‣

Resources

‣

HW:

Blockchain, not Bitcoin

Question: what else can be built on top of Bitcoin?

There were many developments, but not as promising (e.g., colored coins). The scripting language (which encodes spending conditions on UTXOs) of Bitcoin is not expressive enough. See this video for more about scripting language, and here are the basics of Bitcoin txs.

An idea came about in 2012-2013 that blockchain itself is a more important invention than Bitcoin, and maybe there could be things built on top of a blockchain, not Bitcoin.

A better question: what else can be built on top of a blockchain protocol? Apart from another cryptocurrency with different parameters, like Litecoin.

Idea: theoretically, we should be able to record “arbitrary states” and perform arbitrary computations via “txs = state transitions” on a blockchain.

🔶

The key question: how to best implement the state transition model?

🔷

Stellar answer: use smart contracts = digital vending machines. Regular users can: (1) send txs to each other (as before); (2) deploy smart contracts (onto nodes’ hard drive) that are governed by code; (3) interact with smart contracts.

This idea was pioneered by Nick Szabo [1, 2], and implemented in Ethereum by Vitalik Buterin.

Quick intro to Ethereum

Regular accounts and contract accounts are the 2 types of accounts on Ethereum:

Public address = 40 hexadecimals Example: 0xd8da6bf26964af9d7eed9e03e53415d37aa96045

This is one of the public addresses of Vitalik Buterin, creator of ethereum. Addresses can be conviniently investigated using etherscan.

Rmk: in hexadecimal notation we use 0-9,A,B,C,D,E,F: 16 symbols; 1 hexadecimal = 4 bits = 2^4 = 16 different things; (1 byte = 2 hexadecimals = 8 bits)

Public address is derived from the public key: you get a public address for your account by taking the last 20 bytes of the Keccak-256 hash of the public key and adding 0x to the beginning.

Transactions

Transactions (external transactions) (or “messages”) come from regular accounts (EOA), initiated by signatures with private key. 3 types:

EOA to EOA (ETH transfer)
EOA to 0 (contract deployment)
EOA to CA (ETH transfer, contract execution = calling functions)

Transaction contains:

ETH sent — changes balance of ETH
Data — directs the contract deployment / execution

Internal transactions (internal calls) from CA are always triggered by code. Any sequence of internal txs has to be initiated at first by an external tx.

Composibility idea: smart contracts can talk to each other! They can quote prices to each other, they can request things, etc. Example below shows how an aggregator on ethereum (e.g. https://matcha.xyz/) directs 1 trade to various decentralized excghanges (DEXs) to achieve the best price.

EVM (Ethereum Virtual Machine) Run by nodes, is needed to compute all the state transitions.

Gas

Halting problem: In 1936, Alan Turing has shown that a (turing) machine cannot tell if a script will halt or run forever, before execution.

⇒ Infinite loops or resource intensive scripts are a potential attack vector

Bitcoin and Ethereum deal with this problem in different ways:

Bitcoin Script is a deliberately limited scripting language.
Ethereum has a Turing complete instruction set. It charges a fee for each minimal computation step (gas).

All EVM operation sconsumes a pre-defined amount of gas. (Addition → 3 gas units, Multiplication → 5 gas units, Store 256 bits → 20k gas units)
Every transaction has a user-specified gas limit, i.e. the maximum number of gas units that can be triggered by this transaction.

Simple “send ETH” txs require 21000 gas units. More complicated contract executions vary.

Every transaction has a certain gas price = “price of gwei-per-gas” that the sender is willing to pay.

Rmk: 10^9 gwei = eth; gwei = 10^9 wei.

Execution of tx based on gasLimit and gasPrice is shown below. The upshot is that miners get paid for every operation they perform (even if the tx is invalid!)

Fees

Protect Ethereum from DoS attacks and infinite loops in the code
Give a great mechanism to determine which tx to prioritize
[mechanics before eip1559] first-price auction, everything goes to miners
[mechanics after eip1559] base fee (in gwei-per-gas) is dynamically quoted to you by Ethereum network = the gas price under which ethereum will include your tx. This fee is burnt. Miners/validators receive a small tip + MEV (see later)

‣

More details:

Essential tools for dertermining fees (usually these are automatically set by your wallet though):

Ethereum ecosystem

Key point:

🔷

Ethereum programs money & business logic ⇒ programs incentives ⇒ ⇒ programs human coordination

Example of a smart contracts on Ethereum: a different currency, ERC-20 token

ERC20 token

variables: - name - symbol - totalSupply - balance(address => int)

functions: - totalSupply() - balanceOf(address) - transferTo(address, int)

constructor: - name = … - symbol = … - totalSupply = … - balance[addr_Alice] = … - balance[addr_Bob] = …

Decentralized Finance (DeFi)

DeFi = open, permissionless, and highly interoperable financial infrastructure built on a public smart contract platform.

