From Real Life to Blockchain

What is blockchain?

An interactive learning platform on Smart Contracts – From beginners to hands-on developers

Start learning now

🌱 Part 1: Understanding Smart Contracts Through Real-Life Examples

Máy bán nước tự động Vending machine

Bạn bỏ 10k → chọn trà sữa → máy nhả đồ. Không cần nhân viên kiểm tra.

// Logic đời thường

if (coin == 10k && choice == "trà sữa") { dispenseDrink(); }

Chính xác là Smart Contract: if-then tự động, không trung gian.

It's actually a Smart Contract: an automatic if-then contract, with no intermediaries.

Người giữ tiền ủy thác Escrow

if (documentSigned) { releaseFunds(seller); } else { refund(buyer); }

Smart Contract thay thế bên thứ 3: minh bạch, bất biến, chạy đúng điều kiện.

Blockchain là gì?

  • Decentralized: Không server trung tâm
  • Immutable: Code đã deploy không sửa được The deployed code cannot be modified
  • Gas Fee: Trả phí để máy tính mạng chạy code

⛓️ Part 2: the first smart contract

BITCOIN WHITE PAPER

Publication
The Bitcoin Whitepaper
Original Technical paper • Published October 31, 2008
Available at: https://bitcoin.org/bitcoin.pdf
Bitcoin: A Peer-to-Peer Electronic Cash System
Satoshi Nakamoto
A purely peer-to-peer version of electronic cash would allow onlinepayments to be sent directly from one party to another. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending.
Bitcoin is proposed as a peer-to-peer electronic cash system that allows online payments to be sent directly from one party to another without going through a financial institution. Transactions are timestamped by hashing them into a continuous chain of proof-of-work, forming a record that cannot be altered. Traditional commerce relies almost entirely on financial institutions as trusted third parties to process payments. While this works for most transactions, it suffers from the weaknesses of the trust-based model. Bitcoin solves the double-spending problem by using a peer-to-peer distributed timestamp server. Transactions that are computationally impractical to reverse protect both buyers and sellers. An electronic coin is a chain of digital signatures. Each owner transfers the coin by signing a hash of the previous transaction and the public key of the next owner. To prevent double-spending, all transactions must be publicly announced, and nodes collectively agree on the order by working on the longest proof-of-work chain. Proof-of-work is implemented by incrementing a nonce until a hash is found with the required number of leading zeros. Once a block is created, it cannot be changed without redoing the proof-of-work for that block and all subsequent blocks. Nodes always consider the longest chain to be the valid one. If two blocks are broadcast simultaneously, the tie is broken when the next proof-of-work is found. The first transaction in a block creates new coins, providing an incentive for nodes to support the network. This is analogous to gold miners expending resources to mine gold. The incentive encourages honesty, since an attacker with more CPU power than the honest network must choose between defrauding others or generating new coins. The probability of a slower attacker catching up with the honest chain decreases exponentially as more blocks are added. The race between the honest chain and the attacker chain is modeled as a Binomial Random Walk, showing that the attacker’s chances of success become vanishingly small unless he gets lucky early on. Bitcoin also addresses privacy: public keys keep transactions anonymous, but if a key is revealed, linked transactions may expose the owner. To prevent this, a new key pair should be used for each transaction.
Available at: https://bitcoin.org/bitcoin.pdf
Open Access Not peer-reviewed

⛓️ Part 2: Practicing Ethereum Smart Contracts

💎DEFI



💎SIMPLESTORAGE

Store and Read data

The most basic contract on Ethereum. Allows writing an integer to the blockchain and reading it back at any time.

SimpleStorage is the most basic Solidity contract and is often the first example to start learning Ethereum.
State Variable
Function
Access Control
Tip (mẹo): `public` variable automatically creates a getter. `view` consumes no gas when called off-chain.
public is visibility modifier that allows access from anywhere

In Solidity, a view is not a variable, but a modifier for a function. It tells the compiler and EVM that the function only reads data from the blockchain and does not change the contract's state.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

contract SimpleStorage {
    // Biến lưu trữ trên blockchain
    uint256 public storedData;

    // Hàm ghi dữ liệu (tốn gas)
    function set(uint256 _value) public {
        storedData = _value;
    }

    // Hàm đọc dữ liệu (miễn phí khi gọi off-chain)
    function get() public view returns (uint256) {
        return storedData;
    }
}

🚨 Part 3: Real-world Case Studies and Security Vulnerabilities

Smart contract chạy đúng code, nhưng nếu code có lỗi → tiền bay. Dưới đây là các bài học xương máu.

Smart contracts run with the correct code, but if the code is flawed, your money is gone. Here are some painful lessons learned
The DAO (2016) – Reentrancy Attack
Reentrancy bug
Logic flaw trong smart contract
A vulnerability where an attacker recursively calls a function before the contract updates its internal state.

Hacker khai thác lỗ hổng gọi đệ quy khi rút tiền, rút lặp lại trước khi số dư cập nhật.

The loss amounted to 3.6 million ETH (approximately $50 million at that time).

Reentrancy not Access Control
Parity Wallet (July 2017) – Access Control Flaw
Parity wallet is wallet software/wallet system, powered by Parity Technologies

The initWallet function in the Parity multi-signature wallet contract was not properly restricted, allowing an attacker to reinitialize the contract, assign themselves as the owner, and drain approximately $30M worth of ETH.

Initialization Ownership
Parity Wallet (Nov 2017) – Initialization / Library Flaw

A critical flaw in the shared library contract allowed a user to reinitialize it via the initWallet function, gain ownership, and trigger selfdestruct. This permanently disabled the library, causing over $300M worth of ETH in dependent multi-signature wallets to be locked forever.

Initialization Library Denial of Service
bZx (Feb 2020) – Oracle Manipulation Attack
Smart Contract bug on Ethereum

The bZx lending protocol suffered a critical exploit when attackers manipulated its price oracle by using flash loans to distort the reported value of assets. This allowed them to borrow against artificially inflated collateral and drain funds. The incident led to losses of approximately $630K in the first attack and further exploits soon after, highlighting the dangers of relying on single-source or manipulable oracles in DeFi.

Oracle Flash Loan Financial Exploit
Integer Overflow/Underflow (Pre-0.8.0)

One of the classic vulnerabilities in Solidity prior to version 0.8.0

`uint8` max 255. Nếu cộng thêm 1 → về 0. Hacker exploit batch transfer, mint token vô hạn. Solidity 0.8+ đã fix mặc định.

Math Error Compiler Version
3 Essential Principles for Writing Smart Contracts
  1. Checks–Effects–Interactions: Validate conditions → Update state → Transfer funds or call external contracts.
  2. Always use Solidity ≥0.8.0: Built‑in protection against overflow/underflow, improved gas efficiency, and stronger safety.
  3. Audit + Testnet before Mainnet: Deploy on Sepolia/Goerli, run tools like Slither/Mythril, and engage professional audit firms.

Part 4: Adaptability Skills Test

Choose the correct answer. The system will score your answer and provide an explanation immediately.