This is a simple working example of a flash arbitrage smart contract, whereby within a single transaction it:

  1. Instantly flash borrows a certain asset (ETH in this example) from Aave lending pools with zero collateral
  2. Calls UniswapV2 Router02 to wrap the flash liquidity of ETH into WETH and exchange it for DAI tokens
  3. Checks the exchange rate of DAI back into ETH on Sushiswap V1
  4. Calls SushiswapV1 Router02 to swap the DAI back into WETH and then ETH
  5. There’s also an independent function to withdraw all ETH and ERC20 tokens at the contract owner’s discretion

Before you start playing with this I highly recommend to have a read of the Aave Flash Loan mechanism and get an indepth conceptual understanding, as it’s equally important as understanding the code.

Since Sushiswap is a fork of UniswapV2, I also suggest familiarising yourself with the Uniswap V2 guide on trading via smart contracts, particularly if you plan on adding more swaps to your arbitrage strategy.


The contract can be plonked directly onto Remix, using solidity compiler 0.6.12, and Metamask using Injected Web3.

On deployment, set the following parameters:

  • _AaveLendingPool: the LendingPoolAddressesProvider address corresponding to the deployment environment. see Deployed Contract Instances.
  • _UniswapV2Router: the Router02 address for UniswapV2 see here.
  • _SushiswapV1Router: the Router02 address for SushiswapV1. There isn’t an official testnet router02 so for demo purposes you can just use the uniswapV2 address when playing on the testnet since their codebase is identical (for now – which may not be the case in the future). Alternatively see Sushiswap repo for the mainnet router02 address to test in prod or deploy your own version of Router02 onto testnet.
  • Click ‚transact‘ and approve the Metamask pop up.
  • Once the flash arb contract is deployed, send some ETH or ERC20 token to this contract depending on what asset you’re planning to flash borrow from Aave in case you need extra funds to cover the flash fee.


On execution, set the following parameters:

  • _flashAsset: address of the asset you want to flash loan. e.g. ETH is 0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE. If you want to flash anything else see Reserved Assets but you will need to adjust the executeArbitrage() function accordingly.
  • _flashAmount: how much of _flashAsset you want to borrow, demoniated in wei (e.g. 1000000000000000000 for 1 ether).
  • _daiTokenAddress: for this demo we’re swapping with the DAI token, so lookup the reserved address of the DAI token. See Reserved Assets.
  • _amountToTrade: how much of the newly acquired _flashAsset you’d like to use as part of this arbitrage.
  • _tokensOut: how much of the ERC20 tokens from the first swap would you like to swap back to complete the arb. Denominated in actual tokens, i.e. 1 = 1 DAI token.
  • Click ‚transact‘ and approve in Metamask.


If all goes well, a successful execution of this contract looks like this (Ropsten testnet).

Tips for further customization

  • This contract would typically be executed by a NodeJS bot (not part of this demo) via a web3.eth.Contract() call, referencing the deployed address of this contract and its corresponding ABI. You would usually get the bot to interact with price aggregators such as 1inch to assess arb opportunities and execute this contract if the right opportunity is found.
  • To have any chance of getting in front of other arb bots on significant arb opportunities the NodeJS bot needs to be hosted on your own fast Ethereum node. You will most likely come off second best going through the Infura API to interact with the Ethereum blockchain.
  • Some people like to get an unfair advantage by building Transaction-Ordering Dependence (front running) capabilities into the NodeJS component, typically using web3.eth.subscribe(‚pendingTransactions‘..) to monitor for newly submitted arb TXs. However this smart contract would then need to be significantly more complex and flexible enough to cater for a wide range of arbitrage permutations across multiple protocols.
  • User specified parameters (as opposed to hardcoded variables) should be passed via the flashloan() function in the first instance. You can subsequently set these parameters to contract variables with higher visibility across the contract.
  • There are no direct ETH pairs in UniswapV2 therefore the need for a WETH wrapper. Since Sushiswap is forked from UniswapV2 you’ll need to wrap in WETH as well.

If you found this useful and would like to send me some gas money:


Thanks, @fifikobayashi

Source: https://github.com/fifikobayashi/Flash-Arb-Trader

An Ultimate, In-depth Explanation of How EVM Works.

