Programming Project - Phase 2

I had the same problem, and I found a site on the internet that explained how to solve it: first you need to install git: https://git-scm.com/downloads

Next you need to make sure that there is a corresponding path defined in your environment variables. So you go to your windows settings and enter “environment” into the search line. This will open up the option “Edit system environment variables.” So you choose that option and then, in the window that opens up, click on “environment variables.” In the next window you click on “new” under “system variables” and then, in the window that opens up, you enter “GIT” as the variable name and specify the path “C:\Program Files\git\bin” using “browse” as the variable value. You save it all and then you restart your computer—this is important—without restarting it won’t work—I tried it. When you have restarted your computer, you open the power shell and enter the command git —version. If the version is properly displayed, then you are good to go, if not, then don’t ask me what to do next because I don’t have a clue. For me it actually worked and I was able to migrate my contract, as shown by Filip in the video, except for the fact that I didn’t have any funds on my account.

Hope that helps.

So I am trying to userstand how oracles work using Remix. I got this example from a video on youtube.

It worked when I first deployed it. As in I could check the queries section on Remix and see my query but It would not update the state variable “temperature” . I redeployed it and then tried update again but added funds to it and now I am getting this error message.

"transact to Temperature.update errored: VM error: revert.
revert The transaction has been reverted to the initial state.
Note: The called function should be payable if you send value and the value you send should be less than your current balance. Debug the transaction to get more information. "

I tried with another example and the first time works but if you try to redeploy it you get the same error. Any idea what is going on?

I am using the " Provable - oracle service" Plugin for this.

This is the sample code I’m using.

pragma solidity ^0.4.18;

import "github.com/oraclize/ethereum-api/oraclizeAPI_0.4.sol";


contract Temperature is usingOraclize{
    
    uint public temperature;
    
    
    event NewOraclizeQuery(string description);
    event NewTemperature(string temerature);
    
    
    function __callBack(bytes32 queryId, string result){
        
        
        if(msg.sender !=oraclize_cbAddress())revert();
        NewTemperature(result);
        temperature = parseInt(result);
        
    }
    
    
    function update() public payable{
        
        NewOraclizeQuery("oracilze query was sent waitinf for response...");
        oraclize_query(
            "wolframAlpha",
            "temperature in London"
            
            
            );
        
        
    }
    
    
    
    
}

Thank you for this! Will look into it!

Filip,

I got everything to work, but I cannot get any ether from the faucet sent to my metamask account. It should be really straightforward, but for some reason, it simply doesn’t work. I have specified the correct network, and my account is connected to the faucet website, but the transaction never goes through. There is a transaction hash specified at the bottom of the page, but when I click on it, it says that no transaction with that hash can be found. Do you have any idea as to what the problem might be?

Update: I just solved the problem by going to a different site: https://faucet.ropsten.be/

Okay guys, looks like everything is working pretty good! Here is the code: https://github.com/JExtor/CoinFlipDAPP

Still not styled that good, going to come back and style more once I complete the React course.

Going to deploy the DApp to a webpage within the week so I will link that when I get that set up so anyone can try it out if they want!

Thanks!

check the spelling of temerature

@JeffE
I was able to review your smart contract

1. Nice usage of modifiers which makes the code more re-usable
2. Provable api is well used
3. Great use of events and smart contract is very comprehensively written.
4. Best part, you have used check effect interaction pattern for your smart contract.

Point to remember

1. You could add the SafeMath library and a proxy in the future
2. there is one unused function parameter in function __callback()

All in all, the project is amazing done. Keep it up!

Thank you for this! I appreciate it! I also appreciate all of your help along the way!

Hey everybody, currently have my DApp deployed on aws. If you guys want to check it out and try and win some test ether here is the link: http://jeffextor.com.s3-website.us-east-2.amazonaws.com/CoinFlipDApp/index.html

Not super styled yet, mostly worked on getting it working. Going to take the academy’s React course then come back to this.

Thank You!

Okay, I’m all done. I could still add some bells and whistles (probably lots of them), but basically it seems to be all working properly. As a rule, I spent more time throughout on getting the various system components to cooperate than on the actual programming. But that was part of the learning process and it was very instructive. Overall, I feel that I learned a lot. Thank you for designing this project. I very much appreciated the opportunity to work on it.

