Web3 Stack - how blockchain works behind the scenes

Think of a blockchain block as a container holding information such as a nonce, a hash, a hash of the previous block, transaction data, and timestamps.

Nonce (a "number used once") is a theoretically random number generated during the Proof of Work (PoW) mining process. It serves as a hashing base and a way for miners to check the validity of a block.

Hash is a fixed-length string output that uses information about the block as its input. It can’t be decrypted.

A hash of the previous block serves to cryptographically connect blocks and form an immutable chain.

Transaction data is an aggregate of all transactions that get recorded into a specific block.

Block timestamps serve to verify the time of block generation and its place within the block production process.

Blocks are connected through cryptographic hashes that form an immutable chain.

Consistent production of valid blocks is necessary to maintain a chain. Not all mined blocks make it into the chain. There are also orphan, uncle, and stale blocks, which get discarded.

What happens if someone tries to change the content of a block?

Changing the contents of block A (for example, changing transaction information) would change its hash. This changed hash wouldn’t correspond to block A’s hash in block B, breaking the chain. In PoW blockchains, it’s nearly impossible to change the hashes without obtaining the majority of hashing power that goes into producing blocks.

Hashing and connecting blocks together create immutability, an important blockchain feature.

Immutability means that information once written into the chain can never be changed. In that sense, blockchain is an append-only database. Having an immutable database of transactions makes it possible to have verifiable digital money.

A blockchain is a distributed, decentralized ledger that holds chronologically organized transaction records.

Blockchains like Bitcoin or Ethereum are open and permissionless. This means anyone can take part in the consensus mechanism or access the information and data about the chain.

For example, you can use block explorers such as Etherscan to access all information that gets written into the Ethereum blockchain.

n Web3, a node is a device linked to a cryptocurrency network that may produce, receive, store and move data.

Open and permissionless blockchains like Bitcoin or Ethereum allow anyone to run a node.

However, running a node requires a high-speed internet connection and computational power. If you’re running a full node, the node needs to be online all the time. However, you can also run light clients.

Why do blockchains need nodes?

Nodes are connected together in a decentralized network and they validate and store data while ensuring that the network remains sufficiently decentralized.

Decentralized networks are based on data mesh architecture. Control is distributed throughout the network to various peer connection points. Each chosen connect point has a separate server that manages the data and information storage for that cluster of nodes.

In decentralized networks, there is no central entity with unilateral decision power. All nodes take part in a consensus mechanism and have to reach an agreement on the state of the network in order to keep producing blocks.

Decentralized networks are extremely hard to corrupt because a malicious actor would have to take control over a majority of distributed, decentralized nodes.

Decentralized networks provide a trustless environment, remove the risk of central failure, and remove the need for intermediaries.

Consensus describes a process by which a group of peers – or nodes – on a network determine which blockchain transactions are valid and which are not.

Consensus mechanisms are methodologies used to achieve an agreement and add new blocks to the existing blockchains. Some popular consensus mechanisms are PoW and Proof of Stake (PoS).

Consensus mechanisms are key to decentralized networks. As decentralized networks are maintained between unknown parties who don’t know whether they can trust one another, having a consensus mechanism that enables trustless decision-making and protects the network is crucial.

The Byzantine Generals Problem is a game theory problem that describes the difficulty of communicating and reaching a decision between decentralized, unknown parties, without relying on a trusted intermediary.

PoW (Proof of Work) is a consensus mechanism in which miners use cryptographic methods to prove a certain amount of work (computational power) was expended to solve a puzzle. Other network participants can easily verify the proof and validate the blocks proposed by another miner.

PoS (Proof of Stake) is a consensus mechanism involving stakers and validators. People who stake their cryptocurrency in the network get the right to take part in block production.

In PoA (Proof of Authority) consensus mechanisms, the network relies on proof of authority to keep producing blocks. PoA is less popular than the other two options.

PoW was introduced as a concept in the early ‘90s but was first implemented through Bitcoin.

In PoW, miners compete to find the nonce by solving complex mathematical puzzles. The first miner to find the solution gets to mine the block.

