Introduction to Blockchain and Smart Contracts 

Introduction to Blockchain and Smart connects

Blockchain & Smart contracts are the buzz. It is not just about bitcoin and Ethereum like cryptocurrencies but altogether a different ball game. There are a lot of applications of blockchain outside of cryptocurrency. Today we will be talking about Blockchain & Smart Contract basics.  

In this section, we will look through the basics of blockchain and smart contracts. 


The basic thought of **Blockchain** is that it capacities as an open, decentralized database that records exchanges, which are chained together as pieces, in a lasting way. There are distinctive sorts of blockchains on the showcase, and Bitcoin and Ethereum are two of the foremost critical. The foremost important Blockchain to us is Ethereum since that’s the Blockchain that essentially all savvy contracts and conveyed applications (DApps) utilize. 

A smart contract could be a self-executing contract, where the terms are composed in code. As smart contract innovator Scratch Szabo characterized the concept in a 1996 whitepaper , “A smart contract is a computerized transaction protocol that executes the terms of a contract. The general objectives of smart contract design are to satisfy common contractual conditions (such as payment terms, liens, confidentiality, and even enforcement), minimize exceptions both malicious and accidental, and minimize the need for trusted intermediaries.” 

Szabo’s definition could be a fairly high-level one. But, as appeared within the realistic, it’s not difficult to think of potential applications for shrewd contracts. In reality, smart contracts have been utilized in supply chain administration, ICOs, decentralized back (DeFi) ventures, and more. It’s an awfully modern shape of application, but the advancement environment has detonated in measure and so have the dangers. A single bug can fetched smart contract engineers millions of dollars and demolish a company’s notoriety overnight. The stakes are tall, and that’s why so much consideration is moving from web apps to smart contracts. Whereas web apps have created more grounded security benchmarks over time, the savvy contract space is generally unexplored and underprotected. 

There are two primary sorts of accounts on the Ethereum blockchain: **remotely possessed** accounts and **contract** accounts.  

An remotely possessed account is when a client makes a open address and keeps up a private key related with that address. This address can hold ether and connected with contracts on the blockchain. A ordinary address, based on hexadecimal arrange, looks like this: 


Smart contracts are programs that reside within decentralized blockchains and are executed pursuant to triggered instructions. A smart contract acts in a similar way to a traditional agreement but negates the necessity for the involvement of a third party. Smart contracts are capable of initiating their commands automatically, thus eliminating the involvement of a regulatory body. As a consequence of blockchain’s immutable feature, smart contracts are developed in a manner that is distinct from traditional software. Once deployed to the blockchain, a smart contract cannot be modified or updated for security patches, thus encouraging developers to implement strong security strategies before deployment in order to avoid potential exploitation at a later time. 

General Concepts around Blockchain 

Public blockchains 

A public blockchain does not have restrictions. Anyone with an internet connection can get access to the network and start validating blocks and sending transactions. Typically, such networks tend to offer some kind of incentive for users who validates the blocks. 

Anyhow, this network tends to use [Proof of Work]( or [Proof of Stake]( [consensus algorithms]( for validating the transactions. It is a “Public” network in a true sense also there are many[ different consensus algorithm]( 

Private blockchains 

Private [blockchains]( like Ripple and Hyperledger have the advantage of speed because a smaller set of users means less time to reach a consensus to validate a transaction. Private blockchains can process thousands of transactions every second and are easily scalable. 

A private blockchain has a centralised network that quickens the transaction process. Having a centralised network also raises the issue of trust, which is resolved in a [public blockchain]( A transaction’s validity cannot be verified on private networks and relies on the authorised nodes’ credibility. 

The former form of control means faster transactions. Private Blockchains have much less nodes than their public counterparts, therefore the performance is faster 

Hybrid blockchains 

A hybrid blockchain is a unique type of blockchain technology that amalgamates components of both public and private blockchain or tries to utilise the ideal part of both public and private blockchain solutions. 

Transactions and records in a hybrid blockchain are made private but can be verified when entailed, such as by enabling access through a smart contract. Private information is kept inside the network but is still verifiable. 

Proof Of Work 

The proof of work (PoW) is a common consensus algorithm used by the most popular cryptocurrency networks like bitcoin and litecoin. It requires a participant node to prove that the work done and submitted by them qualifies them to receive the right to add new transactions to the blockchain. However, this whole mining mechanism of bitcoin needs high energy consumption and a longer processing time. 

Proof Of Stake 

The proof of stake (PoS) is another common consensus algorithm that evolved as a low-cost, low-energy consuming alternative to the PoW algorithm. It involves the allocation of responsibility in maintaining the public ledger to a participant node in proportion to the number of virtual currency tokens held by it. However, this comes with the drawback that it incentivizes cryptocoin hoarding instead of spending. 

Proof Of Capacity 

The Proof Of Capacity allows sharing of memory space of the contributing nodes on the blockchain network. The more memory or hard disk space a node has, the more rights it is granted for maintaining the public ledger. 

Proof Of Burn 

Proof Of Burn is another that requires transactors to send small amounts of cryptocurrency to inaccessible wallet addresses, in effect “burning” them out of existence. 

Important Concepts Regarding Smart Contracts 


Fair since you make and send a smart contract doesn’t cruel that you just have any advantaged get to or rights with regard to that contract. By default, your interaction with that contract on the blockchain will be the same as everybody else’s. 

Be that as it may, it’s common in genuine smart contracts for there to be capacities where an proprietor part is included, whether in running an sell off or a lottery draw. Since this owner doesn’t exist by default, it needs to be made. Possession is around get to control. Who has get to control on the smart contract?  

