Skip to main content

Sesi 1 - Materi Tambahan: Web3 Fundamentals Deep Dive

Daftar Isi

  1. Web Evolution Deep Dive
  2. Blockchain Technology Detailed
  3. Ethereum & EVM Architecture
  4. Wallet Technology & Cryptography
  5. Smart Contract Fundamentals
  6. Development Tools Deep Dive
  7. Real-World Use Cases
  8. Security Fundamentals
  9. Network Types & Testnet
  10. References & Further Learning

Web Evolution Deep Dive

Web1 (1990-2005): The Information Age

Technical Architecture

Web1 dibangun dengan teknologi sederhana yang fokus pada information sharing.

Core Technologies:

  • HTML (HyperText Markup Language): Structure dokumen web
  • HTTP (HyperText Transfer Protocol): Client-server communication
  • CSS (Cascading Style Sheets): Basic styling (introduced 1996)
  • JavaScript: Limited interactivity (introduced 1995)

Characteristics:

  • Static Content: Information yang jarang berubah
  • One-way Communication: Server ke client saja
  • Limited Interactivity: Basic forms dan navigation
  • Centralized Hosting: Single server untuk each website

Real Examples Web1

  • Yahoo Directory (1994): Manual categorization of websites
  • GeoCities (1994): Personal homepage hosting
  • Altavista (1995): Early search engine
  • Amazon (1994): Started as online bookstore dengan simple catalog

Web2 (2004-Present): The Platform Era

Technical Innovation

Web2 memperkenalkan dynamic content dan user interaction.

Key Technologies:

  • AJAX (Asynchronous JavaScript and XML): Dynamic content updates
  • APIs (Application Programming Interfaces): Service integration
  • Cloud Computing: Scalable infrastructure
  • Mobile Internet: Smartphone integration
  • Social Media Platforms: User-generated content

Platform Economy Characteristics:

  • Network Effects: Value increases dengan more users
  • Data Collection: User behavior tracking untuk monetization
  • Advertising Model: "Free" services funded by ads
  • Walled Gardens: Platform-specific ecosystems

Web2 Success Stories

Google Search Engine:

  • PageRank Algorithm: Revolutionary ranking system
  • AdWords/AdSense: Advertising revenue model
  • Data Utilization: Search data untuk targeted advertising
  • Market Dominance: 92% global search market share

Facebook Social Network:

  • Social Graph: Mapping human relationships
  • News Feed Algorithm: Curated content delivery
  • Advertising Platform: Precise demographic targeting
  • Data Harvesting: Detailed user profiling

Amazon E-commerce:

  • Recommendation Engine: Personalized product suggestions
  • AWS Cloud Services: Infrastructure as a Service
  • Marketplace Model: Third-party seller platform
  • Prime Ecosystem: Subscription-based loyalty

Web2 Limitations & Problems

Privacy Issues:

  • Data Collection: Extensive personal information gathering
  • Surveillance Capitalism: Monetizing personal data
  • Third-party Tracking: Cross-site user tracking
  • Data Breaches: Centralized databases as attack targets

Platform Control:

  • Content Censorship: Platform-controlled content moderation
  • Algorithm Manipulation: Opaque content filtering
  • Deplatforming: Account suspension without appeal
  • Revenue Sharing: Platforms take significant cuts

Famous Data Breaches:

  • Cambridge Analytica (2018): 87 million Facebook users affected
  • Equifax (2017): 147 million personal records stolen
  • Yahoo (2013-2014): 3 billion accounts compromised

Web3 (2008-Present): The Ownership Era

Foundational Principles

Decentralization:

  • No Single Point of Failure: Distributed infrastructure
  • Censorship Resistance: Difficult untuk block atau control
  • Global Access: Internet connection sufficient untuk participation
  • Permissionless Innovation: No gatekeepers untuk building

True Digital Ownership:

  • Cryptographic Proof: Mathematical proof of ownership
  • Transferable Assets: Move assets across platforms
  • Programmable Money: Smart contracts untuk automation
  • Self-Sovereign Identity: User-controlled digital identity

Web3 Technology Stack

Base Layer:

  • Blockchain: Distributed ledger infrastructure
  • Consensus Mechanisms: Proof of Work, Proof of Stake
  • Cryptography: Public-key cryptography untuk security

Protocol Layer:

  • Smart Contracts: Self-executing code
  • Token Standards: ERC-20, ERC-721, ERC-1155
  • Governance Protocols: Decentralized decision making

Application Layer:

  • DeFi: Decentralized financial services
  • NFTs: Non-fungible tokens untuk digital ownership
  • DAOs: Decentralized autonomous organizations
  • Web3 Games: Blockchain-based gaming

Web3 vs Web2 Comparison

AspectWeb2Web3
Data OwnershipPlatform ownsUser owns
IdentityPlatform-controlledSelf-sovereign
MonetizationAdvertisingDirect ownership
GovernanceCorporateCommunity
CensorshipPossibleResistant
InnovationPermissionedPermissionless

Blockchain Technology Detailed

Cryptographic Hash Functions

SHA-256 Deep Dive

Secure Hash Algorithm 256-bit yang digunakan Bitcoin untuk mining dan data integrity.