In PoW, miners expend computational power and are rewarded by receiving tokens (eg. miners in Bitcoin receive Bitcoin for their work).

PoW is the most used and tested consensus mechanism that has a high level of security (Bitcoin has never been successfully attacked). However, PoW is taxing on the environment and is slower compared to other consensus mechanisms.

In PoS, validators need to stake a required value of the network’s native token in order to take part in the consensus mechanism. Malicious actions are punished by destroying (slashing) staked value.

Any validator can be randomly chosen to confirm transactions and block information. Like in PoW, PoS validators also receive awards for their work.

PoS is more energy efficient than PoW and depending on staking requirements, allows for higher network participation. However, PoS isn’t as battle-tested as PoW and there are concerns about the centralization of power.

Did you know?

Ethereum is the first blockchain to switch from PoW to PoS in an event called the Merge. In doing so, Ethereum decreased its energy consumption by 99%.

Solana uses a PoS mechanism combined with a Proof of History algorithm.

Proof of History is a cryptographic algorithm that generates a timestamp on all pieces of data as they move through the network.

Gas is a unit that describes the amount of computational work miners need to do. The gas fee is the price users need to pay to cover some of the costs associated with the computational work and resources needed to run the network.

Multiple factors define the volatile price of gas, the main being the time interval of new blocks, the number of transactions, and network congestion.

In this module, we learned about blocks, nodes, blockchains, decentralization, consensus mechanism, and gas. Knowing about the fundamentals of how blockchain networks run is a must if you work in Web3.

If you have any questions about the course material or need help studying, join us in a Discord channel dedicated to students.

If you’re feeling confident, go on and take the quiz that sums up Module 1!

Bitcoin is the first example of a peer-to-peer (p2p), decentralized, cryptocurrency network. It is the world’s first and largest (by market cap) blockchain network.

The Bitcoin white paper was published by Satoshi Nakamoto on October 31, 2008. Satoshi’s identity remains unknown.

Satoshi mined the first block in the Bitcoin blockchain (genesis block) on January 3, 2009. Satoshi hid a message within this block that read: “The Times 03/Jan/2009 Chancellor on brink of second bailout for banks”. A quote from a British newspaper, this sentence strongly signaled Satoshi’s intention to create money by the people, for the people.

Bitcoin came on the heels of the 2008 crisis and represented an alternative to traditional financial systems: p2p, electronic cash that is decentralized and can function without intermediaries.

Bitcoin uses the Nakamoto consensus in combination with PoW to verify and validate block production. Nakamoto consensus is a Byzantine fault-tolerant (BFT) consensus that uses PoW to mine new blocks.

A BFT network is a network that’s designed to continue producing valid blocks even in the presence of malicious actors or network issues.

Bitcoin’s native currency is called Bitcoin (BTC) it has a finite supply cap of 21 million.

Bitcoin has been forked numerous times throughout the years, with the most famous forks being Litecoin and Bitcoin Cash.

Ethereum is a decentralized p2p network that supports smart contracts.

The Ethereum white paper was published in 2014 by Vitalik Buterin. A more technical specification, the Ethereum yellow paper, describes the consensus mechanism Ethereum used at launch, as well as the EVM.

The first Ethereum block was mined on July 30, 2015, marking the launch of the project.

Ethereum’s native token is called ether (ETH) and it’s the main currency in the network, used to pay gas fees and miners.

At launch, Ethereum used PoW but switched to a PoS-based mechanism in September 2022, during the Merge.

Ethereum changed the game because it introduced smart contracts to a blockchain platform. Because of that, Ethereum has been dubbed ‘programmable money’.

Smart contracts enabled a quick proliferation of the Ethereum ecosystem, allowing developers to build on top of Ethereum: tokens, dApps, DAOs, NFTs, etc are all powered through smart contracts.

Ethereum Virtual Machine supports the network and allows smart contracts and decentralized applications to function in a decentralized manner.

After the Merge, Ethereum will move forward with new upgrades, with sharding scheduled as the next major milestone.

In the context of blockchain, a digital asset is a non-tangible asset that is created, traded, and stored digitally, is identifiable and discoverable, and has or provides value.