 OpenZeppelin’s Ownable library is one of the foremost common ways to execute possession, and it permits capacities like exchanging proprietorship or revoking it. Authorizations can of course get more granular with the creation of numerous roles. Ownership can too be mishandled, such as within the case where an proprietor of a token can subjectively make an boundless number of tokens, conjointly where you incidentally permit clients to call capacities that ought to be saved 

ERC Standards 

An ‘Ethereum Request for Comments’ (ERC) is a document that smart contract programmers using the Ethereum blockchain platform write. They describe rules in these documents that Ethereum-based tokens must comply with. 

The Ethereum community accepts some of these documents after working through the EIP process, finalizes it, and then developers implement it. This is how the document becomes an ERC. In other words, ERCs originate as EIPs and could address different areas, for e.g., tokens, registration name, etc. 

The most common standard is ERC-20, and it describes the rules that smart contract tokens have to follow. In simple terms, an ERC-20 token is a fungible token, meaning that it functions like a $20 bill. Every $20 bill can be exchanged for another $20 bill.

They are interchangeable. One of the reasons why this standard was created was to give some kind of clear and consistent logic to the proliferation of tokens on the blockchain operating according to different rules and creating chaos. 

Anatomy of ERC20 Tokens They follow a list of rules so that they can be shared, exchanged for other tokens, or transferred to a crypto-wallet. The ERC20 standard consists of 3 optional rules and 6 mandatory rules. 

**The mandatory rules are as follows:** 

–   totalSupply 

–   balanceOf 

–   transfer 

–   transferFrom 

–   approve 

–   allowance 

**On the other hand, the optional rules are:** 

–   Token Name 

–   Symbol 

–   Decimal 

One of the mandatory rules, totalSupply, specifies exactly how many tokens are in circulation. 

Another common standard which is seeing a lot of use is **ERC-721**, which is a non-fungible token standard. Unlike in the **ERC-20** standard, in this case, tokens are not interchangeable, which creates all kinds of interesting use cases. This standard is used to establish authenticity of ownership over scarce digital resources, like collectibles or art. 


Strength, like other object-oriented programming dialects, includes a concept of legacy, which can be connected to contracts. There can be parent contracts and child contracts, which acquire from parent contracts. 

 There are at slightest two reasons why you might utilize legacy in shrewd contract advancement and investigation. To begin with, it permits changes in one parent contract to be reflected in child contracts. And moment, it permits you to reuse code and decrease by and large program length.  

 Interfaces are a particular kind of legacy with critical rules. They cannot characterize state factors or constructors, capacities need to be outside, and interfacing cannot themselves acquire from other contracts. 


The Reentrancy attack is one of the most destructive attacks in the Solidity smart contract. A reentrancy attack occurs when a function makes an external call to another untrusted contract. Then the untrusted contract makes a recursive call back to the original function in an attempt to drain funds. 

When the contract fails to update its state before sending funds, the attacker can continuously call the withdraw function to drain the contract’s funds. A famous real-world Reentrancy attack is the DAO attack which caused a loss of [3.6 million ether]( . 

Integer Overflows and Underflows 

Incorrect use of arithmetic in smart contracts can lead to integer overflow or integer underflow. In simple terms, an overflow is when there’s an output larger than allowed and an underflow is when there’s an output smaller than is allowed. If overflows and underflows aren’t accounted for in the code, then inputs and outputs will be vulnerable to attack. 

In Ethereum, an unsigned integer (uint) can range anywhere from 0 to 115792089237316195423570985008687907853269984665640564039457584007913129639935, which is the maximum uint value of (2^256)-1. An overflow, then, is when 1 is added to that limit, at which point the overflow pushes the number back to 0. An underflow is when 1 is subtracted from 0, pushing the number from 0 to the top, which is 


You can see that an underflow attack is most practical. If a user has a balance of 0 and sends a token, the balance will revert to ~10^77, which then can be sent to a wallet. The things to look for are: who has access to the uint? How much can it be incremented at a time?  

Is the uint a smaller data type like uint8 or uint 16? 

Generally, the best way to fix this is to just use Open Zeppelin’s safe math library or use at least version 0.8.0, as overflow/underflow checks were added into Solidity. However, these checks often increase gas usage (transaction fees), and so many developers disable these checks, which is bad practice. 

The thing to note about Zeppelin’s safe library is that what version has been used and is the library modified by the developer. 

Subscribe to our Newsletter
Subscription Form

Fill in your details and get your copy of the datasheet in few seconds

CTI Report

Fill in your details and get your copy of the ebook in few seconds

Ebook Download

Fill in your details and get your copy of sample report in few seconds

Download ICS Sample Report

Fill in your details and get your copy of sample report in few seconds

Download Cloud Sample Report

Fill in your details and get your copy of sample report in few seconds

Download IoT Sample Report

Fill in your details and get your copy of sample report in few seconds

Download Code Review Sample Report

Fill in your details and get your copy of sample report in few seconds

Download Red Team Assessment Sample Report

Fill in your details and get your copy of sample report in few seconds

Download AI/ML Sample Report

Fill in your details and get your copy of sample report in few seconds

Download DevSecOps Sample Report

Fill in your details and get your copy of sample report in few seconds

Download Product Security Assessment Sample Report

Fill in your details and get your copy of sample report in few seconds

Download AI/ML Sample Report

Fill in your details and get your copy of sample report in few seconds

Download IoT Sample Report

Let’s make cyberspace secure together!


Connect Now Form

What our clients are saying!

Trusted by