This post is a continuation of my Getting Deep Into Series started in an effort to provide a deeper understanding of the internal workings and other cool stuff about Ethereum and blockchain in general which you will not find easily on the web. Here are the previous parts of the Series in case you missed them:

Getting Deep Into Geth: Why Syncing Ethereum Node Is Slow
Downloading the blocks is just a small part. There is a lot of stuff going on…
Getting Deep Into Ethereum: How Data Is Stored In Ethereum?
In this post, we will see how states and transactions are stored in Ethereum and how it is different from Bitcoin.

In this part, we are going to explore explain and describe in detail the core behavior of the EVM. We will see how contracts are created, how message calls work, and take a look at everything related to data management, such as storagememorycalldata, and the stack.

To better understand this article, you should be familiar with the basics of the Ethereum. If you are not, I highly recommend reading these posts first.

8 Resources to Get Started With Ethereum
The ultimate guide for understanding & Starting with Ethereum.

Throughout this post, we will illustrate some examples and demonstrations using sample contracts you can find in this repository. Please clone it, run npm install, and check it out before beginning.

Enjoy, and please do not hesitate to reach out with questions, suggestions or feedback.

EVM: 10,000 ft Perspective

Before diving into understanding how EVM works and seeing it working via code examples, let’s see where EVM fits in the Ethereum and what are its components. Don’t get scared by these diagrams because as soon as you are done reading this article you will be able to make a lot of sense out of these diagrams.

The below diagram shows where EVM fits into Ethereum.

The below diagram shows the basic Architecture of EVM.

This below diagram shows how different parts of EVM interact with each other to make Ethereum do its magic.

We have seen what EVM looks like. Now it’s time to start understanding how these parts play a significant role in the way Ethereum works.

Ethereum Contracts


Smart contracts are just computer programs, and we can say that Ethereum contracts are smart contracts that run on the Ethereum Virtual Machine. The EVM is the sandboxed runtime and a completely isolated environment for smart contracts in Ethereum. This means that every smart contract running inside the EVM has no access to the network, file system, or other processes running on the computer hosting the VM.

As we already know, there are two kinds of accounts: contracts and external accounts. Every account is identified by an address, and all accounts share the same address space. The EVM handles addresses of 160-bit length.

Every account consists of a balance, a noncebytecode, and stored data (storage). However, there are some differences between these two kinds of accounts. For instance, the code and storage of external accounts are empty, while contract accounts store their bytecode and the Merkle root hash of the entire state tree. Moreover, while external addresses have a corresponding private key, contract accounts don’t. The actions of contract accounts are controlled by the code they host in addition to the regular cryptographic signing of every Ethereum transaction.


The creation of a contract is simply a transaction in which the receiver address is empty and its data field contains the compiled bytecode of the contract to be created (this makes sense — contracts can create contracts too). Let’s look at a quick example. Please open the directory of exercise 1; in it, you will find a contract called MyContract with the following code:

Read on >>>>

This article explains how someone will be able to become a validator in Ethereum 2.0. New Ethereum will replace mining process as seen current Ethereum and use Proof of Stake consensus where validators will be the one maintaining the network. Those validators attestations are written on the Beacon chain. However, we won’t get into those technical details and you don’t even have to know all of that to take part in validating blocks.

What’s the current status of Ethereum 2.0 development?

Specification is there and seven different node clients are actively working on their implementation. The reason for this is that they are written in different languages and will have a different specializations i.e. being focused on the browser or resource constrained devices. Also, not all of them will survive (but that’s ok). In current Ethereum (Eth1) survivors are Geth and Parity. Current active Eth2 clients are: LodestarNimbusLighthousePrysmTrinity and Harmony + Artemis that should merge together.

They all have their own testnets but they all gathered in September on an interoperability event and created a multi-client testnet. Here is the historic tweet and we are glad that we could be there! Thanks Consensys.

First launch of the Ethereum 2.0 clients, tweet by Joseph Delong

Good news is that in the latest Eth2 spec release (v0.9.0) an official deposit contract has been declared as finished!

All inital deposits, that will happen on Eth1 chain, will be used by Eth2 chain to secure the network upon launch by leveraging the security pool and value of existing Ether.

How much can you earn by being a validator?

