From Real Life to Blockchain

What is blockchain?

An interactive learning platform on Smart Contracts – From beginners to hands-on developers

Start learning now

🌱 Part 1: Understanding Smart Contracts Through Real-Life Examples

Máy bán nước tự động Vending machine

Bạn bỏ 10k → chọn trà sữa → máy nhả đồ. Không cần nhân viên kiểm tra.

// Logic đời thường

if (coin == 10k && choice == "trà sữa") { dispenseDrink(); }

Chính xác là Smart Contract: if-then tự động, không trung gian.

It's actually a Smart Contract: an automatic if-then contract, with no intermediaries.

Người giữ tiền ủy thác Escrow

if (documentSigned) { releaseFunds(seller); } else { refund(buyer); }

Smart Contract thay thế bên thứ 3: minh bạch, bất biến, chạy đúng điều kiện.

Blockchain là gì?

  • Decentralized: Không server trung tâm
  • Immutable: Code đã deploy không sửa được The deployed code cannot be modified
  • Gas Fee: Trả phí để máy tính mạng chạy code

⛓️ Part 2: Practicing Ethereum Smart Contracts

💎DEFI



💎SIMPLESTORAGE

Store and Read data

The most basic contract on Ethereum. Allows writing an integer to the blockchain and reading it back at any time.

SimpleStorage is the most basic Solidity contract and is often the first example to start learning Ethereum.
State Variable
Function
Access Control
Tip (mẹo): `public` variable automatically creates a getter. `view` consumes no gas when called off-chain.
public is visibility modifier that allows access from anywhere

In Solidity, a view is not a variable, but a modifier for a function. It tells the compiler and EVM that the function only reads data from the blockchain and does not change the contract's state.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract SimpleStorage {
    // Biến lưu trữ trên blockchain
    uint256 public storedData;

    // Hàm ghi dữ liệu (tốn gas)
    function set(uint256 _value) public {
        storedData = _value;
    }

    // Hàm đọc dữ liệu (miễn phí khi gọi off-chain)
    function get() public view returns (uint256) {
        return storedData;
    }
}

🚨 Part 3: Real-world Case Studies and Security Vulnerabilities

Smart contract chạy đúng code, nhưng nếu code có lỗi → tiền bay. Dưới đây là các bài học xương máu.

Smart contracts run with the correct code, but if the code is flawed, your money is gone. Here are some painful lessons learned
The DAO (2016) – Reentrancy Attack
Reentrancy bug
Logic flaw trong smart contract
A vulnerability where an attacker recursively calls a function before the contract updates its internal state.

Hacker khai thác lỗ hổng gọi đệ quy khi rút tiền, rút lặp lại trước khi số dư cập nhật.

The loss amounted to 3.6 million ETH (approximately $50 million at that time).

Reentrancy not Access Control
Parity Wallet (July 2017) – Access Control Flaw
Parity wallet is wallet software/wallet system, powered by Parity Technologies

The initWallet function in the Parity multi-signature wallet contract was not properly restricted, allowing an attacker to reinitialize the contract, assign themselves as the owner, and drain approximately $30M worth of ETH.

Initialization Ownership
Parity Wallet (Nov 2017) – Initialization / Library Flaw

A critical flaw in the shared library contract allowed a user to reinitialize it via the initWallet function, gain ownership, and trigger selfdestruct. This permanently disabled the library, causing over $300M worth of ETH in dependent multi-signature wallets to be locked forever.

Initialization Library Denial of Service
bZx (Feb 2020) – Oracle Manipulation Attack
Smart Contract bug on Ethereum

The bZx lending protocol suffered a critical exploit when attackers manipulated its price oracle by using flash loans to distort the reported value of assets. This allowed them to borrow against artificially inflated collateral and drain funds. The incident led to losses of approximately $630K in the first attack and further exploits soon after, highlighting the dangers of relying on single-source or manipulable oracles in DeFi.

Oracle Flash Loan Financial Exploit
Integer Overflow/Underflow (Pre-0.8.0)

One of the classic vulnerabilities in Solidity prior to version 0.8.0

`uint8` max 255. Nếu cộng thêm 1 → về 0. Hacker exploit batch transfer, mint token vô hạn. Solidity 0.8+ đã fix mặc định.

Math Error Compiler Version
3 Essential Principles for Writing Smart Contracts
  1. Checks–Effects–Interactions: Validate conditions → Update state → Transfer funds or call external contracts.
  2. Always use Solidity ≥0.8.0: Built‑in protection against overflow/underflow, improved gas efficiency, and stronger safety.
  3. Audit + Testnet before Mainnet: Deploy on Sepolia/Goerli, run tools like Slither/Mythril, and engage professional audit firms.

Part 4: Adaptability Skills Test

Choose the correct answer. The system will score your answer and provide an explanation immediately.