My updated files you can examine on github if you like:

Possibly you could give me some feedback on my choice to handle events with a recursive function call (the function is checkevent()). It seems to be working fine but maybe you have some thoughts on the matter that I failed to consider.

Hey @FrankB

I’ve checked your contract.

There seem to be an issue with the function withdrawAll ()
I have deployed your contract HERE.

Please assume the following:
actualContractBalance = 0;
netContractBalance = 0;
transferAmount =0;

1- The user plays the first game and loses (0.5 ether bet).
actualContractBalance = 500000000000000000;
netContractBalance = 500000000000000000;

2- The user plays the second game and wins (0.5 ether bet).

Now your function __callback does the following

 if((randomNumber % 2 == 0 && moreOnZero)||(randomNumber % 2 == 1 && !moreOnZero)){
        customer[addressOfQueryId[_queryId]].totalGain += 2*lastValue;
        netContractBalance -= 2*lastValue;
      }

therefore:
actualContractBalance = 1000000000000000000;
netContractBalance = 0;

3- The owner calls the function withdrawAll()

  function withdrawAll() public onlyOwner{
      transferAmount = netContractBalance;
      actualContractBalance -= netContractBalance;
      netContractBalance = 0;
      msg.sender.transfer(transferAmount);
  }

In this case, transferAmount is equal to 0.
WithdrawalAll() does not actually withdraw the funds from the contract.
If you check my link posted above, you will see that I have stuck Balance: 0.992 Ether while I instead should be able to withdraw all funds from the contract.

Contract balance require()

Consider that the contract should always have a balance in order to pay the user in case of a win. You should make sure that the contract has a balance before allowing the user to play.
Consider what happens if the player does not deposit any ether in your contract and wins the 1st round.
user bets: 0.5 ether and wins:
contractBalance = 500000000000000000
customer[addressOfCst].totalGain = 1000000000000000000
The contract won’t be able to pay the customer.

Provable API fee

Also notice that the first call to provableApi is free, the other ones have a fee instead (that in your case is paid by the contract).
You are not keeping the fee in consideration. According to ProvableAPI documentation, you can use this function to get the price of the oracle provable_getPrice("random")

Unused param
This parameter is not used:

function __callback (,,bytes memory _proof)

According to provable documentation, you can do the following:

  constructor () public {
    provable_setProof(proofType_Ledger);
  }

Then inside function __callback()

if (
      provable_randomDS_proofVerify__returnCode(
                _queryId,
                _result,
                _proof
            ) != 0
        ) {
        } else { your code..

I have done some tests myself, please try as well. If I misunderstood something or if you need more info I am here to help.

Happy coding,
Dani

Ok! Finally ready. Here’s the code: https://github.com/MemphisIX/Coinflip-Oracle.

And a demo video:

Demo1814×805 471 KB

I decided to mix it up adding a balance for each user, a balance available for bets and oracle calls, and a “committed balance” where funds reserved for users should be stored. These balances are constantly checked every time a user interacts with the contract. I may have over-used the require statement a bit lol.

Still rough around the edges, there’s no function to destroy contract, or to withdraw funds from it. The owner is allowed to load the contract and the contract can also be loaded upon deployment.

I always check to make sure the committed balance plus balance for bets equals the balance on the blockchain, this allowed me to spot a ton of exploits and bugs so score one for require, I loved how it forced me to think about every possibility and write a solution for it.

I deployed it on Ropsten through Remix because… It just seemed like less of a headache. Initial tests were done on Ganache using the RandomTest() function which is still there for reference.

Smart Contract Security is next!

Daniele,

Thank you so much for your detailed analysis. You really put some effort into that and I very much appreciate that effort.

In response to your analysis I will say that 1) the “withrawAll” function, in my mind, was merely an add-on that wasn’t particularly well designed and somewhat problematic because once the contract owner withdraws all funds, the contract becomes dysfunctional due to the front-end code in main.js, and 2) the scenario in your test, it seems to me, can never occur because in main.js there is a check that results in the refusal of any bet that the contract cannot pay for. So if the net-contract balance is zero and the bet is non-zero, the bet will be rejected. This is one of the reasons for having a net balance and an actual balance. The net balance is the actual balance minus all the contract’s liabilities. I could avoid making that distinction if I transferred a gain to the customer’s account after each game, but that would result in additional fees and waiting times. So I opted for accumulating gains in the contract and working with an actual balance and a net balance.

