Ethereum promises that contracts will 'live forever' in the default case.And, in fact, unless the contract contains a suicide clause, they are not destroyable.This is a double-edged sword.On the one hand, the default suicide mode for a contract is to return all funds embedded in the contract to the owner; it's clearly unworkable to have a "zero trust" system in which the owner of a contract can at will claim all money.So, it's good to let people reason about the contract longevity.On the other hand, I have been reviewing some Ethereum contracts recently, and the code quality is somewhere between "optimistic as to required quality" and "terrible" for code that is supposed to run forever.Dan Mayer cites research showing industry average bugs per 1000 lines of code at 15-50 and Microsoft released code at 0.5 per 1000, and 0(!)defects in 500,000 lines of code for NASA, with a very expensive and time consuming process. shows a likely error rate of something like 100 per 1000, maybe higher.I categorize bugs into three categories: Before starting this quick review, I would have expected to see a fair amount of 3, and a bit of 2.

I have been surprised to see some significant instances of 1, often combined with 2.This raises a sort of rhetorical question for me; if contracts are immutable and permanent, and error rates do not approach zero, what are people signing up for?I have a few suggestions in a later post.Ethstick is a kind of pyramid scheme which incentivizes participants (donkeys) to keep depositing money to get the payout (carrot).As each payment comes in, a "lucky donkey" is chosen for payout; the lucky one is chosen from a list of eligible donkeys.Payouts vary between 1.1x and 1.2x, adjustable by the owner of the contract.(Termed the "pig" in the code).The pig/owner can sell the contract on and transfer it to a new owner, a common pattern for contracts intended to be micro-businesses.You can review the code for contract 0xbA6284cA128d72B25f1353FadD06Aa145D9095Af at etherscan.io.A 10 minute check turns up a couple major issues.First, the random function relies only on the following numbers: This random number is used to choose which of the donkeys is paid out.

Ethereum blocks come about every 45 seconds; therefore, there is plenty of time for an attacker to calculate out if they would be the paid-out donkey and only trigger the contract with a payment if they are the recipient.This qualifies as a severe bug to my mind.It is not mitigated by the contract's popularity -- more people playing increase your chances of being lucky -- but when the contract is not used often, there is a guaranteed way to prod it and get paid out.It's not even easily mitigable using the block hash the transaction is mined in: an attacking miner or pool could only include good transactions in blocks that meet the calculation, otherwise leaving them out and not broadcasting them to the rest of the world.That attack advantages a savvy consumer of the contract, the next one advantages the owner.The function changeEligibleDonkeys allows the owner of the contract to shorten or lengthen the list of Donkeys.A simple attack by the owner would look like this: I've skipped a number of 'efficiency' related bugs, and I would not claim to have captured all the logic errors in this code; there is a section with a comment labeled //Ranking logic: mindfuck edition in case you would like to hunt down your own edge cases.

Counting whitespace and data declarations, there are 350 or so lines of code here.sell litecoin to euroI've pulled out two large bugs, and there are at least five places with rounding issues or efficiency issues in the code.1 litecoin in sekThe actual logic in the code is less than 100 lines.bitcoin documentary chinaThis is a troubling number of errors, and I have not cherry-picked a contract, in fact, this contract seems fairly functional right now compared to many.bitcoin summit 2014 san franciscoIt will eventually become a cesspit for attack algorithms trying to beat each-other at the randomness game, which will be kind of fun to watch, I suppose, but it will not be doing the job it promises to do.bitcoin adresse bekommen

I would rate it in the middle of code quality that I've seen in the last few days.litecoin plnSome popular services, ones with 100s of thousands of dollars flowing through them, are distressingly bad (as in "everyone loses all their money" bad) with no way to mitigate, by design.bbc radio 4 bitcoinSome recommendations -- first, I think that it is almost going to be a requirement for all but the simplest contracts that they have some sort of replacement mechanism baked in.bitcoin faucet orgI have a few ideas about how this could work, and will write about them later, but one obvious point to make is that the replacement mechanism would need to be trusted by users of the contract.bitcoin jason williamsSecond, it's probably worth including a 'suicide' mechanic for most contracts, and thinking upfront about what the fairest thing to do is.