DeFi primitives = the most important DeFi protocols: (for links and resources see the topics page)

DEXs (e.g. uniswap)

Centralized exchanges use the “order book” design for trading
Decentralized exchanges, restricted by blockchain constraints, predominantly use the AMM (automated market maker) design:

On the left you see (1)-(6) steps on how uniswap works.

Key point is that the product of two quantities doesn’t change after the trade: 1550 $\cdot$ 1 = 1599 $\cdot$ 0.938

Order book design becomes feasible again on L2 (see scaling discussion below)

Money markets (e.g. aave, compound)

See the diagram below for the step-by-step description.

VERY IMPORTANT addition to the diagram: if Alice’s LTV spikes to >85%, she get’s liquidated: her ETH is sold to liquidators (usually bots that monitor this stuff) for 5% discount, and the loan is cancelled.

Oracles (e.g. chainlink)

How does AAVE know the price of ETH? It can look at uniswap, but in practice it uses an oracle.

The oracle problem: in this architeccture, the decentralized protocol (aave) relies on a centralized source coming from TradFi.

⇒ need to decentralized oracle. Most popular solution: chainlink

Stablecoins

It is an ERC-20 token that is pegged to 1 dollar.

The pegging mechanism is the heart of the stablecoin. Three types:

Fiat-backed: USDC, USDT […]
Crypto-backed: DAI, LUSD, RAI (this one is free-floar, i.e. pegged only loosely) […]
Algorithmic: FRAX, UST (collapsed) […]

Many of these projects / protocols have their own tokens.

Tokens carry governance rights (this benefits holders AND the protocol)
Sometimes have value accrual mechanisms (e.g. fees directed to holders)
Have a speculative premium (⇒ ability to “invest into projects”; this matters a lot)
Are used to incentivize participants (e.g. COMP), supercharging network effects of Web 3 projects.

Rmk. It is important to acknowledge that cryptocurrencies / tokens are a good form of coordination when used as a reward / value accrual / coordination mechanism, but not as a means of voting power, because of bribery attacks.

Key reason for a token — decentralization of the protocol into a DAO. The mechanics of it are still very much evolving. (e.g. how uniswap retroactively rewarded users with tokens, as if uber would airdrop their stocks to all of their drivers and passengers, in order to achieve a shared ownership of the protocol. This is hard to repeat though, because of sybil attacks.)

Quick digression into DAOs. DAOs are:

multi-sigs
bigger decentralized capital formations (e.g. molochDao)
decentralized organizations that govern DeFi projects (makerdao, aave, etc), require token
token/nft-gated communities
etc

Traction of DeFi:

Users: single millions https://dune.com/rchen8/defi-users-over-time

Rmk: not everyone will be a power user.

Total Value Locked (TVL): tens of billions https://www.defipulse.com/

Key gamechangers for why DeFi >> TradFi:

Automation & programmability [logic of financial contracts is enforced by Ethereum EVM, as opposed to being enforced by the US laws in TradFi]

⇒ rent-extracting intermediaries removed ⇒ systems are much more efficient

Open access for scrutiny

⇒ systems are much more secure than TradFi

Decentralization (this is a spectrum! Some protocols are more decentralized than others)

⇒ no collusion

⇒ open access for usage (censorship resistance)

⇒ self-custody [this is good and bad; good because you own your assets ⇒ less collusion; bad because of security issues, this is currently being solved by things like social recovery of wallets]

Rmk: DeFi currently is not accessible to all due to high fees, but will be in 2 years — see scaling discussion below.

Open-source code ⇒ insanely fast development
Composability ⇒ systems interoperate smoothly. Decentralization (⇒no collusion) helps to remove the incentive to verticalize the system.
Atomic composability: flash loans

‣

More info:

What else is interesting in blockchains? (overview of other special topics)

NFTs

NFT = certificate on a blockchain asserting that someone posesses a certain unique digital asset

Key innovation: art is an uncopyable NFT ⇒ can sell art digitally ⇒ 1000x distribution for artists

Why NFTs have value? Counter-question: why do people buy physical art and display it in their houses? Its not because the piece itself has value — the real value is in showing other people that you “bought and have” this original piece. Same thing happens digitally.

Various types of NFTs: [sold/bought on special marketplaces: https://opensea.io/, https://x2y2.io/, https://sudoswap.xyz/]

on-chain art:

“classical” digital art (xcopy, beeple)
generative art (artblocks)
physical/digital mix (damien hurst)

10k profile picture collections (cryptopunks, bored apes, nouns, and many many more)

kind of similar to physical collectibles
enable investing into “brand” and “culture”
ongoing progress on lisensing IP rights

game items
ENS
music NFTs (example 1, 2)
specific financial instruments (e.g. LP certificates in uniswap V3)

Scaling approaches

🔶

Problem 1. All of the above resulted in a huge demand for blockspace ⇒ need to scale blockchains.