What a great question! Yes, you get a reward if your attestations get included in a block but the reward depends on the whole state of the network i.e. how many validators are online. The economics of this are still being examined and are to be tested. Latest estimates are that validators can expect 4.6% – 10.3% in annualized rewards. However, the spec is still being updated which results in a lot of estimates so we can only recommend you the following links to understand better: – Examining the Proposed Validator Economics of Ethereum 2.0 – Eth 2.0 Economics

Basically, the math for validator return of investment (ROI) is:

ROI = Validator rewards + Network fees - Cost to run a validator node

The goal is to encourage people to become validators and have many as possible to secure the network. Therefore, the whole PoS system is a collective rewards scheme where the more people online, the more everyone earns. Vice versa, the less people online, the less that people are earning. It is why there is a slight penalty if your validator client goes offline at any point. For example, if the current interest rate is 5%, you would lose 0.0137% of your deposit every day, but gain that for every day you’re online. In case of a bigger issue where 33% of validators are offline and you’re offline, you can lose 60% in 18 days. If at any point your deposit drops below 16 ETH you will be removed from the validator set entirely.

Unfortunately, the numbers above in the links are most probably going to be changed as the Eth2 spec is constantly being updated.

What do you need to become a validator?

Basically, here are the minimum requirements for being a validator: – have 32 ETH, – run validator node 247 (this can be your PC, remote server, Raspberry Pi or similar) with Internet connection, – have access to beacon node.

Hardware requirements for running the node will be better determined during testnet activities. For the validator client only something like Raspberry Pi will be enough but in case you are running your Beacon node, you’ll need a more powerful CPU and storage space.

Keep in mind that your uptime and therefore an Internet connection are the most important things as your stake gets slashed if you are offline, meaning that you are losing your money.

How to become a validator?

The validator setup requires some technical knowledge and understanding. However, we want to enable everyone to easily become a validator and know how well they perform. This will be possible with the desktop app that we are working on – ChainGuardian. Soon more info about that, you can track for progress our NodeFactory Twitter and ChainGuardian Github or join our Discord! This app is being built thanks to MolochDAO.

ChainGuardian is a Windows/Linux/Mac app that will be a one stop shop for validators. As a user, you will be able to fully onboard as a validator which includes: making an ETH deposit, generating or importing your required key pairs (which only you own!), running a validator client and a Beacon node. Most importantly, you will be able to observe the performance of your node, return of investment and get notified if your node is down so you don’t lose your earnings!

Here are a couple of sneak peaks below. We plan to expand these features to much more but currently we are focused to make a release where you can make an ETH deposit and effortlessly become a validator.

ChainGuardian desktop application previews

Basically, to become a validator, here are the steps that one needs to take:

  1. Install one of the previously listed Eth2 clients.
  2. Get Ether. In testnet case that’s Görli ETH. We understand this is not so easy to get so we will provide a faucet for you that will get you this ETH and submit your deposit transaction altogether.
  3. Generate a validator public and private key pair (used for signing your claims as a validator).
  4. Start your validator client along with Beacon chain. You can use your Beacon chain node or some existing public server.
  5. Make the ETH deposit (stake) to Eth1.
  6. Wait to get assigned as validator. Once your validator client is up and running you just have to wait for it’s activation. This takes a few minutes (or probably hours in case of mainnet) because of a voting period in which new deposits are added to the running chain from other validators.
  7. Watch your validator create, vote and attest for blocks as well as earn rewards!

Once again, those steps will be a part of the ChainGuardian app onboarding.

Note about your key pairs

What’s important to understand when handling your validator node are validator keys. You should have a signing key which is a hot wallet – unlocked account that app client uses for voting and proposing blocks. Also, you need a withdrawal key that is a separated cold wallet which will be used for funds withdrawal in case you want to stop being a validator or your signing key gets comprimised.


This is Ethereum 2.0 (Serenity) Phase 0 which includes launch of Beacon chain that manages the Casper Proof of Stake protocol for itself and all of the shard chains. Being a Phase 0 only, we won’t have all the new features of Ethereum 2.0 just yet. For example, there is currently no way to withdraw deposited Ether from Eth2 as it is effectively burned in Eth1. However, although the transfers weren’t planned in Phase 0, this is still open to discussion and changes.

Once Phase 0 is complete, there will be two active Ethereum chains – Eth1 chain (current) and the Eth2 chain (Beacon chain). They will operate in parallel during the Phase 1 and Phase 2 as well. However, the Eth1 to Eth2 transition is planned.

For the Beacon chain to start, there will be a minimum amount of ETH stake needed. It is defined in the deposit contract and currently this is set to 16384 validators (524,288 ETH).

It may seem that this Phase is not that significant as we won’t be available to use everything from Ethereum that we got used to but this is the foundation of the entire system. If we compare this phase to the beginning of the mining period, then we can certainly draw conclusions about advantages and profits in being the first in the line. However, there are all kinds of risks but seeing the community around this and efforts of the core developers, it’s only possible to be positive about how things will roll out.