Broadly speaking, there are two types of digital assets: cryptocurrencies like Bitcoin, ether, or Solana and tokens like the Surge Passport NFT, DAI, or UNI.

What’s the difference between cryptocurrencies and tokens?

Cryptocurrencies are usually a native currency of a blockchain, for example, BTC for Bitcoin or ETH for Ethereum.

Cryptocurrencies are used as a medium of exchange and store of value. They’re also used to pay transaction fees and miner fees.

Tokens, on the other hand, are created on top of a blockchain platform. For example, although ETH is a native cryptocurrency on Ethereum, Ethereum the blockchain is host to thousands of different tokens.

Examples include fungible ERC-20 tokens as well as non-fungible tokens such as NFTs.

Tokens can have a wide variety of use cases, for example monetary, membership, governance, identity, etc.

In this module, we learned about Bitcoin, Ethereum, digital assets, and the differences between cryptocurrencies and tokens.

In the following modules, we’ll dive deeper into the concepts we introduced in this module. Get ready to learn more about smart contracts, EVM, tokens, and Solidity!

If you have any questions about the course material or need help studying, join us in a Discord channel dedicated to students.

If you’re feeling confident, go on and take the quiz that sums up Module 2!

Web2 architecture functions on the basis of client-server-database communication.

A client is typically a user like yourself. In technical terms, a client is a browser from which you make your request to the server. The client end of architecture is also called the frontend.

The frontend is the part of the application that you see in your browser - it’s an interface that lets you communicate with the server and the database in a human-readable way.

When you make a request from the frontend, you trigger the server to provide a response. As in our example, your request can be clicking a link to see more details about an AirBnb property. The server receives your request and sends back information.

The server can also be equated with backend or infrastructure. This is where the logic of an application lives. When programming an application, developers will design the rules and behaviors that tell the server how to respond to frontend requests and how to communicate with a database.

The database is storage, i.e. it’s a place where all the data required to make an application work lives. The server sends requests to the database and gets information back to send to the frontend.

In Web2, we’re used to not being able to see the code that builds frontends, servers, and databases. Typically, there are just one or two companies that have centralized power over the hardware and databases that support the internet. Web3 is a promise to change this setup and open the internet to all.

Note: Make sure to watch the video for a guided walkthrough of the Web2 architecture in the browser.

You can think of Web3 architecture as a set of layers stacked on top of each other:

• Layer 0 represents the underlying infrastructure that houses nodes, data storage, communication between blockchains, and consensus.

• Layer 1 is the platform layer specific to a particular blockchain. Ethereum is a platform layer that enables all layers on top of it through EVM and smart contracts.

• Layer 2 is the scalability layer where we can find optimistic rollups or ZK-proofs. These are solutions that scale layer 1 and enable faster transactions.

• Finally, layer 3 is home to decentralized applications (OpenSea, Uniswap, MetaMask). These are applications that are based on and communicate with layer 1s. They are the frontend of the blockchain and the main way most users interact with Web3 and the underlying infrastructure.

Note: Make sure to watch the video for a guided walkthrough of the Web3 architecture in the browser.

Keywords for layer 0: infrastructure, protocol, nodes, communication, interoperability.

Layer 0 contains infrastructure, i.e. the network of nodes - computers and servers

It also contains protocols. Protocols are responsible for data transmission between the nodes and are based on a specific set of rules. You can imagine these protocols to be like HTTPs.

Note: a compilation of many smart contracts is often referred to as “protocols.” Be mindful to know the difference between the two.

Layer 0 ensures cross-chain interoperability, defines rules of cross-chain communication, and provides resources for consensus mechanisms.

Some examples of layer 0s include Polkadot, Cosmos, or Avalanche.

The most popular layer 1 blockchains are Ethereum or Bitcoin.

Layer 1s are self-sufficient - they don’t need layers 0, 2, or 3 to function. For example, Bitcoin can simply function as a p2p electronic cash without having any applications on top.

Layer 1s store transaction history and state changes. This is where blocks get validated and consensus gets executed.

Layer 1s like Ethereum also store smart contracts and enable decentralized applications.