Properties:

  • Deterministic: Same input → same output
  • Fixed Output: Always 256 bits (64 hex characters)
  • Avalanche Effect: Small input change → dramatic output change
  • Pre-image Resistance: Cannot reverse-engineer input
  • Collision Resistance: Virtually impossible untuk find two inputs dengan same output

Example:

Input: "Hello World"
SHA-256: a591a6d40bf420404a011733cfb7b190d62c65bf0bcda32b57b277d9ad9f146e

Input: "Hello world" (lowercase 'w')
SHA-256: 64ec88ca00b268e5ba1a35678a1b5316d212f4f366b2477232534a8aeca37f3c

Keccak-256 (Ethereum)

Ethereum menggunakan Keccak-256 untuk address generation dan data hashing.

Ethereum Address Generation:

1. Generate random private key (256-bit number)
2. Derive public key using elliptic curve multiplication
3. Hash public key dengan Keccak-256
4. Take last 20 bytes as Ethereum address

Merkle Trees

Structure & Purpose

Merkle trees enable efficient dan secure verification of large data structures.

Tree Construction:

        Root Hash
       /          \
   Hash AB      Hash CD
   /    \       /     \
Hash A Hash B Hash C Hash D
  |      |      |      |
Data A Data B Data C Data D

Benefits:

  • Efficient Verification: Verify single transaction tanpa downloading entire block
  • Data Integrity: Any tampering changes root hash
  • Scalability: O(log n) verification complexity

Real-World Application: Bitcoin blocks use Merkle trees untuk efficiently verify transactions. Light clients dapat verify payment tanpa downloading full blockchain.

Blockchain Structure

Block Anatomy

Block Header:

{
  "previousBlockHash": "0x742d35...",
  "merkleRoot": "0x4a5e1e...",
  "timestamp": 1640995200,
  "difficulty": "0x170a395...",
  "nonce": 2573394689
}

Block Body:

  • Transaction list
  • Transaction count
  • Block size information

Transaction Structure (Ethereum)

{
  "nonce": "0x42",
  "gasPrice": "0x4a817c800",
  "gasLimit": "0x5208",
  "to": "0x8ba1f109551bD432803012645Hac136c34bcc36",
  "value": "0xde0b6b3a7640000",
  "data": "0x",
  "v": "0x1c",
  "r": "0x88ff6cf0fefd94db46111149ae4bfc179e9b94721fffd821d38d16464b3f71d0",
  "s": "0x45e0aff800961cfce805daef7016b9b675c137a6a41a548f7b60a3484c06a33a"
}

Consensus Mechanisms

Proof of Work (PoW)

Mining Process:

  1. Collect Transactions: Gather unconfirmed transactions dari mempool
  2. Create Block: Build block header dengan transaction Merkle root
  3. Find Nonce: Try different nonce values until hash meets difficulty target
  4. Broadcast Block: Share valid block dengan network
  5. Network Verification: Other nodes verify dan accept block

Difficulty Adjustment:

  • Bitcoin: Adjusts every 2016 blocks (~2 weeks)
  • Target Block Time: 10 minutes for Bitcoin
  • Hash Rate: Total computational power securing network

Security Model:

  • 51% Attack: Requires controlling majority of hash power
  • Cost: Extremely expensive untuk sustained attack
  • Economic Incentive: Honest mining more profitable than attacking

Proof of Stake (PoS)

Validator Selection:

  • Stake-based: Probability proportional ke stake size
  • Randomization: Cryptographic randomness prevents predictability
  • Rotation: Validators take turns proposing blocks

Economic Security:

  • Slashing: Validators lose stake untuk malicious behavior
  • Rewards: Honest validators earn staking rewards
  • Capital Requirement: Significant stake required for participation

Ethereum 2.0 Implementation:

  • Minimum Stake: 32 ETH untuk become validator
  • Penalty System: Graduated penalties untuk various violations
  • Finality: 2/3 validator agreement untuk finalization

Ethereum & EVM Architecture

Ethereum Network Structure

Node Types

Full Nodes:

  • Complete Blockchain: Store entire blockchain history
  • Transaction Validation: Verify all transactions
  • Block Propagation: Relay blocks ke other nodes
  • State Storage: Maintain current world state

Light Clients:

  • Block Headers Only: Download headers tanpa full blocks
  • SPV (Simplified Payment Verification): Verify transactions using Merkle proofs
  • Resource Efficient: Suitable untuk mobile devices
  • Trust Model: Rely on full nodes untuk data

Archive Nodes:

  • Historical State: Store all historical states
  • Development Support: Enable historical queries
  • Resource Intensive: Require significant storage
  • Infrastructure Role: Support dApps dan analytics

EVM (Ethereum Virtual Machine)

Virtual Machine Design

Stack-Based Architecture:

  • 1024 Stack Limit: Maximum stack depth
  • 256-bit Words: All operations use 256-bit values
  • LIFO Operations: Last-in, first-out stack operations

Memory Model:

  • Linear Memory: Byte-addressable memory space
  • Volatile Storage: Cleared between external calls
  • Gas Cost: Memory expansion costs increase quadratically

Storage Model:

  • Key-Value Store: 256-bit keys mapped ke 256-bit values
  • Persistent Storage: Survives between function calls
  • Gas Costs: 20,000 gas untuk new storage, 5,000 untuk updates

Bytecode & Opcodes

Compilation Process:

Solidity Source → AST → Intermediate Code → EVM Bytecode

Common Opcodes & Gas Costs:

ADD (0x01): 3 gas - Addition operation
MUL (0x02): 5 gas - Multiplication operation
SLOAD (0x54): 2,100 gas - Load from storage
SSTORE (0x55): 20,000 gas - Store to storage (new)
CALL (0xF1): 700+ gas - External contract call

Example Bytecode:

PUSH1 0x60    // Push 0x60 to stack
PUSH1 0x40    // Push 0x40 to stack
MSTORE        // Store 0x60 at memory position 0x40