Source: https://www.nodefactory.io/blog/how-to-become-a-validator-in-the-new-ethereum-2-proof-of-stake-system/

Ameen Soleimani – 8 min read

You’ve probably heard of Compound. They built compound.finance on Ethereum which allows you to lend and earn interest on your ETH, DAI, USDC, and several other ERC20s.

Today, the interest rate offered to DAI lenders is 10%, which is high enough to turn EthHeads’ heads (see cover photo).

As the CEO of SpankChain, it’s my job to manage the company reserves, which also includes nearly half a million DAI. At 10% annual interest, that’s ~$4,000 per month that we’re leaving on the table by not moving our DAI into Compound. That’s quite the opportunity cost. But the thing to remember when investing is that there is no free lunch. All investments have their risks and lending on Compound is no exception.

I spent some time over the last month evaluating several categories of risk when lending on Compound:

  1. Contract Security Risks
  2. Centralized Points of Failure
  3. Bank Run Risk

I break my investigation down by category below, but the most important things to know are:

  1. The smart contract security seems legit.
  2. Compound is a CUSTODIAL system, all lending pools can be trivially drained if their admin private key is compromised.
  3. When you lend on Compound, you are NOT guaranteed to be able to withdraw whenever you want. If you try to withdraw your funds and all the money is locked up in outstanding loans, your withdrawal transaction will fail.

I hope these lenders understand the risks… source: https://defipulse.com/compound

Contract Security

Compound has been audited by several reputable smart contract security firms.

  1. OpenZeppelin Audit Report
  2. Trail of Bits Audit Report
  3. Certora Audit Report

In addition, Compound was offering a private bug bounty of up to $250,000 for critical vulnerabilities (defined as 1% of funds stolen or 10% frozen), and to my knowledge no independent security researchers have been able to claim the bounty.

The contracts have also held $20M+ for over 6 months, $50M+ for over 2 months, and currently hold $100M+. For me personally, the most important metric of contract security is total funds held in contract * time held in contract, and Compound has been secure with quite a large public bounty thus far.

Based on the above factors, I presently believe that the Compound smart contracts are secure.

Centralized Points of Failure

I’m not a smart contract security expert myself, so I enlisted the assistance of the one and only samczsun who famously found a critical bug in the 0x contracts (despite multiple audits from top firms) and was paid $100,000 for it. He had the following to report about centralized points of failure in Compound (emphasis mine):


OpenLaw will be launching the first limited liability for-profit DAO, named the LAO. The LAO will enable members to invest in Ethereum new ventures and generate a profit. A new era of DAOs is beginning.

The LAO: A For-Profit, Limited Liability Autonomous Organization

Since first proposed in 2013, the notion of decentralized autonomous organizations (DAOs) has animated the dreams of blockchain developers. For many, these Internet-native organizations represent the next step in the evolution of social and economic coordination, with blockchain technology and smart contracts streamlining voting, decision making, and the allocation of digital assets.

The notion of a DAO did not emerge in a vacuum. Instead, these organizations build on a long lineage of technical and legal innovation. The Romans devised a variety of commercial entities, such as the societas peculium and societas publicanorum, that enabled parties to share in an enterprise’s profits and losses while also providing limited liability. During the Middle Ages, Italians pioneered early versions of a limited partnership to finance maritime trade. Joint-stock companies emerged in England and the Netherlands in the 1600s, providing organizations state-granted monopolies to engage in productive commercial enterprises. The modern corporation took root in the United States in 1811, when New York granted private parties the power to form their own corporate structures without an extensive approval process. Weiterlesen

by Koh Wei Jie · 8 min read

Railway semaphore signals. Source: WikiMedia Commons

This year, Ethereum has undergone a privacy renaissance of sorts. Encouraged by prominent members of the community, researchers, programmers, and DAO funders have collaborated to accelerate the ideation and implementation of privacy solutions, particularly those which employ zero-knowledge proofs. We are now at a stage where a key privacy building block is emerging from research and entering production: Semaphore, a means for anonymous signalling.

Semaphore is the basis of an ETH and ERC20 token mixer named MicroMix. In the near future, it can be used for other privacy-enhancing applications such as anonymous login, anonymous DAOs, anonymous voting, and journalism.

This technical blog post will explain how Semaphore and MicroMix work, and how Semaphore enables MicroMix to provide users with transaction privacy in a noncustodial manner. It will also describe its performance and tradeoffs, and finally outline how Semaphore can enable other zero-knowledge applications which would be otherwise impractical.