Layer 1s are typically to be secure, self-sufficient, decentralized, and permissionless.

The blockchain trilemma describes a problem that many blockchains encounter, which is the need to balance the pillars of decentralization, security, and scalability. Typically, blockchains can only achieve two and compromise on the third.

• Decentralization means there’s no central authority or intermediaries in the network. It is the foundational value that underlines Web3.

• Security in blockchain networks gets higher if the network is more decentralized, especially in PoW systems.

• Scalability describes the ability of the network to allow for a high number of transactions per second while achieving a low cost per transaction.

All three pillars directly impact each other. For example, Bitcoin is decentralized and secure but is not scalable or fast. Ethereum is decentralized and secure, but can’t achieve scalability in layer 1. Instead, we use layer 2s to bring scalability to Ethereum.

A more centralized network would allow for higher scalability, but would compromise security, which is why most blockchains opt for a combination of decentralization and security.

Layer 2 is the scalability layer - the layer that aims to solve scalability in blockchains that are decentralized and secure, thus resolving the blockchain trilemma.

Layer 2s are typically sidechains or rollups. They increase the computational capacity of layer 1s, move heavy computations off-chain, and increase scalability.

• Sidechains are independent blockchains built on top of layer 1 which can use their own consensus mechanisms and block requirements.

• Rollups are solutions that batch transactions off-chain and then execute them as a single transaction on layer 1. There are optimistic and zero-proof rollups.

  • Optimistic rollups are so-called because they assume an “innocent until proven guilty”, or fraud-proof, approach to processing transactions.

  • The zero-knowledge proofs are a method by which one party can prove to another that a given statement is true, without giving any additional information or explanation on how it was verified.

Some examples of layer 2s: Polygon, Optimism, or Arbitrum.

Ethereum is working on combining sharding with layer 2s to enable secure scaling of the network.

Note: Layer 2s are being actively developed. Head on to Module 6 to learn more about layer 2s and ZK proofs from the companies building these solutions.

If we draw a parallel with Web2 architecture, we can say layer 3 is the frontend of Web3. It contains decentralized applications that communicate with the blockchain.

Layer 3 sends and receives information from the blockchain, and the blockchain acts as both the server and the database.

Usually, dApps are built through smart contracts and are independent of the platform but have to conform to its rules.

A huge advantage dApps have over Web2 applications is that they’re composable: as long as the dApps are hosted on the same blockchain platform, developers can mix and match different smart contracts and dApps to build new ones.

Some popular layer 3 dApps include Uniswap (a decentralized exchange), MetaMask (a non-custodial wallet), or CryptoKitties (a game built on Ethereum).

Layer 3 opens the blockchain to non-technical users and makes it easier to interact with the blockchain.

In this module, we learned about Web3 architecture and how it compares to Web2. We discussed different layers that come together to create the Web3 ecosystem.

As this module is more technically complex, feel free to go over the videos as many times as needed and use further resources. If you have any questions, join us in a Discord channel dedicated to students.

Feeling confident? Go on and take the quiz that sums up Module 3!

A smart contract is a self-executing contract with the terms of the agreement between peers directly written into lines of code.

Smart contracts are accessible; anyone can read a smart contract and anyone can write a smart contract and deploy it to the network. They are also self-executing; after predefined conditions have been met, the contract executes an action without any involvement from an intermediary.

Smart contracts are also irreversible; once deployed to the blockchain, a contract can’t be updated or removed. If developers want to fix the contract or change it, they have to deploy a new contract and simply stop using the old one.

Some benefits of smart contracts: secure, trustless, autonomous, cost-effective, interruption-free, and fast performance.

Smart contracts are predefined and then coded: terms and conditions are agreed upon by all involved participants. The contract executes when a specific, predefined event occurs. The event triggers a chain of action and the contract executes automatically, giving a predefined result in response to a particular event.

Smart contracts have addresses on the blockchain and their code is open to read if you’re using block explorers like Etherscan.

Smart contracts are typically written using Solidity, but there are other smart contract languages, such as Vyper, Cairo, or Rust.