Gas System

Gas Economics

Gas Price Determination:

  • Base Fee: Algorithmic fee burned every block (EIP-1559)
  • Priority Fee: Tip paid ke miners/validators
  • Max Fee: Maximum fee user willing to pay

Gas Limit Considerations:

  • Transaction Gas Limit: Maximum gas untuk single transaction
  • Block Gas Limit: Maximum total gas untuk all transactions dalam block
  • Gas Estimation: Predicting gas usage untuk transactions

Gas Optimization Strategies

Storage Optimization:

// Expensive: Multiple storage operations
contract Inefficient {
    uint256 public value1;
    uint256 public value2;
    
    function update(uint256 _val1, uint256 _val2) external {
        value1 = _val1;  // 20,000 gas
        value2 = _val2;  // 20,000 gas
    }
}

// Optimized: Packed storage
contract Efficient {
    struct Values {
        uint128 value1;  // Pack into single slot
        uint128 value2;
    }
    Values public values;
    
    function update(uint128 _val1, uint128 _val2) external {
        values = Values(_val1, _val2);  // Single storage operation
    }
}

Wallet Technology & Cryptography

Cryptographic Foundations

Elliptic Curve Cryptography (ECC)

secp256k1 Curve (used by Bitcoin & Ethereum):

y² = x³ + 7 (mod p)
where p = 2²⁵⁶ - 2³² - 2⁹ - 2⁸ - 2⁷ - 2⁶ - 2⁴ - 1

Key Generation Process:

  1. Private Key: Random 256-bit number (1 to n-1)
  2. Public Key: private_key × G (elliptic curve point multiplication)
  3. Address: Hash(public_key) untuk Ethereum address

Digital Signature Process (ECDSA):

1. Hash message with Keccak-256
2. Generate random nonce k
3. Calculate r = (k × G).x mod n
4. Calculate s = k⁻¹(hash + r × private_key) mod n
5. Signature = (r, s, v) where v is recovery parameter

Wallet Types & Architecture

Hierarchical Deterministic (HD) Wallets

BIP-44 Derivation Path:

m / purpose' / coin_type' / account' / change / address_index

Ethereum Example:

m/44'/60'/0'/0/0    (First Ethereum address)
m/44'/60'/0'/0/1    (Second Ethereum address)
m/44'/60'/1'/0/0    (First address of second account)

Seed Phrase Generation:

  • Entropy: 128-256 bits of randomness
  • Mnemonic: Convert entropy ke human-readable words (BIP-39)
  • Seed: Derive master seed dari mnemonic + optional passphrase
  • Master Key: Generate master private key dari seed

Wallet Implementation Types

Software Wallets:

  • Hot Wallets: Connected ke internet
  • Browser Extension: MetaMask, Rabby
  • Mobile Apps: Trust Wallet, Coinbase Wallet
  • Desktop Apps: Exodus, Atomic Wallet

Hardware Wallets:

  • Cold Storage: Private keys stored offline
  • Secure Element: Tamper-resistant hardware
  • Popular Models: Ledger Nano, Trezor
  • Transaction Signing: Sign transactions offline

Multi-Signature Wallets:

  • Threshold Signatures: M-of-N signature requirements
  • Shared Control: Multiple parties must approve transactions
  • Security Enhancement: Reduces single point of failure
  • Implementation: Gnosis Safe, multi-sig contracts

Account Types Deep Dive

Externally Owned Accounts (EOA)

Account State:

{
  "nonce": 42,
  "balance": "1000000000000000000",
  "storageRoot": "0x56e81f171bcc55a6ff8345e692c0f86e5b48e01b996cadc001622fb5e363b421",
  "codeHash": "0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470"
}

Characteristics:

  • Nonce: Prevents replay attacks
  • Balance: ETH amount dalam wei
  • No Code: codeHash is hash of empty string
  • Transaction Origin: Can initiate transactions

Smart Contract Accounts

Contract Account Properties:

  • Code Storage: Contains executable bytecode
  • Internal State: Custom storage variables
  • No Private Key: Controlled by code logic
  • Passive: Cannot initiate transactions independently

Account Abstraction Benefits:

  • Custom Logic: Programmable transaction validation
  • Recovery Mechanisms: Social recovery, time-based recovery
  • Batch Transactions: Multiple operations dalam single transaction
  • Gas Abstraction: Pay gas dalam any token

Wallet Security Best Practices

Private Key Management

Security Principles:

  • Never Share: Private keys should never be shared
  • Offline Generation: Generate keys pada air-gapped device
  • Secure Storage: Use hardware wallets atau encrypted storage
  • Backup Strategy: Multiple secure backups of seed phrase

Common Vulnerabilities:

  • Phishing Attacks: Fake websites stealing private keys
  • Malware: Keyloggers dan clipboard hijacking
  • Social Engineering: Manipulating users untuk reveal keys
  • Physical Theft: Unsecured devices atau written keys

Seed Phrase Security

Best Practices:

  • Physical Backup: Write down on paper or metal
  • Multiple Locations: Store backups dalam different secure locations
  • Verify Accuracy: Double-check transcription accuracy
  • Passphrase Option: Add extra passphrase untuk additional security

Common Mistakes:

  • Digital Storage: Storing seed phrases digitally
  • Cloud Backups: Uploading ke cloud services
  • Photos: Taking pictures of seed phrases
  • Incomplete Backups: Missing words atau wrong order

Smart Contract Fundamentals

Smart Contract Theory

Concept & Properties

Definition: Smart contracts are self-executing contracts dengan terms directly written into code. They automatically execute when predetermined conditions are met.