In the case of something like this, the owner of the contract could have easily included some sort of fair pro-rata payout of balances to the 'donkeys', paying herself nothing, and that would allow a simple way to close the contract without financial incentive to steal for the contract owner.Third, smart contract auditing and insurance is going to be a thing.Update: The creator of the contract responded and clarified a few things on reddit.Hacker News has some interesting discussion as well.You are being re-directed, if nothing happens, please follow this linkWelcome to BlockCypher’s Ethereum API documentation!If you’re familiar with our Bitcoin endpoints, you’ll feel right at home with our Ethereum API.However, there are a few differences, and they stem in part from the fundamental differences between Bitcoin and Ethereum.In the most abstract sense, Bitcoin and Ethereum are cousins; they both have “blocks” of transactions linked together into a chain, they both use Proof of Work to reach consensus (for now, as Ethereum plans to move to Proof of Stake in a future release), they are both about decentralizing trust.

But that’s where the similarities end.Here are just some of Ethereum’s differences: In a nutshell, Bitcoin is about decentralized, trust-minimizing, sound money.Ethereum is about decentralized, trust-minimizing, sound computation.Much more detail about these differences can be read at the Ethereum Wiki here.You can find more information at the project’s webpage as well.In these docs you’ll find everything you need to start working with Ethereum with BlockCypher.For now, you’ll see cURL examples for interacting with the Ethereum blockchain, but we’ll add SDK examples as we support them.Our documentation is powered by GitHub Pages and Slate, which makes viewing changes as simple as checking the git commit history.If there’s an error or you’d like to suggest a change, please consider submitting a pull request to benefit the broader BlockCypher community.All API calls are versioned, and the current BlockCypher API is v1.The BlockCypher Ethereum API is currently in beta, and we hope not to introduce any breaking changes, but until it’s out of beta we can’t make that guarantee until it’s stable.

Almost all resources exist under a given blockchain, and follow this pattern: Currently, there’s only one version of the API (v1).For Ethereum, there are the available blockchains: We want everyone to try BlockCypher with as little friction as possible, which is why you don’t need a token for any read-only GET calls.Please register for a user token if you want to use POST and DELETE calls.Once you have your token, you can append it to all your requests like any other URL parameter.We do rate-limit our free tier, with or without a token (though tokens are required for Confidence lookups, WebHooks/Sockets, Payments, and any POST or DELETE calls): On the accounts page, you’ll find paid plans starting at $75 a month (with a 10% discount if you pay with Bitcoin).To request higher limits or SLAs beyond what’s offered on the accounts page, please email us.You can check your current limits and usage via a GET on the following endpoint, outside of our normal coin/chain pattern: All endpoints that can retrieve a single Object can be batched to return multiple objects.

If you’re cURLing the API directly, batching simply requires appending each identifier to the previous one using a semicolon (check the code pane for an example).The results are aggregated in a JSON array.When cURLing BlockCypher, batching also works when the identifiers aren’t the last part of the URL; e.g., this URL will return the balances of three separate addresses: To ease your development process, we offer an Ethereum-compatible internal testnet and faucet.It is identical in form and function to Ethereum mainnet (including the same address/account format and EVM).The chain is private (no data is broadcast, only BlockCypher mines the transactions).In case you missed the Resources section, the BlockCypher Ethereum Testnet is accessible from this resource: To help facilitate automated testing in your applications, a faucet endpoint is available on BlockCypher’s Ethereum Testnet.Calling the faucet endpoint, along with passing a valid address, will automatically create—and propagate—a new transaction funding the address with the amount you provide.

You can then use the funded address to publish contracts, engage in other transactions, or to aid in automated testing.This example shows how to leverage the faucet to programmatically fund addresses.Before diving into BlockCypher’s endpoints, this section details all the Objects exposed and expected by the API.Some of you might be more interested in the endpoints themselves, in which case, feel free to skip to the next section.For each Object there’s a description and a link to a germane API endpoint.A Blockchain represents the current state of the Ethereum blockchain.Typically returned from the Chain API endpoint.A Block represents the current state of a particular block from a Blockchain.Typically returned from the Block Hash and Block Height endpoints.A TX represents the current state of a particular transaction from either a Block within a Blockchain, or an unconfirmed transaction that has yet to be included in a Block.A TXRef object represents summarized data about a transaction input or output.

Typically found in an array within an Address object, which is usually returned from the standard Address Endpoint.A TXSkeleton is a convenience/wrapper Object that’s used primarily when Creating Transactions through the New and Send endpoints.An Address represents the state of an Ethereum address/account, containing information about the state of balances and transactions related to this address.Typically returned from the Address Balance and Address endpoints.An AddressKeychain represents an associated collection of public and private keys alongside their respective Ethereum address.Generally returned and used with the Generate Address Endpoint.A Contract represents an embedded contract on the Ethereum blockchain, and is used with both creating and executing contracts in our Contract API.All the fields below are generally optional, but may be required depending on the particular contract endpoint you’re using.An Event represents a WebHooks or WebSockets-based notification request, as detailed in the Events & Hooks section of the documentation.