Solidity is a high-level programming language that can be used for designing and writing smart contracts. It’s built with a strong influence of C++, Javascript, and Python.

When coding in Solidity, you’ll encounter different value types, such as integers, booleans, addresses, and enumerables. Integers represent numerical values, booleans is a data type that has one of two possible values (it can be either true or false), addresses represent the location of contracts and users on the blockchain, and enumerables are the user-defined data types that restrict the variable to have only one of the predefined values.

• A variable in Solidity acts as code storage: a temporary or permanent container used to store values within code. Variables are handy because you can hide a lot of data behind a single word and you can easily reuse variables throughout the program.

• Conditionals are “if statements” that define different outcomes and possibilities of code execution. The different actions depend on predefined conditions which are validated in the code.

• Functions represent encoded behavior: they are reusable batches of code that are meant to accomplish a specific task. Functions usually take input, perform calculations and actions, and return a value.

Note: Make sure to watch the video for a coding exercise. We’re building a simple contract using Remix. The exercise will help you contextualize the basics of Solidity and it’s useful even if you’re not a programmer.

In Web2, API is an Application Programming Interface - a solution for two or more computer programs to communicate with each other. It’s easy to read for a user, however, it does not provide information on how the backend works.

In Web3, ABI is an Application Binary Interface - an interface between two binary program modules. Difficult to read for the user, but with the right tools provides all the details about what a smart contract does.

The main difference between an API and an ABI is that an ABI reveals the backend logic of an application.

Note: Make sure to watch the video for a walkthrough of an API and an ABI to better understand the main concepts, use-cases, and differences between the two.

In a blockchain ecosystem, a testnet is a tool that mimics the original network. Testnets are used for experimenting and testing contracts before deploying to the main network (mainnet).

• Interacting with the testnet does not have any effect on the real blockchain.

• Developers can use testnets to test their code, and users can simulate operations and transactions.

• Some popular testnets in Ethereum are Goerli, Ropsten, and Rinkeby.

Testnets have their own cryptocurrency which mimics the original currency of the original blockchain. Cryptocurrency cannot be transferred from the testnet to mainnet and vice versa.

Did you know?

Before the Merge was implemented on Ethereum mainnet, developers launched the update on all the main Ethereum testnets. In doing so, they were able to fix the bugs before the official launch and ensure that the Merge on the mainnet went as smooth as possible.

ERC stands for Ethereum Request for Comments and represents a document that developers use to write smart contracts on Ethereum blockchain. It describes the rules that Ethereum-based tokens must comply with.

EIP stands for Ethereum Improvement Proposal - a process in which an ERC is reviewed.

ERC-20 is a technical standard for fungible (interchangeable) tokens created using the Ethereum blockchain.

ERC-20 allows different smart contract tokens to be exchanged - those that are not unique but can be transferred. ERC-20 is used as a base of creation for fungible tokens on Ethereum and represents a standard that makes composability possible.

Note: Make sure to watch the video for a walkthrough of an ERC-20 contract and the EIP process.

NFT stands for a Non-Fungible Token - a unique digital token that cannot be copied, substituted, or subdivided.

NFTs are unique - there is no other copy existing in the digital space. An NFT can be an image, audio, video, or representation of a real-life item, a tweet, or any other unique digital object.

An NFT is created through a smart contract, and we can trace its creator, current owner, storage location, and history of ownership.

NFTs are created through two standards: ERC-721 and ERC-1155:

• ERC-721 is a foundational standard describing how to build non-fungible tokens. It describes the minimum interface a smart contract must implement to allow NFTs to be managed, owned, and traded.

• ERC-1155 is a standard for a contract used to manage multiple tokens. That means that a single contract may include a mix of different token types: fungible, non-fungible, or semi-fungible. This standard reduces transaction and storage costs.

NFTs are stored on the blockchain as tokens, but digital assets NFTs represent can be stored either on a blockchain or through the cloud or IPFS. Storing big files on the blockchain is quite expensive, so many projects opt for off-chain storage.

IPFS stands for InterPlanetary File System - distributed system for storing and accessing files, websites, applications and data.