Key Properties:

  • Deterministic: Same input always produces same output
  • Transparent: Code is publicly viewable on blockchain
  • Immutable: Difficult atau impossible untuk change after deployment
  • Autonomous: Executes automatically tanpa intermediaries

Contract Lifecycle

Development Phase:

  1. Requirements: Define business logic dan functionality
  2. Design: Architecture dan security considerations
  3. Implementation: Write Solidity code
  4. Testing: Unit tests, integration tests, security audits
  5. Deployment: Deploy ke blockchain network

Execution Phase:

  1. Deployment Transaction: Contract code deployed ke blockchain
  2. Address Assignment: Contract receives unique address
  3. State Initialization: Constructor sets initial state
  4. Function Calls: Users interact dengan contract functions
  5. State Updates: Contract state modified through transactions

Solidity Programming Fundamentals

Data Types & Variables

Value Types:

// Boolean
bool public isActive = true;

// Integers
uint256 public count = 0;        // Unsigned integer
int256 public balance = -100;    // Signed integer

// Address
address public owner = 0x1234567890123456789012345678901234567890;
address payable public recipient; // Can receive Ether

// Fixed-size bytes
bytes32 public hash;
bytes4 public selector;

// Enums
enum State { Waiting, Ready, Active }
State public currentState;

Reference Types:

// Arrays
uint256[] public dynamicArray;
uint256[10] public fixedArray;

// Mappings
mapping(address => uint256) public balances;
mapping(address => mapping(address => uint256)) public allowances;

// Structs
struct User {
    string name;
    uint256 age;
    bool isActive;
}
User public user;

// Strings
string public name = "MyContract";

Functions & Modifiers

Function Syntax:

function functionName(
    uint256 parameter1,
    string memory parameter2
) 
    public 
    view 
    returns (uint256 result) 
{
    // Function body
    return parameter1 + bytes(parameter2).length;
}

State Mutability:

// Pure: No state read or write
function add(uint256 a, uint256 b) public pure returns (uint256) {
    return a + b;
}

// View: Read state but no modifications
function getBalance(address user) public view returns (uint256) {
    return balances[user];
}

// Payable: Can receive Ether
function deposit() public payable {
    balances[msg.sender] += msg.value;
}

Custom Modifiers:

modifier onlyOwner() {
    require(msg.sender == owner, "Not the owner");
    _;  // Continue with function execution
}

modifier validAmount(uint256 amount) {
    require(amount > 0, "Amount must be positive");
    require(amount <= 1000, "Amount too large");
    _;
}

function withdraw(uint256 amount) 
    public 
    onlyOwner 
    validAmount(amount) 
{
    // Function implementation
}

Events & Logging

Event Declaration & Emission:

// Event declaration
event Transfer(
    address indexed from,
    address indexed to,
    uint256 amount
);

event Approval(
    address indexed owner,
    address indexed spender,
    uint256 amount
);

// Event emission
function transfer(address to, uint256 amount) public {
    // Transfer logic
    balances[msg.sender] -= amount;
    balances[to] += amount;
    
    // Emit event
    emit Transfer(msg.sender, to, amount);
}

Event Filtering:

// JavaScript - Filter events
const transferEvents = await contract.queryFilter(
    contract.filters.Transfer(null, userAddress)
);

// Get specific event data
transferEvents.forEach(event => {
    console.log(`Transfer: ${event.args.amount} tokens`);
});

Security Fundamentals

Common Vulnerabilities

Reentrancy:

// Vulnerable contract
contract VulnerableContract {
    mapping(address => uint256) public balances;
    
    function withdraw() public {
        uint256 amount = balances[msg.sender];
        
        // External call before state update (DANGEROUS!)
        (bool success, ) = msg.sender.call{value: amount}("");
        require(success, "Transfer failed");
        
        balances[msg.sender] = 0;  // Too late!
    }
}

// Secure implementation
contract SecureContract {
    mapping(address => uint256) public balances;
    bool private locked;
    
    modifier noReentrant() {
        require(!locked, "No re-entrancy");
        locked = true;
        _;
        locked = false;
    }
    
    function withdraw() public noReentrant {
        uint256 amount = balances[msg.sender];
        balances[msg.sender] = 0;  // State update first
        
        (bool success, ) = msg.sender.call{value: amount}("");
        require(success, "Transfer failed");
    }
}

Integer Overflow/Underflow:

// Solidity < 0.8.0 (Vulnerable)
contract VulnerableToken {
    mapping(address => uint256) public balances;
    
    function transfer(address to, uint256 amount) public {
        balances[msg.sender] -= amount;  // Can underflow
        balances[to] += amount;          // Can overflow
    }
}

// Solidity >= 0.8.0 (Safe by default)
contract SafeToken {
    mapping(address => uint256) public balances;
    
    function transfer(address to, uint256 amount) public {
        balances[msg.sender] -= amount;  // Automatic overflow check
        balances[to] += amount;          // Automatic overflow check
    }
}

Security Best Practices

Checks-Effects-Interactions Pattern:

function secureFunction() public {
    // 1. Checks
    require(condition1, "Condition 1 failed");
    require(condition2, "Condition 2 failed");
    
    // 2. Effects (State changes)
    balance -= amount;
    userBalance[msg.sender] += amount;
    
    // 3. Interactions (External calls)
    externalContract.someFunction();
    payable(recipient).transfer(amount);
}