Bitcoin: ~5 txs / sec Ethereum: ~20 txs / sec Visa: 24000 txs / sec
Tx fees on Ethereum fluctuate from 0.5$ to 30$ for a simple transfer.
Bottleneck for scalability = not the compute/consensus part, but rather the storage part, namely the growth of state size of Ethereum
[Scaling<———>Decentralization] tradeoff (block size debate in Bitcoin)

Payment channels (a strategy for scaling)

Uni-directional payment channel description: [Alice] ———[PAYMENT CHANNEL 100$]———> [Bob]

Alice sets up a payment channel with 100$, onchain. HTLC (Hashed TimeLock Contract) logic of the payment channel:

Money can be withdrawn with Alice’s sig, but only 30 days after deployment of the channel
Money can be withdrawn with Alice’s sig AND Bob’s sig at any moment

Alice pays 5$ to Bob for coffee by signing the following tx, offchain!

(“distribute funds: 95$ → Alice, 5$ → Bob”, $sig_{Alice}$ )

Alice pays another 5$ to Bob by signing the following tx, offchain again:

(“distribute funds: 90$ → Alice, 10$ → Bob”, $sig_{Alice}$ )

…
29 days after the payment channel was initiated, Bob signs the last tx of Alice and gets all the payments by closing the payment channel onchain.

Bi-directional payment channel: article, original paper
Lightning network

Rollups (the scaling strategy now for Ethereum, 2nd strategy for scaling).

Two kinds:

zk rollups (e.g. zk-hermez, zk-sync, starknet)

Use SNARKs (or STARKS) to compress computation

‣

SNARK high-level description: (extremely cool)

‣

zkRollup simplified details:

optimistic rollups (e.g. arbitrum, optimism)

Rest on economic incentive design: similar to zk-rollups but proofs are not posted at all, but if there is a malicious behavior, fraud proofs are posted by “watchers” and rollup operator is slashed.

Sharding (long-term scaling strategy)

Key idea is that not everyone processes everything, light-clients by default. This is much further down the road for Ethereum, 2-5 years, cryptography heavy.

Rmk 1. Blockchain architecture nowadays:

App layers (DeFi, NFTs, DAOs, etc)

Layer 2 (rollups, scaled systems on top of blockchains)

Layer 1 (consensus / execution / data availability)

Layer 0 (internet communication, social layer)

Rmk 2: scaling is in process, and will enable fundamentally new dapps (payments most importantly, by ETH and USDC) ⇒ more innovation coming on the app layer

Proof of stake

🔶

Problem 2. Mining consumes a lot of energy. (On the order of a middle size country like Argentina)

Another direction where Ethereum is innovating: transition from proof-of-work to to proof-of-stake (on Thursday night around 3am), see this intro video for more details).
How PoS works, in three lines:

miners are now called validators, and they stake eth = lock eth in a certain smart contract
leader selection is done randomly (as opposed to according to mining), proportionally to how much validators have staked
malicious behavour ⇒ stake is getting slashed

Main idea: incentive to “not to waste your energy on the wrong fork” is getting substituted with incetive to “not to build on the wrong fork cause my ETH will be shashed
The transition will reduce 99% energy consumption of Ethereum ⇒

⇒ no electricity bills for miners (now called validators) ⇒

⇒ no need to pay huge block rewards to validators ⇒

⇒ massive reduction in inflation (this is costs for a blockchain) ⇒

⇒ much more economic efficiency of the blockchain (more security for dollars spent)

(see 2:10 timestamp in this video for a quick breakdown of benefits of PoS)

Ethereum actually becomes the first productive blockchain

Rmk. The actual details of Ethereum PoS are very complex; the above is a drastic simplification. We might dig deeper into PoS later in the course.

Privacy

🔶

Problem 3. People like to have their financial privacy.

zk technology allows to process txs while keeping them secret

‣

zk SNARK high-level description: (extremely cool tech)

These are being implemented on the L1 level (e.g. zcash), on the L2 level (e.g. aztec), and on the app layer (e.g. tornado cash; use vpn for this)

MEV

🔶

Problem 4. Financialization of blockchains means that certain transactions (arbitrage, liquidations, etc) are worth much more than the others.

All user pay fees to get their txs included in blockchain.
Certain users pay extra fees to order txs in a particular order (to be first to execute arbitrage, liquidations, frontrunning, etc) – these extra fees are called MEV (Maximal Extractable Value). It is bad because frequently sophisticated users take advantage of retail users [to be clear, there is “fair” MEV (like liquidations and arbitrage), and there is “parasitic” MEV (like frontrunning and sandwiching); these notions are loose though]
Ethereum tackles the MEV problem by introducing a separate market for “searchers”: people who bundle transactions, and then participate in auction for these bundles to get included. Flashbots is the current short-term implementation of this = a certain program (”mev boost” to be precise) that validators run alongside their nodes, through which searchers can send their bundles.
Proposer-builder separation is the mid-term (2 years) protocol level solution in Ethereum for MEV = essentially embedding this separate economic market into the Ethereum protocol

Lecture 2. Introduction: Ethereum and beyond.