Launching an NFT project involves building a minting page, infrastructure, the art algorithm, and the smart contract itself. Surge used ERC721A implementation to reduce gas fees for batch minting.

The Surge Passport NFT gives you access to the Perks Dashboard which is continuously enriched by new services, discounts, and other opportunities.

Leveraging NFTs as utility tokens has proven to be one of the best ways to use this technology.

Note: Make sure to watch the video for a walkthrough of using Premint to claim NFT perks.

DAO stands for a Decentralized Autonomous Organization - a form of an organizational structure without a central entity whose members share a common goal to act in the best interest of the entity. Decisions are made in a bottom-up management approach.

DAOs require participation: token-holders participate in the management and decision-making of the entity and decisions are made through a voting mechanism.

DAOs rely on logically coded agreements stored in smart contracts. Code is executed as a result of voting.

The DAO concept encourages people from all over the world to come together and create a community that builds the organization together. Investing in an organization’s token gives the power to take part in the governance.

DAOs have some limitations, namely speed, education, and inefficiency. Allowing all entitled members to vote for the proposal takes much longer than a single CEO’s decision-making process would take, making DAOs a bit slower than hierarchical organizations.

DAOs have to educate their members about the current state of the organization and the pending activities, which can prove challenging when it comes to voting.

The time-consuming decision-making and differences in members’ education result in longer time spent on discussions rather than implementations.

• Watch the video for a walkthrough of a voting smart contract a DAO might use. We explain how voting works on the protocol level.

In this module, we learned about smart contracts, Solidity, ABI, testnets, ERC standards for fungible and non-fungible tokens, and DAOs. We also did coding exercises and walkthroughs through smart contracts.

As this module is more technically complex, feel free to go over the videos as many times as needed and use further resources. If you have any questions, join us in a Discord channel dedicated to students.

Feeling confident? Go on and take the quiz that sums up Module 4!

Authentication is the process of proving your identity to a client or a server. Usually, authentication entails the use of a username and a password.

In Web2, there are many different ways to authenticate your identity. Most websites will ask for your email and password. With some, you can add a username to the email + password combination. These days, many websites also allow you to login through your Google, Facebook, or Apple accounts.

The issue with Web2 authentication is that it’s inconvenient to try and maintain so many different identities. You shouldn’t use the same password everywhere, so password management becomes more complex. And if you choose to login via intermediaries like Google, Facebook, or Apple, you’re providing way more personal data than you might be comfortable with.

In Web3, you can use the same identity across all dApps built on the same platform. What constitutes identity and authentication in Web3?

Typically, your identity is defined by your public key, while your private key serves as authentication.

Considering that, your wallet becomes the only thing you need to login across all the dApps on Ethereum, for example. In case of authentication through a blockchain wallet, you don’t need to remember a username and a password for each application - you always login in the same way, by connecting your wallet and signing a transaction. However, you do need to maintain security when it comes to wallet access, i.e. you need to keep your seed phrase safe as this is the only way to access, control, or recover your wallet and therefore your Web3 identity.

Because maintaining a wallet can be difficult for newcomers in Web3, there are some services that are building products to standardize Web3 authentication. One of those is Sign In With Ethereum (SIWE), a decentralized form of authentication that enables you to control your digital identity with your Ethereum account and ENS profile instead of relying on centralized providers.

There is also Ethereum Name Service (ENS): a distributed, open, and extensible naming system based on the Ethereum blockchain. You can buy an ENS username as an NFT and it serves as your Web3 username. ENS maps human-readable names like benny.eth to computer-readable identifiers like an Ethereum address.

Note: Make sure to watch the video to see how SIWE authentication looks in action.

Symmetric cryptography, also known as secret key cryptography, is a method of encrypting data where the same secret key is used to encrypt and decrypt the data. This means that anyone who has the key can both encrypt and decrypt the data. Symmetric cryptography is fast and efficient, but the key must be shared securely between the sender and the receiver, which can be difficult to do in practice.

Asymmetric cryptography, also known as public key cryptography, is a method of encrypting data where a pair of keys are used: a public key and a private key. The public key is used to encrypt the data, and the private key is used to decrypt it. The public key can be shared with anyone, while the private key must be kept secret. Asymmetric cryptography is more secure than symmetric cryptography, but it is also slower and more resource-intensive.

