing trade agreements between two companies TO signing of a peace treaty among two countries TO the various financial use cases, etc. It is amazing to be in a time where it is going to be easy to record transactions and prove them when required without trusting or being dependent on any specific entity.
Before reading this book, I just completed reading the primer of all blockchain books - 'Mastering Bitcoin' by Andreas Antonopoulos, also one of the authors of this book. In my view, Mastering Bitcoin can be appealing to almost all sections of the people who wants to deal with Blockchain - developers, economists, lawyers, investors, etc. Any one who is a little analytical and enthused about Blockchain can easily understand most of its contents. The language and the flow of the book is so simple, appealing and captivating..
However Mastering Ethereum is aimed at developers. Initially it was less exciting to see more technical language in the book, compared to Mastering Bitcoin. For instance, I spent a good few hours trying to understand the classic definition of Ethereum in Page1 of the book, nevertheless it led me to revise few 'Theory of Computing' topics such as State machine, Singleton state, Deterministic, Turing complete, Universal Turing Machine, etc which I hadn't learnt so enthusiastically in the university.. LOL !!
Explanation from some of my notes..
But after completing the first few chapters of the book, I was convinced that the (technical) approach followed in the book is perfect, given there is a LOT to cover about the various (technical) aspects of Ethereum. Neither there is much room either nor it is necessary to make the language appeal to non-developers as part of this book.
Solidity is a very versatile and powerful language in terms of what can be achieved and executed on a Smart Contract platform within a limited EVM context and the Ethereum platform. Having come from a Java background, initially I found Solidity constructs to be little less-intuitive, however you get used to it very quickly.
You will also observe that there is a whole world of difference between regular application programming (using languages like Java) and smart contract programming using Solidity. Some of the significant points that I observed are :
Although Solidity is very powerful tool, it is crucial to be aware of this very important note :
As much it is important to be proficient about the different constructs of Solidity, it is even more important to understand the innumerable ways by which it is quite easy to write smart contracts that are seemingly safe but are highly insecure and vulnerable that will be exploited by adversaries !!
There is a whole chapter in the book (Chapter 08) dedicated to this topic that describes over sixteen ways in which one can write smart contracts that look perfectly alright and safe however they contain a significant security vulnerability. Each of the vulnerability is described with an example, the corresponding preventative techniques and best practices to overcome the vulnerability.
Also it was very candid of the authors to discuss some of the Parity related hacks such as the DAO Reentrancy Hack and the Multisig Wallet Hack, although the Parity founder is one of the authors of the book.
Here is a snapshot of my notes describing first few vulnerabilities described in the book and corresponding remedies :
Personally this was the most interesting chapter in the book because I learnt much more Solidity in this chapter (08) than other chapters describing core Solidity constructs.
Although there are no explicit security loopholes in Solidity, by virtue of its design and some of the constructs, it is very easy for developers to write insecure code and often can lead to loss of funds, like it has happened with Parity themselves who are one of the major contributors of Ethereum platform. Some of these instances could be avoided by imposing a better design at the compiler level and by imposing few constraints that doesn't allow developers to go down the insecure path.
Vyper is a new experimental language that compiles to EVM byte code and it attempts to eliminate some of the insecure constructs from Solidity and incorporates few better ones. The book explains in good detail about the features that are omitted from Solidity and the new constructs that are being incorporated in Vyper.
From my notes, some of the key features of Vyper and some of the features omitted from Solidity
Vyper is still at experimental stages and possibly be ready only after few months or years, if it is all successful. Here is Vitalik's Retweet about the first verified Smart Contract written in Vyper on TestNet.
We used to yearn and be excited for (free) services like gmail and facebook until few years ago because it was very cool to have and use them until we realized recently these free services given at the expense of our own data. But very soon we might be in a time where people would be wanting to use Decentralized APPs akka dAPPs - services that do not necessarily require or save your data to operate their business. We might be even willing to pay money to use such services or dAPPs provided we are assured they don't save or use personal data than it is just really required.
Blockchain is taking us in that direction !!
Throughout the book and also the WEB3 vision as outlined in the book is to decentralize the applications and data that currently run on central points of control to be "applications (dAPPs) that will exist and act upon data in a fully decentralized manner".
Yet amazing fact about the WEB3 vision is that it doesn't stop with decentralized money or applications (smart contracts). The vision includes decentralization of the entire application infrastructure :
The vision of decentralization including other layers such as above (apart from the core money and smart contract aspects) was a good revelation only after reading the book. Chapter 12 deals with building a sample dAPP using all of the above elements.
Although no one knows how long it will take for the fruition of such vision with the speeds in the order of millions of TPS (Transactions Per Second), it however looks like the logical destination.
Like Mobile apps became the rage and new norm few years ago, dAPPs will reach that stage very soon, mainly because of growing user awareness of their personal data security !!
(PART- 2 of the article to be published next week)