Lecture 2. Introduction: Ethereum and beyond.


Blockchain, not Bitcoin

Question: what else can be built on top of Bitcoin?

There were many developments, but not as promising (e.g., colored coins). The scripting language (which encodes spending conditions on UTXOs) of Bitcoin is not expressive enough. See this video for more about scripting language, and here are the basics of Bitcoin txs.

An idea came about in 2012-2013 that blockchain itself is a more important invention than Bitcoin, and maybe there could be things built on top of a blockchain, not Bitcoin.

A better question: what else can be built on top of a blockchain protocol? Apart from another cryptocurrency with different parameters, like Litecoin.

Idea: theoretically, we should be able to record “arbitrary states” and perform arbitrary computations via “txs = state transitions” on a blockchain.

The key question: how to best implement the state transition model?
Stellar answer: use smart contracts = digital vending machines. Regular users can: (1) send txs to each other (as before); (2) deploy smart contracts (onto nodes’ hard drive) that are governed by code; (3) interact with smart contracts.

This idea was pioneered by Nick Szabo [1, 2], and implemented in Ethereum by Vitalik Buterin.


Quick intro to Ethereum

Regular accounts and contract accounts are the 2 types of accounts on Ethereum:


Public address = 40 hexadecimals Example: 0xd8da6bf26964af9d7eed9e03e53415d37aa96045

This is one of the public addresses of Vitalik Buterin, creator of ethereum. Addresses can be conviniently investigated using etherscan.

Rmk: in hexadecimal notation we use 0-9,A,B,C,D,E,F: 16 symbols; 1 hexadecimal = 4 bits = 2^4 = 16 different things; (1 byte = 2 hexadecimals = 8 bits)

Public address is derived from the public key: you get a public address for your account by taking the last 20 bytes of the Keccak-256 hash of the public key and adding 0x to the beginning.


Transactions (external transactions) (or “messages”) come from regular accounts (EOA), initiated by signatures with private key. 3 types:

  • EOA to EOA (ETH transfer)
  • EOA to 0 (contract deployment)
  • EOA to CA (ETH transfer, contract execution = calling functions)

Transaction contains:

  • ETH sent — changes balance of ETH
  • Data — directs the contract deployment / execution

Internal transactions (internal calls) from CA are always triggered by code. Any sequence of internal txs has to be initiated at first by an external tx.


Composibility idea: smart contracts can talk to each other! They can quote prices to each other, they can request things, etc. Example below shows how an aggregator on ethereum (e.g. https://matcha.xyz/) directs 1 trade to various decentralized excghanges (DEXs) to achieve the best price.


EVM (Ethereum Virtual Machine) Run by nodes, is needed to compute all the state transitions.


  • Halting problem: In 1936, Alan Turing has shown that a (turing) machine cannot tell if a script will halt or run forever, before execution.
  • ⇒ Infinite loops or resource intensive scripts are a potential attack vector

  • Bitcoin and Ethereum deal with this problem in different ways:
    • Bitcoin Script is a deliberately limited scripting language.
    • Ethereum has a Turing complete instruction set. It charges a fee for each minimal computation step (gas).
  • All EVM operation sconsumes a pre-defined amount of gas. (Addition → 3 gas units, Multiplication → 5 gas units, Store 256 bits → 20k gas units)
  • Every transaction has a user-specified gas limit, i.e. the maximum number of gas units that can be triggered by this transaction.
  • Simple “send ETH” txs require 21000 gas units. More complicated contract executions vary.

  • Every transaction has a certain gas price = “price of gwei-per-gas” that the sender is willing to pay.
  • Rmk: 10^9 gwei = eth; gwei = 10^9 wei.

  • Execution of tx based on gasLimit and gasPrice is shown below. The upshot is that miners get paid for every operation they perform (even if the tx is invalid!)
  • image


  • Protect Ethereum from DoS attacks and infinite loops in the code
  • Give a great mechanism to determine which tx to prioritize
  • [mechanics before eip1559] first-price auction, everything goes to miners
  • [mechanics after eip1559] base fee (in gwei-per-gas) is dynamically quoted to you by Ethereum network = the gas price under which ethereum will include your tx. This fee is burnt. Miners/validators receive a small tip + MEV (see later)
  • More details:
  • Essential tools for dertermining fees (usually these are automatically set by your wallet though):

Ethereum ecosystem


Key point:

Ethereum programs money & business logic ⇒ programs incentives ⇒ ⇒ programs human coordination

Example of a smart contracts on Ethereum: a different currency, ERC-20 token

ERC20 token
variables: - name - symbol - totalSupply - balance(address => int)
functions: - totalSupply() - balanceOf(address) - transferTo(address, int)
constructor: - name = … - symbol = … - totalSupply = … - balance[addr_Alice] = … - balance[addr_Bob] = …

Decentralized Finance (DeFi)

DeFi = open, permissionless, and highly interoperable financial infrastructure built on a public smart contract platform.