The Rivest-Shamir-Adleman (RSA) algorithm is an algorithm for public-key cryptography, which was invented by Ron Rivest, Adi Shamir, and Leonard Adleman in 1977. It is one of the most widely used algorithms for secure communication over the internet.

A public key is used in conjunction with a private key to prove identity and ownership online. The public key consists of a long string of numbers or letters that is unique to the owner. It is used to encrypt messages that are sent to the owner. When a message is encrypted with the public key, it can only be decrypted with the corresponding private key.

A private key is a secret, unique string of numbers or letters that is used to decrypt messages that have been encrypted with a corresponding public key. It is kept secret by the owner and must never be shared with others.

A seed phrase is a mnemonic phrase consisting of 12 or 24 words. It’s an encrypted version of your private key that can be used to recover your wallet.

A public address is a shorter form of your public key that can be shared with anyone and is used as your recipient address on the blockchain.

There are two main types of accounts in Ethereum: externally owned accounts and contract accounts.

• Externally Owned Account (EOA): These are accounts that are controlled by a private key and are owned by a person or entity. EOAs can be used to send transactions and interact with smart contracts on the Ethereum network.

• Contract Account: These are accounts that are created and controlled by smart contracts. They are self-executing contracts with the terms of the agreement between buyer and seller being directly written into lines of code. Contract accounts can have their own code and can store data on the Ethereum blockchain. In contrast to EOAs, a contract account can only send a transaction in response to receiving one.

A transaction is a cryptographically signed instruction sent by an EOA which in turn updates the state of the blockchain network. A simple transaction would be transferring ETH from one account to another.

A transaction is also serialized on the blockchain, generates gas fees, and updates the state of the network.

Messages are similar to transactions but can be sent from both an EOA or a contract account. They’re not serialized, which means they exist only in the Ethereum execution environment. Messages don’t generate gas fees. Messages are used to trigger code execution.

A crypto wallet is a tool for generating and storing your private and public keys. It allows you to store, manage, and trade your cryptocurrencies and other digital assets. Wallets are free to create and are linked to your EOA.

There are different types of wallets, namely custodial and self-custody, hardware, software, or paper wallets, as well as multi-signature wallets.

Note: Make sure to watch the video to see how wallets work in action.

• Non-custodial crypto wallet: a wallet where the user holds the private keys, meaning the user is in control of their funds and does not need to trust a third party. Examples include MetaMask, Phantom, etc.

• Custodial crypto wallet: a wallet where the private keys are held by the wallet provider, meaning the user must trust the provider to keep their funds safe. Example: wallets at centralized exchanges.

• Hardware (cold) crypto wallet: a physical device, such as a USB, that stores and generates users' private keys offline.

• Software (hot) crypto wallet: a digital wallet that is accessed through an app or computer program and generates and stores users’ private keys online.

• Paper crypto wallet: a type of cold storage method that involves printing a user's private keys and public address onto a piece of paper. The paper wallet can then be stored in a secure location as a backup.

• Hardware wallets are considered the most secure as the keys remain offline and thus are impervious to hacks. However, a hardware wallet is not foolproof: you still need to be mindful of scams and losing your private keys.

A multi-signature wallet is a type of crypto wallet that requires two private key signatures to execute transactions.

Multi-sig wallets are very popular as a tool for DAO treasury management, but can also be used by any groups or individuals.

Creating a multi-sig wallet is not much more complicated than creating a single-sig wallet. All participants need to have access to the master public key to take part in the management of the funds.

Multi-sig advantages: mitigates risk by forcing two or more signatures for every transaction, not dependent on one party or device only, allows for joint asset management, ideal for governance.

Multi-sig disadvantages: submitting transactions takes more time, it might be difficult to come to an agreement in bigger groups, transactions are bigger and cost more.

A blockchain transaction is a transfer of value between two parties that is recorded on a blockchain network. It consists of three parts: an input (the source of the funds), an output (the recipient of the funds), and a digital signature that verifies the transaction.

