100 Days of Web3 (Days 21-30)

I am officially through 30% of the 100 days of Web3 challenge, and I’m really enjoying it! In the first 20 days, it was easier to find the time for learning, because I was on vacation. However, it was a bit more challenging to find the time once I returned to work. I think I got better at it as the days went by.

Day 21

The day before, I had implemented an ERC-1155 contract used to represent power-ups in a game, and I also created a marketplace contract for purchasing the power-ups. I integrated the ERC-1155 and marketplace contract into the game by implementing an interface to allow a user to buy one of three types of power-ups in the game. I also modified the game to behave differently based on whether the user possessed the power-up tokens in their MetaMask wallet. Overall, the game programming course was an eye-opening experience as to how Web3 will influence gaming.

Day 22

I came across a couple of very interesting videos on the Moralis YouTube channel related to decentralized finance (DeFi). I watched them and followed along with the coding exercises. It was in one of these videos where I learned about flashloans which really left me awestruck as to the true potential of Web3 and blockchain technology. Flashloans let you borrow massive amounts of money (in crypto) with zero collateral and very low fees. The fascinating thing about flashloans is that they are risk-free because they are guaranteed to be paid back within the same transaction. They are really useful for arbitrage and performing liquidation of collateral in DeFi protocols. Following along with the exercises in these videos, also gave me my first hands-on experience with the Avalanche blockchain.

Day 23

Having become very curious about decentralized finance, I started with the DeFi course at Moralis Academy. In the first part of the course I learned about the history of DeFi including about Maker DAO, one of the first and biggest DeFi protocols. Maker DAO is responsible for the creation of the most popular decentralized stablecoin called Dye. I also learned about the inspiration behind DeFi such as making financial systems more transparent, fair, accessible and efficient.

The DeFi course was more general and not really targeted towards developers, and since I like to do something hands-on each day, I started with this NFT tutorial below:

Day 24

I completed the NFT tutorial I had started on the previous day. Although I had already created NFTs when I created a CryptoKitties clone a couple weeks before, this tutorial also involved creating the metadata for the NFT and listing the collection on OpenSea with a testnet. However, we didn’t host the metadata on IPFS as is the standard with NFTs. I’ll have to learn more about IPFS at some point in my Web3 journey. I also continued with the Moralis Academy DeFi course, and learned about the risks of DeFi including security risks due to technical vulnerabilities and governance risks,

Day 25

I learned a lot more about DeFi including about how the AAVE and Compound protocols allow for the borrowing and lending of tokens. I used both Aave and Compound on the test networks to experience how borrowing and lending works. I also learned about the various stablecoins that are out there including the USDT, USDC, TerraUSD, TrueUSD and Dye. A lot of these stablecoins are centralized and run contrary to the spirit of DeFi, but they are widely used because of their convenience and stability. I also learned about how to use bridges. Bridges allow for the transferring of tokens between blockchains. In the course we went through two examples, where we sent ether to the Polygon chain and to the Binance Smart Chain.

After completing the course, I learned about a different pattern of creating upgradeable smart contracts through a video from OpenZeppelin. This design pattern is called universally upgradeable proxy standard (UUPS). This is in contrast to an earlier method of upgradeablility I had learned earlier which is known as the transparent contract standard. UUPS is more gas-efficient in its operations because it removes the need to make certain checks which access storage. UUPS places the upgrade function on the implementation contract rather than on the proxy contract.

Day 26

By this point, I had completed eight different courses at Moralis Academy, and it was time to start learning from a different source. I had come across the EatTheBlocks YouTube channel in the past and was impressed by Julien’s knowledge and understanding of Web3 development. The EatTheBlocks website had at least three courses I was interested in, so I signed up for a monthly subscription.

I decided to start with the Smart Contract Security 101 course which is the newest course on the platform. I already knew part of the course material including about reentrancy, overflow and access control vulnerabilities which I had learned from a previous course. However I also learned about some vulnerabilities I wasn’t aware of such as misusing tx.origin, denial of service, exploiting upgradeable contracts, weak randomness and replay attacks.

Day 27

I continued the security course and learned about more vulnerabilities. I found it particularly interesting how miners can reorder transactions in order to cause security problems. As a final project for the course, we were asked to examine the code of a pair of smart contracts, an ERC-20 token and a very basic decentralized exchange. We had to write tests for each of the functions in the contracts, identify the vulnerabilities and fix them. It was a relatively straight-forward exercise, but it served as a good way to review what we learned about the different security threats and how to protect against them.

After completing the course, I watched one of the live training videos for smart contract security on the EatTheBlocks site. It mostly reviewed what I had already learned, but I also learned that Solidity can only handle a stack limit of 1024 function calls and this is something that could potentially be exploited.

Day 28

I watched another one of the live training videos on the EatTheBlocks site related to smart contract auditing. The instructor was a cybersecurity expert and seemed well-versed in smart contract security. A couple of particularly useful takeaways were using the slither tool for static code analysis and using Mythx for dynamic code analysis to discover security issues.

Next I decided to take the DeFi Development Mastery course on EatTheBlocks. In the first part of the course, I just followed along as Julien explained various concepts and showed simple code examples of each including wrapped ether, collateral-backed tokens, stablecoins, liquidity mining, staking, yield farming and DAOs. I found the yield farming part particularly interesting. I learned about three different yield farming strategies including crop-rotation, recursive yield farming and leveraged yield farming.

Day 29

After going through the code examples of the basic DeFi concepts, we began to create a smart contract to integrate with the Compound Finance protocol. I created a smart contract which would allow us to deposit tokens into Compound, effectively lending them. I also created functions to enable the deposited tokens to be used as collateral, to borrow tokens against that collateral, to pay back the borrowed tokens and finally to redeem the lent tokens along with interest. It’s fascinating how DeFi protocols can be built by integrating with other existing protocols.

The next project in the course was to build a dashboard web app which would display the APY of lending tokens to Compound including the APY from interest and the APY from the COMP tokens earned. I used Web3.js and Next.js along with React to build the dashboard.

Day 30

The third project of the DeFi development course from EatTheBlocks was a yield farming project. I wrote a smart contract which had functions to open a position and close a position. Opening a position involved taking a flashloan from dYdX, depositing all the loaned tokens in Compound, borrowing from Compound using the deposited tokens as collateral and then using those borrowed tokens to payback the flashloan from dYdX. To close a position, the contract would once again take a flashloan from dYdX, pay back the borrowed tokens from Compound, withdraw the lent tokens from Compound, and then use those to pay back the flashloan. It’s quite a mind-bending process, but yield farming can get much more complicated than that.

The final project of the course was to build a DeFi wallet which automatically invests the tokens you put in it by lending them to Compound. This was a simple project compared to the yield farming one and used the same functions to interact with the Compound protocol. The DeFi Development Mastery course, had a lot of great content general DeFi concepts and walked me through some interesting ways to integrate with existing protocols. It definitely solidified my interest in DeFi.

Summary

The hundred day challenge has been going really well so far. It seems I’m learning more advanced material as I progress through it. In these last ten days, I learnt a lot about DeFi including about various protocols such as Compound, Aave and Dye, as well as DeFi concepts such as flashloans and yield farming. I also learned more about smart contract security threats and many other lessons such as the UUPS pattern for upgradeability, NFT metadata and integrating with ERC-1155 tokens. I’m particularly interested in learning about DAOs now, as that’s something I haven’t covered much so far.