Readers should understand how Ethereum smart contracts work and some basic cryptography, but do not need to be familiar with zero-knowledge proofs. Weiterlesen

Wouldn’t it be amazing if we didn’t have to waste so much precious space on our expensive and sensitive SSDs to run an Ethereum node, and could rather move at least some of the data onto a cheap and durable HDD?

With the v1.9.0 release, Geth separated its database into two parts (done by Péter Szilágyi, Martin Holst Swende and Gary Rong):

  • Recent blocks, all state and accelerations structures are kept in a fast key-value store (LevelDB) as until now. This is meant to be run on top of an SSD as both disk IO performance is crucial.
  • Blocks and receipts that are older than a cutoff threshold (3 epochs) are moved out of LevelDB into a custom freezer database, that is backed by a handful of append-only flat files. Since the node rarely needs to read these data, and only ever appends to them, an HDD should be more than suitable to cover it.

A fresh fast sync at block 7.77M placed 79GB of data into the freezer and 60GB of data into LevelDB. Weiterlesen

Graham McBain
 · 2 min read

Using Bubble.is and Portis.io

Photo by Kyle Hanson on Unsplash

Protocols like Compound Finance and DYDX are arguably the most compelling reasons why you’d want to build an app on Ethereum. Unfortunately the entire web3 stack is surrounded by a cloud of wonky terminology and technical barriers. This jargon minefield makes it next to impossible for the average Jane to get something up and running.

Until now

I’ve been working on an simple MVP Portis plugin that allows anyone to utilize these and other protocols with no programming knowledge. To do this I leveraged a platform called Bubble.is, a visual programming language with powerful workflow automation tools.

The first step in making this possible is integrating a wallet provider. I’m a big fan of Portis and integrating their wallet has proven to be very easy. All this took was a few evenings and emails to the team to talk about problems I ran into. This work has resulted in the first tool which lets a non developer create a Dapp, all in under 2 minutes. Weiterlesen

4 min read

👉 Get your FREE chapter of the Blockchain Developers Handbook…

This guide takes 3 minutes 33 seconds to read.

🤖 Programming Languages

Solidity is the main programming language for smart contracts, however there are other languages which will be useful depending on your usecase.

  • Solidity — Object Oriented High Level Language For Smart Contracts
  • Vyper — Pythonic Programming Language For Smart Contracts
  • JavaScript — High Level Interpreted Scripting Language
  • Python — Interpreted High Level General Purpose Programming Language
  • Go — The Language In Which Geth (Go-Ethereum) Client Is Written In
  • Rust — Language In Which The Parity Client Is Written In
  • Java — The Pantheon Client Is Written In Java
  • .NET — Intergrateable To The Ethereum Blockchain With Nethereum
  • C++ — Protocol Development With The Help Of Github /Aleth
  • Ruby — See How Ruby Is Used In Ethereum With Github /Ethereum.RB


Today OpenLaw is releasing its second vertical OpenLaw Finance. With OpenLaw Finance creating legally compliant tokenized securities, fixed income products, tokenized real estate, and smart derivatives can be as easy as filling out a simple form. The future of decentralized finance is coming into focus powered by OpenLaw.

Ethereum holds out the potential to serve as the commercial operating system for the globe. Launched only five years ago, Ethereum is rapidly emerging as the spine for a streamlined financial system where existing financial products can be structured and administered more efficiently. Despite the downturn in prices, Ethereum’s growth has accelerated over the past two years. We’ve seen the birth of stable coins, like DAI, and the threads of more advanced financial products like those provided by Dharma and Compound. Ethereum-based trading platforms are beginning to mature, like 0x and Uniswap, creating composable financial legal blocks that enable assets to flow more seamlessly between parties. And decentralized oracles like Chainlink are moving to mainnet, holding out the hope of inputting real-time data into commercial relationships and creating new, more efficient means of commercial transactions.
Traditional finance, of course, has noticed. An increasing number of banks and other “fintech” startups are exploring the use of blockchain technology through the issuance of their own stablecoins and a host of pilot programs ranging from J.P. Morgan’s stablecoin to SWIFT’s instant GPI payments.
The blockchain-world and traditional finance are on a collision course with new tools and approaches rapidly painting a picture of what a more democratized and streamlined financial system could look like — one that is more efficient, transparent, and resilient. Weiterlesen