Ethereum

An Introduction
The Ethereum Architecture
› “Ethereum is designed to be a
general-purpose programmable Block 1 Block 2 Block 3
blockchain that runs a virtual
machine capable of executing code of
arbitrary and unbounded complexity.” Consensus Layer

› “The currency ether is intended as a

Smart contract
utility currency to pay for the use of
the Ethereum platform as the world Miner /
computer.” Validator

Transaction pool

Node
Accounts
Contract account & Externally-owned account
UTXO vs Account Model

https://ethereum.stackexchange.com/questions/15
288/ethereum-merkle-tree-explanation/15294
Account-based Model
› Similar to how we work in the traditional banking world. Each account has states
before and after a transaction takes place.

Example:
https://etherscan.io/tx/0xe75277702021aef3473910b
0c61c73e4e9ce1d4f8dfb9e605c674f7f63025250
Account-based Model
› The Ethereum blockchain is a record of:
– Transactions
– Account states and smart contracts

› Full state (record) of the Ethereum blockchain

is approximately 5,200GB ~ 5.2TB
– https://etherscan.io/chartsync/chainarchive

› Full node sync (with pruning) is approximately

500GB
– https://etherscan.io/chartsync/chaindefault
Two types of Accounts in Ethereum
Externally owned
account (EOA)
Private Key
Functions similarly to a Bitcoin address.
Has a private key that controls usage of
ethers in the EOA.
https://etherscan.io/address/0x2d459020fed0d0
eee8150de96c5b0d827f9d38a5
Contract account
(CA)
Contains smart contract code. No public or
private key.
Invoked by transaction; invoked contract
can invoke another contract, causing a
chain of effect
https://etherscan.io/address/0xf0155486a14539f
784739be1c02e93f28eb8e960
EOA to EOA

*Ethereum runs Proof-of-Stake (PoS) now instead of Proof-of-Work (PoW). Miners are now validators.
EOA to EOA

*Ethereum runs Proof-of-Stake (PoS) now instead of Proof-of-Work (PoW). Miners are now validators.
EOA to CA
Smart Contract
The Ethereum Architecture
› “Ethereum is designed to be a
general-purpose programmable Block 1 Block 2 Block 3
blockchain that runs a virtual
machine capable of executing code of
arbitrary and unbounded complexity.” Consensus Layer

› “The currency ether is intended as a

Smart contract
utility currency to pay for the use of
the Ethereum platform as the world Miner /
computer.” Validator

Transaction pool

Node
Smart Contract Example
Turing Completeness

https://www.youtube.com/watch?v=dNRDvLACg5Q
Smart Contract Example

• Smart contracts are deployed onto the blockchain from an EOA.

• A smart contract has its own CA once deployed; this CA is linked to the deploying EOA.
• Smart contracts are invoked via a transaction originating from an EOA; all miners must run
the invoked smart contract to obtain the state after contract execution.
Smart Contract
› Written in a language called Solidity

› Takes an input (formatted as string)

and assigns it to the variable
message.

› The function “update(string memory

newMessage)” allows users to
change the message to a new one.

› To change the message:

– Call function update()
– Supply the new message
– Code the above information in a
transaction
Ethereum Virtual Machine
› Solidity compiler:
– Compiles smart contract written in Solidity into bytecode. A language that is
understood by our computers.

› Ethereum Virtual Machine (EVM):

– Executes the bytecode.
– Stack-based.

› Each miner/staker runs a local copy of the EVM to validate contracts.

17
Ethereum Virtual Machine
Example of bytecode: https://etherscan.io/address/0xf0155486a14539f784739be1c02e93f28eb8e960#code

18
The Halting Problem
There is no way for a computer program to
determine if it will ever stop executing.
If there is such a program, the halting problem would not even exist.
The Halting Problem
How do we determine if a code would ever stop executing?

› In Ethereum, every (validating) node must validate every single transaction

by running the smart contracts invoked by the transaction to obtain the
state after the contract execution.

› If a smart contract does not terminate, the network will come into a stand
still.
What is Gas? A metering mechanism to ensure that smart
contracts will stop execution eventually.

› A smart contract is a piece of code. Every instruction in a smart contract will

consume some amount of Gas.

https://etherscan.io/address/0xdac17f958d2ee523a2206206994597c13d831ec7#code
What is Gas?