Access Control:

import "@openzeppelin/contracts/access/Ownable.sol";

contract MyContract is Ownable {
    mapping(address => bool) public admins;
    
    modifier onlyAdmin() {
        require(admins[msg.sender] || msg.sender == owner(), "Not admin");
        _;
    }
    
    function adminFunction() public onlyAdmin {
        // Only admins can call
    }
    
    function addAdmin(address newAdmin) public onlyOwner {
        admins[newAdmin] = true;
    }
}

Development Tools Deep Dive

Node.js & NPM Ecosystem

Package Management

package.json Configuration:

{
  "name": "web3-project",
  "version": "1.0.0",
  "description": "Web3 development project",
  "main": "index.js",
  "scripts": {
    "compile": "hardhat compile",
    "test": "hardhat test",
    "deploy:local": "hardhat run scripts/deploy.js --network localhost",
    "deploy:sepolia": "hardhat run scripts/deploy.js --network sepolia"
  },
  "dependencies": {
    "ethers": "^5.7.2",
    "@openzeppelin/contracts": "^4.8.0"
  },
  "devDependencies": {
    "hardhat": "^2.12.6",
    "@nomiclabs/hardhat-ethers": "^2.2.1",
    "@nomiclabs/hardhat-waffle": "^2.0.3",
    "chai": "^4.3.7"
  }
}

NPM Commands:

# Install dependencies
npm install

# Install specific package
npm install --save ethers
npm install --save-dev hardhat

# Update packages
npm update

# Audit security vulnerabilities
npm audit
npm audit fix

Hardhat Framework

Project Structure

hardhat-project/
├── contracts/          # Solidity contracts
│   └── MyContract.sol
├── scripts/           # Deployment scripts
│   └── deploy.js
├── test/             # Test files
│   └── MyContract.test.js
├── hardhat.config.js # Configuration
├── package.json      # Dependencies
└── .env             # Environment variables

Configuration Deep Dive

hardhat.config.js:

require("@nomiclabs/hardhat-waffle");
require("@nomiclabs/hardhat-etherscan");
require("hardhat-gas-reporter");
require("solidity-coverage");
require("dotenv").config();

module.exports = {
  solidity: {
    version: "0.8.26",
    settings: {
      optimizer: {
        enabled: true,
        runs: 200
      }
    }
  },
  networks: {
    hardhat: {
      chainId: 1337,
      accounts: {
        count: 20,
        accountsBalance: "10000000000000000000000" // 10k ETH
      }
    },
    sepolia: {
      url: process.env.SEPOLIA_RPC_URL,
      accounts: [process.env.PRIVATE_KEY],
      gasPrice: 20000000000, // 20 gwei
      gas: 2100000,
      timeout: 300000
    }
  },
  etherscan: {
    apiKey: process.env.ETHERSCAN_API_KEY
  },
  gasReporter: {
    enabled: process.env.REPORT_GAS !== undefined,
    currency: "USD"
  }
};

Testing Framework

Example Test File:

const { expect } = require("chai");
const { ethers } = require("hardhat");

describe("MyContract", function () {
  let myContract;
  let owner;
  let addr1;
  let addr2;

  beforeEach(async function () {
    // Get signers
    [owner, addr1, addr2] = await ethers.getSigners();
    
    // Deploy contract
    const MyContract = await ethers.getContractFactory("MyContract");
    myContract = await MyContract.deploy();
    await myContract.deployed();
  });

  describe("Deployment", function () {
    it("Should set the right owner", async function () {
      expect(await myContract.owner()).to.equal(owner.address);
    });
    
    it("Should assign initial supply", async function () {
      const ownerBalance = await myContract.balanceOf(owner.address);
      expect(await myContract.totalSupply()).to.equal(ownerBalance);
    });
  });

  describe("Transactions", function () {
    it("Should transfer tokens between accounts", async function () {
      await myContract.transfer(addr1.address, 50);
      expect(await myContract.balanceOf(addr1.address)).to.equal(50);
    });
    
    it("Should fail if sender doesn't have enough tokens", async function () {
      const initialOwnerBalance = await myContract.balanceOf(owner.address);
      
      await expect(
        myContract.connect(addr1).transfer(owner.address, 1)
      ).to.be.revertedWith("Not enough tokens");
      
      expect(await myContract.balanceOf(owner.address)).to.equal(
        initialOwnerBalance
      );
    });
  });
});

Git & Version Control

Git Workflow untuk Web3

Repository Structure:

.gitignore              # Ignore sensitive files
README.md              # Project documentation
contracts/             # Smart contracts
scripts/               # Automation scripts
test/                  # Test files
docs/                  # Additional documentation
deployments/           # Deployment artifacts

.gitignore for Web3:

# Dependencies
node_modules/
package-lock.json

# Environment variables (CRITICAL!)
.env
.env.local
.env.*.local

# Hardhat
artifacts/
cache/
typechain/
coverage/

# IDE
.vscode/
.idea/
*.swp
*.swo

# Operating System
.DS_Store
Thumbs.db

# Logs
npm-debug.log*
yarn-debug.log*
yarn-error.log*

Git Commands untuk Web3 Development:

# Initialize repository
git init
git add .
git commit -m "feat: initial project setup"

# Create feature branch
git checkout -b feature/smart-contract

# Commit with conventional commits
git commit -m "feat: add ERC20 token contract"
git commit -m "fix: resolve reentrancy vulnerability"
git commit -m "docs: update deployment instructions"

# Push to remote
git push origin feature/smart-contract

Alchemy Infrastructure

API Services

Endpoint Configuration:

// Ethereum Mainnet
const mainnetProvider = new ethers.providers.AlchemyProvider(
  "homestead", 
  process.env.ALCHEMY_API_KEY
);

// Sepolia Testnet
const sepoliaProvider = new ethers.providers.AlchemyProvider(
  "sepolia", 
  process.env.ALCHEMY_API_KEY
);

// Custom RPC URL
const customProvider = new ethers.providers.JsonRpcProvider(
  `https://eth-sepolia.g.alchemy.com/v2/${process.env.ALCHEMY_API_KEY}`
);

Enhanced APIs:

// Get transaction receipts dengan logs
const receipt = await provider.getTransactionReceipt(txHash);
console.log("Gas Used:", receipt.gasUsed.toString());
console.log("Logs:", receipt.logs);

// Get current gas prices
const gasPrice = await provider.getGasPrice();
console.log("Current Gas Price:", ethers.utils.formatUnits(gasPrice, "gwei"), "gwei");

// Estimate gas untuk transaction
const estimatedGas = await contract.estimateGas.functionName(params);
console.log("Estimated Gas:", estimatedGas.toString());

Network Configuration

Sepolia Testnet Details:

const sepoliaConfig = {
  chainId: 11155111,
  name: "sepolia",
  rpcUrl: "https://eth-sepolia.g.alchemy.com/v2/YOUR_API_KEY",
  blockExplorer: "https://sepolia.etherscan.io",
  faucets: [
    "https://sepoliafaucet.com/",
    "https://faucet.sepolia.dev/"
  ]
};

Real-World Use Cases

Decentralized Finance (DeFi) Basics

What is DeFi?

Decentralized Finance recreates traditional financial services using blockchain technology, eliminating intermediaries dan providing global access.

Core Principles:

  • Permissionless: Anyone dengan internet dapat access
  • Transparent: All transactions publicly verifiable
  • Composable: Protocols dapat combined untuk new functionality
  • Non-custodial: Users maintain control of their assets

Basic DeFi Building Blocks

Decentralized Exchanges (DEXs):

  • Uniswap: Automated Market Maker dengan constant product formula
  • SushiSwap: Community-driven DEX dengan additional features
  • Balancer: Weighted pools untuk portfolio management

Lending Protocols:

  • Compound: Algorithmic money markets
  • Aave: Lending dengan flash loans
  • MakerDAO: Collateralized debt positions

Yield Farming:

  • Liquidity Mining: Earn tokens untuk providing liquidity
  • Staking: Lock tokens untuk earn rewards
  • Yield Optimization: Automated strategies untuk maximize returns

Real Example: Uniswap V2

How It Works:

  1. Liquidity Pools: Users deposit equal values of two tokens
  2. Automated Pricing: Price determined by ratio of tokens dalam pool
  3. Trading: Users swap tokens, paying 0.3% fee ke liquidity providers
  4. Arbitrage: Price differences corrected by arbitrageurs

Mathematical Model:

x × y = k (constant product formula)

Where:

  • x = amount of token A dalam pool
  • y = amount of token B dalam pool
  • k = constant product

Price Impact:

price_impact = (new_price - old_price) / old_price × 100%

Non-Fungible Tokens (NFTs)

Understanding NFTs

What Makes NFTs Special:

  • Uniqueness: Each token has unique identifier
  • Provenance: Ownership history tracked on blockchain
  • Programmability: Smart contracts dapat add functionality
  • Interoperability: Work across different platforms

Technical Implementation:

// Basic NFT contract
contract MyNFT is ERC721 {
    uint256 public tokenCounter;
    
    constructor() ERC721("MyNFT", "MNFT") {
        tokenCounter = 0;
    }
    
    function createNFT(string memory tokenURI) public returns (uint256) {
        uint256 newTokenId = tokenCounter;
        _safeMint(msg.sender, newTokenId);
        _setTokenURI(newTokenId, tokenURI);
        tokenCounter++;
        return newTokenId;
    }
}

Real-World NFT Applications

Digital Art:

  • Beeple's "Everydays": Sold untuk $69.3 million at Christie's
  • CryptoPunks: 10,000 unique pixel art characters
  • Art Blocks: Generative art platform

Gaming:

  • Axie Infinity: Play-to-earn game dengan NFT creatures
  • The Sandbox: Virtual world dengan land ownership
  • Gods Unchained: Trading card game dengan true ownership

Utility NFTs:

  • ENS Domains: Ethereum Name Service domains
  • Event Tickets: Verifiable, transferable tickets
  • Certificates: Educational atau professional credentials

Decentralized Autonomous Organizations (DAOs)

DAO Fundamentals

What is a DAO: Decentralized Autonomous Organization adalah organization governed by smart contracts dan community voting rather than traditional management.

Key Components:

  • Governance Token: Voting rights dalam organization
  • Treasury: Shared funds managed by DAO
  • Proposals: Suggestions untuk changes atau actions
  • Voting Mechanism: How decisions are made

DAO Examples

MakerDAO:

  • Purpose: Manage DAI stablecoin protocol
  • Governance: MKR token holders vote pada parameters
  • Treasury: Protocol fees accumulated untuk governance
  • Impact: $8+ billion DAI dalam circulation

Uniswap DAO:

  • Purpose: Govern Uniswap protocol development
  • Governance: UNI token distribution ke users
  • Proposals: Protocol upgrades dan fee distributions
  • Community: Thousands of active participants

Investment DAOs:

  • PleasrDAO: Collective ownership of cultural artifacts
  • ConstitutionDAO: Attempted untuk buy original US Constitution
  • MetaCartel: Fund early-stage DApps

Supply Chain & Transparency

Blockchain dalam Supply Chain

Benefits:

  • Traceability: Track products dari origin ke consumer
  • Transparency: All stakeholders dapat verify information
  • Authenticity: Prevent counterfeiting dan fraud
  • Efficiency: Reduce paperwork dan manual processes

Real Implementation: Walmart Food Safety

Problem: Food contamination outbreaks take weeks untuk trace source.