An interesting security question probably is whether a hacker could disable the front-end check against bets that exceed the contract’s ability to pay and then somehow get money from the contract by creating the kind of setup that you used in your test.

In general, I’m pretty sure that the overall design of my dapp is not really secure yet. I gave some thought to security issues, and tried to handle all sensitive information on the contract side rather than the front-end side, but I don’t think that my knowledge is sufficient at this point to really be aware off all the security issues that would have to be considered before the dapp could actually be installed on a real blockchain.

The reason why I didn’t delve any deeper into issues such as these is simply that my time is limited. I am still employed at my college, and the next semester is starting in a couple of weeks—and I am also teaching a summer course at the side. So unfortunately, I have to cut some corners. I was happy with the fact that the basic functionality was working as intended, and I really did feel that I learned a lot by working on this well-designed project.

Concerning your comment that the contract in its current form pays for the use of the oracle, I can say that I was blissfully unaware of that fact. So that is definitely an interesting additional problem to look into. Along these lines I also wonder how safe it would be to use, instead of the oracle, a hash of a concatenation of the output of “now” with a private encoding string (see my contract) and (perhaps) a game counter (i.e., hash(now, encoding, game counter). It seems to me that if the private encoding string cannot be accessed (as a private contract variable), then there is really no way to anticipate the pseudo random output produced by the hash function. So if this kind of approach to producing pseudo-random values was safe, the problem of paying for the oracle would be solved because there wouldn’t be any need for using the oracle in the first place. The problem, though, is that I have no idea how easy or how difficult it would be for a hacker to access a private contract variable and/or how that difficulty compares to the difficulty of hacking the link between the contract and the oracle.

Again, thank you for your reply.

Hey @FrankB !

A front end application is just an easy access to your contract for a “normal user”, but you can call any function in any smart contract deployed on the network both via your computer terminal and via another smart contract Please keep in mind that all the security checks must be done in the smart contract itself and never in your front end.

 Along these lines I also wonder how safe it would be to use, instead of the oracle, a hash of a concatenation of the output of “now” with a private encoding string 

Please notice that private variables can’t be accessed or modified from other smart contracts but their values can be read freely outside the blockchain by anyone. Set a variable as private do not hide data
Solidity doc >> https://solidity.readthedocs.io/en/v0.5.3/contracts.html

Schermata 2020-07-31 alle 20.19.29744×246 24.2 KB

Hope everything is clear!

Have a great weekend,
Dani

Seems to do what it’s supposed to do, https://github.com/projir/Ethereum201

image1920×1040 32.8 KB

@Juan_M_Villaverde
This is one of the best and most detailed smart contracts I have seen, and looks PRO

1. More require() means more validation means better the security
2. Great usage of private, internal, external, ownership and events
3. Provable api is well used and you are checking the api price
4. Check effect Interaction pattern is well implemented

Unused param
This parameter is not used:

function __callback (,,bytes memory _proof)

According to provable documentation, you can do the following:

  constructor () public {
    provable_setProof(proofType_Ledger);
  }

Then inside function __callback()

if (
      provable_randomDS_proofVerify__returnCode(
                _queryId,
                _result,
                _proof
            ) != 0
        ) {
        } else { your code..

You could add the SafeMath library and a proxy in the future, anyway this is just details it’s a really good project overall so well done

Keep it up!

Ok so I’m kind of at wits end here. I can get this to work on Remix. I can deploy it to the ropsten network and get a new random number when I update but for some reason when I deploy it with truffle to the ropsten network It deploys just fine but I constantly get this error every time I try to update it for a new random number. I have been trying to figure this out by myself for the past 2 weeks but I simply cannot… Here is a link to the code I just added what I thought was essential to the github. I put the error i get in the Error.txt file just to keep from crowding up this chat. I don’t know if its my web3 code to interact with the contract or the contract itself that is causing this error. Would you please take a look at it?

Ok so i gotta stop posting on this cause every time I do through some stroke of luck I get it to work right after I post a desperate message…

@leemac
Apologies for the delay, @gabba will review your code, will get back to you once done

Thanks

@mikekai
So you were able to solve the problem?