Example of a simple token transfer transaction that consumes 21000 gas:

https://etherscan.io/tx/0xe75277702021aef3473910b0c61c73e4e9ce1d4f8dfb9e605c674f7f63025250
Gas
› Control the amount of resources that a transaction can use

› The open-ended (Turing-complete) computation model requires some form of metering in

order to avoid denial-of-service attacks or inadvertently resource-devouring transactions.
Gas is separate from ether in order to protect the system from the volatility that might
arise along with rapid changes in the value of ether, and also as a way to manage the
important and sensitive ratios between the costs of the various resources that gas pays
for (namely, computation, memory, and storage).
– Antonopoulos, Andreas M.; D., Gavin Wood Ph.. Mastering Ethereum (Kindle Locations 2517-
2521). O'Reilly Media. Kindle Edition.

› ETH/USD and GAS/ETH markets

https://medium.com/sunnya97/understanding-ether-vs-gas-82ce2f1dc560
What is Gas?

› A transaction must specify the maximum amount of gas the sender (the person
who invokes the smart contract) will use to run the smart contract (gasLimit).

› The amount of gas consumed by a smart contract is called the gasFees.

› The sender also needs to specify how much he is willing to pay for one unit of
gas (gasPrice).

› The higher the gasPrice, the faster the transaction will be included in the
blockchain.

› Transaction fees = gasFees x gasPrice.

https://ethgasstation.info/index.php
Gas
› What if you did not specify enough gas to complete the contract
execution?
– Out-of-Gas exception: Contract execution terminated; Gas given to miner
https://etherscan.io/tx/0x229212224c1970a06b04649944b5905d9a7f734d557274f4d3d40b9d5ff60c38

› What if you specified too much gas for the contract execution?
– Unutilised gas refunded to the sender

› Who estimates the amount of gas for you?

– Your wallet
Transaction
 Two types of Transactions

Invoke transfer • A simple transfer of ethers from user A to user B

Invoke smart contract • Runs a smart contract and execute the contract code
Structure of a Transaction
Nonce • Keeps track of the number of transaction originated from the sender

gasPrice • Price of gas that the sender is willing to pay

gasLimit • Maximum amount of gas that the sender is willing to use for this transaction

Recipient • Address of the transaction recipient

Value • Amount of ether to send

Data • Variable length binary data payload

v, r, s • Sender’s (elliptic curve-based) digital signature on this transaction

Recipient, Value, and Data
› Recipient can be EOA or CA; Value and/or Data can be empty

Transaction No data Has data

No value Waste of Gas Recipient: EOA

May not have effect
Recipient: CA
Contract invocation (invokes the function
specified in the data)

Has value Recipient: EOA Recipient: EOA

Ether transfer Ether transfer; data could be ignored
Recipient: CA Recipient: CA
Depend on contract; Ether transfer or deposit and contract
can be a deposit invocation
Examples of Transactions
› Simple ether transfer:
https://etherscan.io/tx/0xe75277702021aef3473910b0c61c73e4e9ce1d4f8dfb9e60
5c674f7f63025250

› Invoke a contract with input data:

https://etherscan.io/tx/0x65b4a3f3a6655254bb92d946f937227514bc6a5d505240da
1721eaab3a7931b9
– Call the function you wish to invoke by calculating
Keccak256(function_name(input_type))
– Take the first 4 bytes of the hash value
– Followed by 32 bytes of data for the input(s) to the function

*Keccak256 is a hash function

Examples of Transactions
› Invoke a contract with input data:
https://etherscan.io/tx/0x65b4a3f3a6655254bb92d946f937227514bc6a5d505240da1721eaab3a7931b9
– Call the function you wish to invoke by calculating
Keccak256(function_name(input_type))
– Take the first 4 bytes of the hash value
– Followed by 32 bytes of data for the input(s) to the function

If the function to be invoked is “withdraw(uint256)”, the sender calculates:

Keccak256(withdraw(uint256))
Keccak256() is the hash function used in Ethereum
…and take the first 4 bytes of the hash value: 0x2e1a7d4d

If the withdrawal amount is 0.01 ether (0x2386f26fc10000), the data will be:
2e1a7d4d000000000000000000000000000000000000000000000000002386f26fc10000
Ethereum Consensus
Proof-of-Work; transitioned to Proof-of-Stake in 2022
Consensus
› Proof-of-Work using Ethash – a memory-hard consensus protocol.
• Initial size ~ 1GB
• Updated every 30,000
› A high-level overview: blocks (~ 125 hours)
– Compute a seed by hashing the previous seed.
› First seed is a hash of 32 bytes of zeroes.
– Compute a pseudorandom cache from the seed.
– Generate a dataset from the cache.
– Keccak256(block header + nonce).
– Use the above value to select a slice in the dataset.
– Hash the slice, block header, and nonce, and check if the resulting hash value satisfies
a difficulty level.