Solution:

  • Product Tracking: Each product gets blockchain identifier
  • Supply Chain Mapping: End-to-end visibility
  • Real-time Updates: Temperature, location, handling data
  • Consumer Access: QR codes untuk product verification

Results:

  • 2.2 seconds: Time untuk trace contamination source
  • Reduced Waste: Precise recalls instead of broad sweeps
  • Consumer Trust: Verified product authenticity

Digital Identity & Credentials

Self-Sovereign Identity (SSI)

Problems dengan Current System:

  • Centralized Control: Identity controlled by governments/corporations
  • Data Breaches: Central databases are attractive targets
  • Privacy: Over-sharing personal information
  • Portability: Difficult untuk use identity across services

SSI Solution:

  • User Control: Individuals own dan control identity
  • Decentralized: No central authority required
  • Privacy: Share only necessary information
  • Interoperable: Work across different services

Estonia e-Residency

Digital Identity System:

  • Digital ID Cards: Cryptographic identity untuk all citizens
  • e-Services: 99% government services online
  • Digital Signatures: Legally binding electronic signatures
  • Blockchain Integration: KSI blockchain untuk data integrity

Global Impact:

  • 100,000+ e-residents: From 170+ countries
  • Digital Economy: Remote access ke Estonian services
  • Legal Framework: Comprehensive digital rights

Security Fundamentals

Smart Contract Security

Security Mindset

Fundamental Principles:

  • Assume Malicious Users: Expect attempts untuk exploit
  • Fail Securely: Default ke safe state when errors occur
  • Minimize Attack Surface: Reduce potential vulnerability points
  • Defense in Depth: Multiple security layers

Common Attack Vectors

Reentrancy Attacks: Famous example - The DAO (2016):

  • $50 million drained dari Ethereum's first major DAO
  • Attacker exploited recursive calling vulnerability
  • Led ke Ethereum hard fork (ETH vs ETC split)

Prevention:

// Use OpenZeppelin's ReentrancyGuard
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";

contract SecureContract is ReentrancyGuard {
    function withdraw() public nonReentrant {
        // Safe withdrawal logic
    }
}

Access Control Issues:

// Vulnerable - anyone dapat call
function emergencyWithdraw() public {
    payable(owner).transfer(address(this).balance);
}

// Secure - only owner dapat call
modifier onlyOwner() {
    require(msg.sender == owner, "Not owner");
    _;
}

function emergencyWithdraw() public onlyOwner {
    payable(owner).transfer(address(this).balance);
}

Security Tools

Static Analysis:

  • Slither: Python-based Solidity analyzer
  • Mythril: Security analysis dengan symbolic execution
  • Securify: Formal verification tool

Testing Tools:

  • Hardhat: Built-in testing framework
  • Waffle: Advanced testing matchers
  • OpenZeppelin Test Helpers: Testing utilities

Audit Services:

  • ConsenSys Diligence: Professional audit services
  • Trail of Bits: Security research dan auditing
  • OpenZeppelin: Security audits dan consulting

Wallet Security

Private Key Protection

Best Practices:

  • Hardware Wallets: Store keys dalam dedicated hardware
  • Cold Storage: Keep keys offline for long-term storage
  • Multi-signature: Require multiple signatures untuk transactions
  • Regular Backups: Secure backup of recovery phrases

Common Threats:

  • Phishing: Fake websites stealing credentials
  • Malware: Software capturing keystrokes atau clipboard
  • Social Engineering: Manipulating users untuk reveal information
  • Physical Theft: Stolen devices atau written keys

Transaction Security

Verification Steps:

  1. Check Recipient Address: Verify destination address
  2. Confirm Amount: Double-check transaction amount
  3. Review Gas Settings: Appropriate gas price dan limit
  4. Contract Interaction: Understand what contract functions are called

MEV (Maximal Extractable Value) Protection:

  • Private Mempools: Submit transactions privately
  • Flashbots Protect: MEV protection service
  • Time Delays: Use time locks untuk important transactions

Network Types & Testnet Guide

Blockchain Network Types

Public Blockchains

Characteristics:

  • Permissionless: Anyone dapat join dan participate
  • Fully Decentralized: No central authority
  • Transparent: All data publicly accessible
  • Censorship Resistant: Difficult untuk block atau control

Examples:

  • Bitcoin: First successful cryptocurrency
  • Ethereum: Smart contract platform
  • Binance Smart Chain: High-performance EVM-compatible chain

Private Blockchains

Characteristics:

  • Permissioned: Controlled access
  • Centralized: Single organization control
  • Privacy: Data tidak publicly accessible
  • Higher Performance: Fewer nodes, faster consensus

Use Cases:

  • Enterprise Solutions: Internal company operations
  • Supply Chain: Private consortium networks
  • Government: Controlled public services

Consortium Blockchains

Characteristics:

  • Semi-decentralized: Group of organizations
  • Controlled Access: Pre-approved participants
  • Shared Governance: Multiple stakeholders
  • Industry Focus: Specific sector solutions

Examples:

  • R3 Corda: Banking consortium blockchain
  • Energy Web Chain: Energy sector blockchain
  • IBM Food Trust: Food supply chain consortium