DeFi primitives = the most important DeFi protocols: (for links and resources see the topics page)

  • DEXs (e.g. uniswap)
    • Centralized exchanges use the “order book” design for trading
    • Decentralized exchanges, restricted by blockchain constraints, predominantly use the AMM (automated market maker) design:
    • image

      On the left you see (1)-(6) steps on how uniswap works.

      Key point is that the product of two quantities doesn’t change after the trade: 1550 \cdot 1 = 1599 \cdot 0.938

    • Order book design becomes feasible again on L2 (see scaling discussion below)
  • Money markets (e.g. aave, compound)
  • See the diagram below for the step-by-step description.

    VERY IMPORTANT addition to the diagram: if Alice’s LTV spikes to >85%, she get’s liquidated: her ETH is sold to liquidators (usually bots that monitor this stuff) for 5% discount, and the loan is cancelled.

  • Oracles (e.g. chainlink)
  • How does AAVE know the price of ETH? It can look at uniswap, but in practice it uses an oracle.


    The oracle problem: in this architeccture, the decentralized protocol (aave) relies on a centralized source coming from TradFi.

    ⇒ need to decentralized oracle. Most popular solution: chainlink

  • Stablecoins
    1. It is an ERC-20 token that is pegged to 1 dollar.

      The pegging mechanism is the heart of the stablecoin. Three types:

    2. Fiat-backed: USDC, USDT […]
    3. Crypto-backed: DAI, LUSD, RAI (this one is free-floar, i.e. pegged only loosely) […]
    4. Algorithmic: FRAX, UST (collapsed) […]

Many of these projects / protocols have their own tokens.

  1. Tokens carry governance rights (this benefits holders AND the protocol)
  2. Sometimes have value accrual mechanisms (e.g. fees directed to holders)
  3. Have a speculative premium (⇒ ability to “invest into projects”; this matters a lot)
  4. Are used to incentivize participants (e.g. COMP), supercharging network effects of Web 3 projects.

Rmk. It is important to acknowledge that cryptocurrencies / tokens are a good form of coordination when used as a reward / value accrual / coordination mechanism, but not as a means of voting power, because of bribery attacks.

Key reason for a token — decentralization of the protocol into a DAO. The mechanics of it are still very much evolving. (e.g. how uniswap retroactively rewarded users with tokens, as if uber would airdrop their stocks to all of their drivers and passengers, in order to achieve a shared ownership of the protocol. This is hard to repeat though, because of sybil attacks.)

Quick digression into DAOs. DAOs are:

  • multi-sigs
  • bigger decentralized capital formations (e.g. molochDao)
  • decentralized organizations that govern DeFi projects (makerdao, aave, etc), require token
  • token/nft-gated communities
  • etc

Traction of DeFi:

Key gamechangers for why DeFi >> TradFi:

  • Automation & programmability [logic of financial contracts is enforced by Ethereum EVM, as opposed to being enforced by the US laws in TradFi]
  • ⇒ rent-extracting intermediaries removed ⇒ systems are much more efficient

  • Open access for scrutiny
  • ⇒ systems are much more secure than TradFi

  • Decentralization (this is a spectrum! Some protocols are more decentralized than others)
  • ⇒ no collusion

    ⇒ open access for usage (censorship resistance)

    ⇒ self-custody [this is good and bad; good because you own your assets ⇒ less collusion; bad because of security issues, this is currently being solved by things like social recovery of wallets]

    Rmk: DeFi currently is not accessible to all due to high fees, but will be in 2 years — see scaling discussion below.

  • Open-source code ⇒ insanely fast development
  • Composability ⇒ systems interoperate smoothly. Decentralization (⇒no collusion) helps to remove the incentive to verticalize the system.
  • Atomic composability: flash loans
More info:

What else is interesting in blockchains? (overview of other special topics)


NFT = certificate on a blockchain asserting that someone posesses a certain unique digital asset

Key innovation: art is an uncopyable NFT ⇒ can sell art digitally ⇒ 1000x distribution for artists

Why NFTs have value? Counter-question: why do people buy physical art and display it in their houses? Its not because the piece itself has value — the real value is in showing other people that you “bought and have” this original piece. Same thing happens digitally.

Various types of NFTs: [sold/bought on special marketplaces: https://opensea.io/, https://x2y2.io/, https://sudoswap.xyz/]

  • on-chain art:
  • 10k profile picture collections (cryptopunks, bored apes, nouns, and many many more)
    • kind of similar to physical collectibles
    • enable investing into “brand” and “culture”
    • ongoing progress on lisensing IP rights
  • game items
  • ENS
  • music NFTs (example 1, 2)
  • specific financial instruments (e.g. LP certificates in uniswap V3)

Scaling approaches

Problem 1. All of the above resulted in a huge demand for blockspace ⇒ need to scale blockchains.
  • Bitcoin: ~5 txs / sec Ethereum: ~20 txs / sec Visa: 24000 txs / sec
  • Tx fees on Ethereum fluctuate from 0.5$ to 30$ for a simple transfer.
  • Bottleneck for scalability = not the compute/consensus part, but rather the storage part, namely the growth of state size of Ethereum
  • [Scaling<———>Decentralization] tradeoff (block size debate in Bitcoin)