› Successful miners will receive ethers as mining reward in addition to the gas
fees.
The Ethash Algorithm
› Notice that Ethereum block header
hashes displayed in the explorer do
not need to start with zeros.

› Bitcoin:
hash(block header, nonce) < TARGET.

› Ethereum:
Ethash(hash(block header), nonce) <
TARGET.

https://etherscan.io/block/0x93863ebda51e7ab6da13de
fabd92d35b0c3ec43b67e7cf04267a1b946ca7031b
Consensus
› Proof-of-Stake: Ethereum 2.0

› A high-level overview:
– Requires users to stake 32 ETH to become a validator in the network.
– Validator can create new blocks with a set of transactions.
– Validators are algorithmically chosen by the beacon chain to propose new blocks.
– The beacon chain manages the validators: registers their stake deposits, issues their rewards and
penalties.
– If a validator isn't chosen to propose a new block, they'll have to attest to another validator's
proposal.
– The beacon chain records the attestations.
– So long as 2/3 of the validators agree, the block is finalised.

https://beaconscan.com/
Ommers/Uncles (retired)
https://etherscan.io/uncles

› Orphan block – VALID block that has not yet become

part of the main blockchain; a block that is received
before the parent block.

› Stale block – block that has a parent but they do not

belong to the valid chain.

› Ommer blocks are stale blocks with parents that are a

maximum of six blocks back from the present block.
Ommers/Uncles (retired)

98
97 is my parent

95 96 97

Parent of 96 Parent of 97 Parent of 98

 97
Ommers/Uncles (retired)

98
97 is my parent
97 is my ommer
(I will include 97)
95 96 97

Parent of 96 Parent of 97 Parent of 98

Ommers/Uncles (retired)
Rb is the current block mining reward
Mining reward =
Number of ommers
𝑅𝑏 + 𝑅𝑏
32

95 96 97 98

Parent of 96 Parent of 97 Parent of 98 97 is my parent

97 is my ommer
(I will include 97)

97
Ommers/Uncles (retired)
Rb is the current block mining reward
Mining reward =
Number of ommers
𝑅𝑏 + 𝑅𝑏
32

95 96 97 98

Parent of 96 Parent of 97 Parent of 98 97 is my parent

97 is my ommer
(I will include 97)

Mining reward = 97
1
𝑅𝑏 + (Ommer block position − current block position)𝑅𝑏
8
Ommers/Uncles (retired)
› Mining reward of 1st ommer is 7/8 of mining rewards.

› Mining reward decreases and becomes zero after seven blocks.

› Each block can have a maximum of two ommers. Miners always build on the
“heavier” chain.
– “Weight” concept (Ethereum) replaces the “length” concept (Bitcoin)

› Transactions in ommers are not included as blockchain information; they are just
there for the selection of the chain that is consensually accepted
Ommers/Uncles (retired)

95 96 97 98 99 100

Parent of 96 Parent of 97 Parent of 98 97 is my parent 98 is my parent

97 is my ommer 95 is my ommer
(I will include 97) (I will include 95)

97 95
Ommers/Uncles (retired)
Let Rb be the current block reward.

› For a normal block, the mining reward is:

Number of ommers
𝑅𝑏 + 𝑅𝑏
32

› For an ommer/uncle block, the mining reward is:

1
𝑅𝑏 + (Ommer block position − current block position)𝑅𝑏
8
Is always a negative value – the further the ommer is
from current block, the lesser the ommer reward will be
Ommers/Uncles (retired)
Why is this necessary?

› Decentralises the network – allow weaker miners who do not discover blocks
that are added to the main chain to also profit.

› The aim is to keep the user base large for security purpose.
The Oracles
Provide external data for smart contract execution
 Creates

Validators

https://etherscan.io/address/0x06012c8cf97b
ead5deae237070f9587f8e7a266d#code
dApps (decentralised Applications)
Webpage interacts with smart contract using
javascript (Web3.JS)

Contract written in
Solidity.