A digital signature is a mathematical technique used to verify the authenticity and integrity of a transaction, message, software, or digital document. It is generated using a private key, which is kept secret, and a public key, which is made available to others. The digital signature can be used to verify that the sender of the message is who they claim to be and that the message has not been altered during transmission.

A signed transaction is broadcast to the blockchain and cannot be reversed. A digital signature always has the same length but the content of that string differs for each transaction.

When signing a transaction you are authorizing a specific action in your name. Make sure you know what happens when you sign a transaction!

The most common hacks include under and overflow attacks, reentrancy attacks, and abuses of the ‘approve’ function.

• Underflow and overflow attacks in blockchain involve manipulating the data stored in a smart contract to create unintended results. An underflow attack involves decreasing a value below its intended minimum, while an overflow attack involves increasing a value beyond its intended maximum. These attacks can be used to steal funds or disrupt the operation of the smart contract.

• A reentrancy attack in blockchain involves exploiting a vulnerability in a smart contract to repeatedly call an external function and execute malicious code. This can allow an attacker to drain the contract's funds or disrupt its operation.

• The approve function in a smart contract is used to allow another address to spend a specified amount of tokens from the contract owner's account.

If a malicious actor can gain access to the approve function, they can set the approved amount to a high value and then quickly call the transferFrom function to transfer the tokens to their own account before the contract owner has a chance to set a lower approved amount. This can allow the attacker to steal the contract owner's tokens.

Phishing email campaigns encourage you to click a malicious link and then sign a transaction which is calling the approve function to allow the attacker to use your funds.

Attackers can also try to prioritize their withdrawal transactions if they notice their token allowance has been queued for an update.

Note: Make sure to watch the video for a detailed explanation and code examples of common blockchain hacks.

Financial freedom means taking responsibility for your financial assets. Always protect your seed phrase: this is your only backup to restore access to your funds. Keep it offline (don’t take pictures of it) and write it down in multiple places.

If you want to interact with one of the dApps you are using, always open them by typing the URL yourself or by using a saved bookmark. Never open the links or click buttons you received via a message or an email!

Browser extensions like MetaMask will warn you against certain domains which they have labeled as malicious.

Use MFA: multi-factor authentication will protect you from someone who is trying to impersonate you. When you use MFA, every action you take requires you to confirm your identity on a minimum of two different tools or devices.

Whenever you are signing a message or a transaction, make sure to read it from top to bottom. Pay attention to the amount transferred, the address receiving the transfer, and the message details.

In this module, we learned about authentication, public and private keys, Ethereum accounts, messages and transactions, different types of crypto wallets, digital signatures, hacks, and crypto security.

This wraps up our course! Hope you learned a lot and had fun. If you have any questions, join us in a Discord channel dedicated to students.

Feeling confident? Go on and take the quiz that sums up Module 5!

Congratulations, you just successfully completed the “Web3 Stack - Crypto Infrastructure Behind the Scenes” course!

It’s been great to be on this journey with you and we can’t wait to hear what you’ve learned. Feel free to jump into our Discord to ask questions or share impressions. We’re also on Twitter and would appreciate hearing your thoughts on the course there.

Ready to dive in deeper? Move on to Module 6 - Deep Dives into Web3 Tech for breakdowns of emerging tech and lectures from top Web3 organizations. We’ll be updating this module throughout the year so keep an eye out for new lectures.

Walkthrough Loom video
The walkthrough video is a ~45min face+screen recording explaining the Canvas in more depth. Near the end of the walkthrough there is a demo of what it's like to sign messages with a wallet (backbone of verifiability for off-chain interactions) for learners to tangibly see how signatures are generated and how they are verified.

Guided FigJam canvas
The canvas is an open whiteboard for organizing the ideas and thinking process. Visual aids such as product screenshots, diagrams, and visual examples guide each section and are accompanied by sticky notes to annotate the concepts. The materials are intended for an audience that is web3 familiar (aware of wallets, smart contracts, and NFTs) and fills in context about the purpose of our protocol, how it interweaves will user wallets, produces on-chain activity, and enables other applications to consume this on-chain activity.