Payment channels (a strategy for scaling)

  • Uni-directional payment channel description: [Alice] ———[PAYMENT CHANNEL 100$]———> [Bob]
    1. Alice sets up a payment channel with 100$, onchain. HTLC (Hashed TimeLock Contract) logic of the payment channel:
      1. Money can be withdrawn with Alice’s sig, but only 30 days after deployment of the channel
      2. Money can be withdrawn with Alice’s sig AND Bob’s sig at any moment
    2. Alice pays 5$ to Bob for coffee by signing the following tx, offchain!
    3. (“distribute funds: 95$ → Alice, 5$ → Bob”, sigAlicesig_{Alice})

    4. Alice pays another 5$ to Bob by signing the following tx, offchain again:
    5. (“distribute funds: 90$ → Alice, 10$ → Bob”, sigAlicesig_{Alice})

    6. 29 days after the payment channel was initiated, Bob signs the last tx of Alice and gets all the payments by closing the payment channel onchain.
  • Bi-directional payment channel: article, original paper
  • Lightning network

Rollups (the scaling strategy now for Ethereum, 2nd strategy for scaling).

Two kinds:

  • zk rollups (e.g. zk-hermez, zk-sync, starknet)
  • Use SNARKs (or STARKS) to compress computation

    SNARK high-level description: (extremely cool)
    zkRollup simplified details:
  • optimistic rollups (e.g. arbitrum, optimism)
  • Rest on economic incentive design: similar to zk-rollups but proofs are not posted at all, but if there is a malicious behavior, fraud proofs are posted by “watchers” and rollup operator is slashed.

Sharding (long-term scaling strategy)

Key idea is that not everyone processes everything, light-clients by default. This is much further down the road for Ethereum, 2-5 years, cryptography heavy.

Rmk 1. Blockchain architecture nowadays:

App layers (DeFi, NFTs, DAOs, etc)
Layer 2 (rollups, scaled systems on top of blockchains)
Layer 1 (consensus / execution / data availability)
Layer 0 (internet communication, social layer)

Rmk 2: scaling is in process, and will enable fundamentally new dapps (payments most importantly, by ETH and USDC) ⇒ more innovation coming on the app layer

Proof of stake

Problem 2. Mining consumes a lot of energy. (On the order of a middle size country like Argentina)
  • Another direction where Ethereum is innovating: transition from proof-of-work to to proof-of-stake (on Thursday night around 3am), see this intro video for more details).
  • How PoS works, in three lines:
    • miners are now called validators, and they stake eth = lock eth in a certain smart contract
    • leader selection is done randomly (as opposed to according to mining), proportionally to how much validators have staked
    • malicious behavour ⇒ stake is getting slashed
  • Main idea: incentive to “not to waste your energy on the wrong fork” is getting substituted with incetive to “not to build on the wrong fork cause my ETH will be shashed
  • The transition will reduce 99% energy consumption of Ethereum ⇒
  • ⇒ no electricity bills for miners (now called validators) ⇒

    ⇒ no need to pay huge block rewards to validators ⇒

    ⇒ massive reduction in inflation (this is costs for a blockchain) ⇒

    ⇒ much more economic efficiency of the blockchain (more security for dollars spent)

    (see 2:10 timestamp in this video for a quick breakdown of benefits of PoS)

  • Ethereum actually becomes the first productive blockchain

Rmk. The actual details of Ethereum PoS are very complex; the above is a drastic simplification. We might dig deeper into PoS later in the course.


Problem 3. People like to have their financial privacy.
  • zk technology allows to process txs while keeping them secret
zk SNARK high-level description: (extremely cool tech)
  • These are being implemented on the L1 level (e.g. zcash), on the L2 level (e.g. aztec), and on the app layer (e.g. tornado cash; use vpn for this)


Problem 4. Financialization of blockchains means that certain transactions (arbitrage, liquidations, etc) are worth much more than the others.
  • All user pay fees to get their txs included in blockchain.
  • Certain users pay extra fees to order txs in a particular order (to be first to execute arbitrage, liquidations, frontrunning, etc) – these extra fees are called MEV (Maximal Extractable Value). It is bad because frequently sophisticated users take advantage of retail users [to be clear, there is “fair” MEV (like liquidations and arbitrage), and there is “parasitic” MEV (like frontrunning and sandwiching); these notions are loose though]
  • Ethereum tackles the MEV problem by introducing a separate market for “searchers”: people who bundle transactions, and then participate in auction for these bundles to get included. Flashbots is the current short-term implementation of this = a certain program (”mev boost” to be precise) that validators run alongside their nodes, through which searchers can send their bundles.
  • Proposer-builder separation is the mid-term (2 years) protocol level solution in Ethereum for MEV = essentially embedding this separate economic market into the Ethereum protocol