You in front of your laptop/phone viewing a dApp game

(CryptoKitties).

The page layout and information are designed using CSS

and displayed using HTML.

The Ethereum blockchain with smart

contract specifying how CryptoKitties
should work.
Oracles
› To provide external data sources to a smart contract.
– If every node sources from different external data source, how do they agree on a single version
of truth?

› In order to maintain consensus, EVM execution must be totally deterministic and based
only on the shared context of the Ethereum state and signed transactions.

› Hence, Oracles must be trusted (behave honestly) and authenticated (verified identity).

› How to ensure the security of data sources?

– Authenticity proofs – use 3rd party to notarise
– Trusted Execution Environment (TEE) – use trusted hardware
Oracles
› Decentralised oracles:
– Source for results from several data providers
– Aggregates the result

› Decentralised oracles requirements (e.g., Chainlink):

– Reputation score
– Order-matching
– Aggregation
– Registry
Appendix
The Yellow Paper
› A mathematical description of the Ethereum system.

https://github.com/ethereum/yellowpaper
Blocks
Block
› Note: In addition, a block also contains ommer block headers and a series of transactions in ommer block.

parentHash Keccak256 hash of parent block’s header

ommersHash Keccak256 hash of ommers
beneficiary The “coinbase transaction” equivalence of Bitcoin
stateRoot Keccak256 hash of account state
transactionsRoot Keccak256 hash of transactions in the block
receiptsRoot Keccak256 hash of receipts for transactions in the block
logsBloom Bloom filter for transactions
Difficulty PoW difficulty
number Number of ancestor blocks
gasLimit Gas limit per block
gasUsed Gas used by transactions in the block
timestamp Block’s inception time
extraData Arbitrary data (32 bytes or less)
mixHash For PoW
nonce For PoW
Merkle
Patricia
Tree
Block
parentHash Keccak256 hash of parent block’s header
ommersHash Keccak256 hash of ommers
beneficiary The “coinbase transaction” equivalence of Bitcoin
stateRoot Keccak256 hash of account state
transactionsRoot Keccak256 hash of transactions in the block
receiptsRoot Keccak256 hash of receipts for transactions in the block
logsBloom Bloom filter for transactions
Difficulty PoW difficulty A transaction receipt contains:
number Number of ancestor blocks 1. Post-transaction state
gasLimit Gas limit per block 2. Cumulative gas in block after
transaction execution
gasUsed Gas used by transactions in the block
3. Logs created by transaction
timestamp Block’s inception time 4. Bloom filter created from logs
extraData Arbitrary data (32 bytes or less)
mixHash For PoW
nonce For PoW
Bloom Filter
› Bloom filter is a data structure used to check the membership of an element within a set.

› A Bloom filter is a string of zeros and ones. To add an element X into the bloom filter,
apply k different hash functions to X. Based on the result, set the k positions in the Bloom
filter to be ‘1’.

› The length of Bloom filter, selection of k, number of elements to be added will affect the
false positive rate.
Telling you that an element is a member when it is not!
Block
parentHash Keccak256 hash of parent block’s header
ommersHash Keccak256 hash of ommers
beneficiary The “coinbase transaction” equivalence of Bitcoin
stateRoot Keccak256 hash of account state
transactionsRoot Keccak256 hash of transactions in the block
receiptsRoot Keccak256 hash of receipts for transactions in the block
logsBloom Bloom filter for transactions
Difficulty PoW difficulty
number Number of ancestor blocks
gasLimit Gas limit per block
gasUsed Gas used by transactions in the block
timestamp Block’s inception time
An Ethereum block size is limited by the
extraData Arbitrary data (32 bytes or less)
amount of gas that a block can contain.
mixHash For PoW Why?
nonce For PoW
TEMPORARY
FORKS
All nodes has
Block P as the
latest block.
TEMPORARY
FORKS
Left hand side
found Block A as
the next block.

Right hand side

found Block B as
the next block.
TEMPORARY
FORKS
Left hand side
continue to work
on next block
based on Block A
as the “latest”
block.

Right hand side

continue to work
on next block
based on Block B
as the “latest”
block.
TEMPORARY
FORKS
A node on the
Right hand side
found a new Block
X that extends
based on Block B.

All nodes converge

and work on the
more difficult
chain. Block A is
discarded.