The first component—and highest level—of the BlockCypher Ethereum API allows you to query general information about Ethereum’s blockchain and blocks.If you’re new to blockchains, you can think of the blockchain itself as an immutable, distributed ledger.Each block in the blockchain is like a “page” in the ledger containing information about transactions between parties.A great place to start understanding the mechanics behind blockchains is the original Bitcoin whitepaper.To get a handle on how Ethereum differs from Bitcoin, you can check the Ethereum project whitepaper.General information about the Ethereum blockchain is available by GET-ing the base resource.The returned object contains a litany of information, including its height, the time/hash of the latest block, and more.For Ethereum, the object includes information on gas_price, denoted in wei.Unlike Bitcoin, fees are determined by the computational execution cost of the transaction via gas; in order to prevent runaway contract execution, each operation in Ethereum’s Virtual Machine requires a fixed/known amount of gas.

While the amount of gas is fixed for a given EVM operation, the price of gas fluctuates based on market demand on the Ethereum blockchain (similar to Bitcoin fees).For more detail, check this very helpful Stack Exchange explanation.For more detailed information about the data returned, check the Blockchain object.If you want more data on a particular block, you can use the Block Hash endpoint.$BLOCK_HASH is a string representing the hash of the block you’re interested in querying, for example: The returned object contains information about the block, including its height, the total amount of wei transacted within it, the number of transactions in it, transaction hashes listed in the canonical order in which they appear in the block, and more.For more detail on the data returned, check the Block object.You can also query for information on a block using its height, using the same resource but with a different variable type.BLOCK_HEIGHT is an integer representing the height of the block you’re interested in querying, for example: As above, the returned object contains information about the block, including its hash, the total amount of wei transacted within it, the number of transactions in it, transaction hashes listed in the canonical order in which they appear in the block, and more.

BlockCypher’s Ethereum Address API allows you to look up information about public Ethereum addresses/accounts and generate your own low-value Ethereum addresses/public-private key pairs.If you’re new to blockchains, you can think of public addresses as similar to bank account numbers in a traditional ledger.The biggest differences: The Address Balance Endpoint is the simplest—and fastest—method to get a subset of information on a public address.ADDRESS is a string representing the public address you’re interested in querying, for example: The returned object contains information about the address, including its balance in wei and the number of transactions associated with it.The endpoint omits any detailed transaction information, but if that isn’t required by your application, then it’s the fastest and preferred way to get public address information.The Address Endpoint returns more information about an address’ transactions than the Address Balance Endpoint, but sacrifices some response speed in the process.

ADDRESS is a string representing the public address (or wallet/HD wallet name) you’re interested in querying, for example: The returned object contains information about the address, including its balance in wei, the number of transactions associated with it, and transaction summaries in descending order by block height.The Generate Address endpoint allows you to generate private-public key-pairs along with an associated public address.No information is required with this POST request.The returned object contains a private key, a public key, and a public address, all hex-encoded.BlockCypher’s Ethereum Transaction API allows you to look up information about unconfirmed transactions, query transactions based on hash, and create and propagate your own transactions.Unlike Bitcoin, Ethereum has no concept of UTXOs.Instead, addresses have a running balance, and use an ever-increasing sequence/nonce for every transaction to maintain proper address state.You can read more about this design decision here.

Transaction signing and generation are also different in Ethereum, but for basic transactions, the process is very similar to our Bitcoin API.The Transaction Hash Endpoint returns detailed information about a given transaction based on its hash.TXHASH is a string representing the hex-encoded transaction hash you’re interested in querying, for example: The returned object contains detailed information about the transaction, including the value transfered, fees collected, date received, any scripts associated with an output, and more.The Unconfirmed Transactions Endpoint returns an array of the latest transactions that haven’t been included in any blocks.The returned object is an array of transactions that haven’t been included in blocks, arranged in reverse chronological order (latest is first, then older transactions follow).Using BlockCypher’s API, you can push transactions to Ethereum in one of two ways: In either case, for security reasons, we never take possession of your private keys.

To use BlockCypher’s two-endpoint transaction creation tool, first you need to provide the input address, output address, and value to transfer (in wei).Provide this in a partially-filled out TX request object.As you can see from the code example, you only need to provide a single public address within the addresses array of both the input and output of your TX request object.You also need to fill in the value with the amount you’d like to transfer from one address to another.Note that we only accept a single input and output address per Ethereum’s transaction model, and tosign only returns a single element in its array; we use arrays for parity with our Bitcoin API.As a return object, you’ll receive a TXSkeleton containing a slightly-more complete TX alongside data you need to sign in the tosign array.You’ll need this object for the next steps of the transaction creation process.With your TXSkeleton returned from the New Transaction Endpoint, you now need to use your private key to sign the data provided in the tosign array.