Testnet Deep Dive

Sepolia Testnet

Technical Specifications:

  • Chain ID: 11155111
  • Consensus: Proof of Stake
  • Block Time: ~12 seconds
  • Gas Limit: Similar ke Ethereum mainnet

Network Configuration:

const sepoliaNetwork = {
  name: "sepolia",
  chainId: 11155111,
  rpcUrls: [
    "https://sepolia.infura.io/v3/YOUR_PROJECT_ID",
    "https://eth-sepolia.g.alchemy.com/v2/YOUR_API_KEY"
  ],
  blockExplorerUrls: ["https://sepolia.etherscan.io"],
  nativeCurrency: {
    name: "Sepolia Ether",
    symbol: "ETH",
    decimals: 18
  }
};

Getting Testnet ETH:

Other Testnets

Goerli (Being Deprecated):

  • Chain ID: 5
  • Status: Being phased out
  • Migration: Move ke Sepolia atau Holesky

Holesky (New Testnet):

  • Chain ID: 17000
  • Purpose: Staking dan infrastructure testing
  • Launch: September 2023

Polygon Mumbai:

MetaMask Configuration

Adding Custom Networks

Manual Network Addition:

  1. Open MetaMask
  2. Click network dropdown
  3. Select "Add Network"
  4. Enter network details:

Programmatic Network Addition:

async function addSepoliaNetwork() {
  try {
    await window.ethereum.request({
      method: 'wallet_addEthereumChain',
      params: [{
        chainId: '0xaa36a7', // 11155111 dalam hex
        chainName: 'Sepolia',
        rpcUrls: ['https://sepolia.infura.io/v3/YOUR_PROJECT_ID'],
        nativeCurrency: {
          name: 'Sepolia Ether',
          symbol: 'ETH',
          decimals: 18
        },
        blockExplorerUrls: ['https://sepolia.etherscan.io']
      }]
    });
  } catch (error) {
    console.error('Failed to add network:', error);
  }
}

References & Further Learning

Academic & Research Papers

Foundational Papers

Bitcoin: A Peer-to-Peer Electronic Cash System (2008)

Ethereum: A Next-Generation Smart Contract and Decentralized Application Platform (2014)

The Byzantine Generals Problem (1982)

Modern Research

Layer 2 Scaling Solutions:

Consensus Mechanisms:

Technical Documentation

Ethereum Development

Official Documentation:

Development Frameworks:

Standards & EIPs

Ethereum Improvement Proposals:

Educational Platforms

Free Learning Resources

University Courses:

Online Tutorials:

Structured Courses:

Bootcamps:

Development Tools

Code Editors & IDEs

Visual Studio Code Extensions:

  • Solidity: Juan Blanco's Solidity extension
  • Hardhat for Visual Studio Code: Official Hardhat extension
  • Ethereum Remix: Remix integration

Online IDEs:

Testing & Analysis

Security Tools:

Testing Frameworks:

Community & News

Developer Communities

Forums & Discussion:

GitHub Repositories:

News & Updates

Technical Blogs:

Industry News:

Practical Resources

Blockchain Explorers

Ethereum Networks:

Multi-chain Explorers:

Faucets & Test Resources

Testnet Faucets:

Development Networks:

  • Ganache: Local blockchain simulator
  • Hardhat Network: Built-in local blockchain
  • Anvil: Local blockchain dari Foundry

Career & Professional Development

Job Platforms

Web3-Specific:

General Tech Platforms:

  • AngelList: Startup jobs including Web3
  • LinkedIn: Professional networking
  • GitHub Jobs: Developer-focused positions

Skill Development

Certifications:

  • ConsenSys Academy: Blockchain developer certification
  • B9lab: Ethereum developer course
  • Ivan on Tech Academy: Comprehensive blockchain education

Portfolio Building:

  • GitHub: Showcase your code
  • Personal Website: Document your projects
  • Blog: Write tentang your learning journey
  • Open Source: Contribute ke existing projects

Conclusion

Materi tambahan ini memberikan foundation yang comprehensive untuk memahami Web3 technology dari perspektif teoritis dan praktis. Dari evolusi internet hingga implementasi teknis blockchain, dari cryptography fundamentals hingga real-world applications, dokumentasi ini covers essential knowledge yang dibutuhkan untuk memulai journey dalam Web3 development.

Key Takeaways:

  1. Web3 Evolution: Understanding progression dari Web1 ke Web3 dan implications untuk digital ownership
  2. Technical Foundations: Blockchain, cryptography, dan EVM architecture sebagai building blocks
  3. Practical Development: Tools, frameworks, dan best practices untuk building pada blockchain
  4. Security Mindset: Importance of security dalam decentralized systems
  5. Real Applications: How Web3 technology solving real-world problems across industries

Learning Path Recommendations:

  1. Start dengan Fundamentals: Understand blockchain dan cryptography basics
  2. Hands-on Practice: Build simple contracts dan deploy ke testnet
  3. Explore Use Cases: Study successful Web3 applications
  4. Security Focus: Learn security best practices dari early stage
  5. Stay Updated: Follow community discussions dan technological developments

Dokumentasi ini serves sebagai reference material untuk deepen understanding concepts yang introduced dalam Sesi 1 bootcamp, providing theoretical background dan practical context untuk building strong foundation dalam Web3 development.

This supplementary material is designed untuk complement hands-on bootcamp activities dengan comprehensive theoretical understanding dan real-world context. Continue building, keep learning, dan welcome ke the decentralized future!