Digital signing can be a difficult process, and is where the majority of issues arise when dealing with cryptocurrency transactions.Ethereum uses the same elliptic curve as Bitcoin (secp256k1), so any Bitcoin signing library that fits with your workflow should suffice.If you want to experiment with client-side signing, consider using our signer tool.Once you’ve finished signing the tosign data locally, put that (hex-encoded) data into the signatures array of the TXSkeleton.Unlike Bitcoin, you don’t need to include the signing accounts public key, as on Ethereum this is derived using the tosign data and signature data.But you must include the tosign data in addition to the signatures array for that derivation to work.If the transaction was successful, you’ll receive a TXSkeleton with the completed TX (which contains its final hash) and an HTTP Status Code 201.We also offer the ability to decode raw transactions without sending propagating them to the network; perhaps you want to double-check another client library or confirm that another service is sending proper transactions.

$TXHEX is a hex-encoded raw representation of your transaction, for example: If it succeeds, you’ll receive your decoded TX object.If you’d prefer to use your own transaction library instead of the recommended path of our two-endpoint transaction generation we’re still happy to help you propagate your raw transactions.Simply send your raw hex-encoded transaction to this endpoint and we’ll leverage our well-connected network to propagate your transaction faster than anywhere else.$TXHEX is a hex-encoded raw representation of your transaction, for example: If it succeeds, you’ll receive a decoded TX object and an HTTP Status Code 201.You can then use the hash to track its progress on the network.Compared to other blockchains, contracts lie at the heart of Ethereum’s unique value proposition.Contracts can be expressively programmed in languages like Solidity; if you’re not familiar with Ethereum’s contract language you should definitely start there.We offer a number of API endpoints that significantly simplify contract creation and method calling.

Via the methods below, you can embed new contracts into the Ethereum blockchain, check their code and ABI, and initiate contract methods and execution.Essentially, we provide a JSON/HTTP binding for your Ethereum contracts.With great power comes great responsibility; in other words, it’s easier to shoot yourself in the foot with Ethereum.Don’t The DAO it.Follow best security and safety practices when coding your smart contracts.The Create Contract Endpoint allows you to submit your solidity code and params to check raw serialized binary compilation and ABI.It’s an easy to validate your contract compiles before pushing it to the Ethereum blockchain.If you include a private key (associated with a funded Ethereum external account), gas_limit, and contract(s) to publish, BlockCypher will embed the contract into the blockchain and return the transaction hash that created the contract and the contract address.Find both of those properties under the returned contract object as address and creation_tx_hash.

The params property lets you provide arguments to the contract constructor.If your contract has no constructor or the constructor takes no arguments, this property can be omitted.You can optionally include value in wei to transfer to the contract on creation.Note that for now both the contract solidity source and the ABI are made publicly available for anyone with the contract hash.We will support making the source private to your token in the future.However note that all contracts on the public Ethereum blockchain can be seen in binary form and it’s only a matter of time before good decompilers surface.ADDRESS is a string representing the contract address you’re interested in querying, for example: The returned object contains information about the contract; if you deployed the contract with BlockCypher, it will return solidity and abi as well.The Call Contract Method endpoint makes every method in your contracts callable simply via an HTTP request.It’s a binding that translates a published contract into a set of endpoints (one for each method) and a provided JSON array into a set of arguments to invoke a given method.

To call a method on a given contract, you must include a private key associated with a funded external account and a specified gas_limit in your request object.params are optionally accepted if the contract method allows them.Make sure the JSON types your provide match your contract signature (string, number, etc.).You can optionally include value in wei to transfer to this contract method.The Call Contract endpoint will check the contract ABI to determine whether the method has been declared “constant”.If so, no transaction will be created and no gas will be consumed.The method is just called locally on our servers and won’t be registered on the blockchain.Otherwise, we will build the call transaction to invoke the method on the Ethereum blockchain and propagate it on the network.Keep in mind that in that case, you will need to wait for the call transaction to be included in a block to see its effects.ADDRESS is a string representing the contract address you’re interested in querying, for example: METHOD is a string representing a declared method from the above contract; in the above example, the options are: Ethereum is a highly transactional system.

Many usage patterns require knowing when an event occurs: i.e., when a transaction is included into a block, when an address is updated, etc. Instead of requiring you to continuously poll resources, we provide push APIs to facilitate those use cases, and support WebHooks for that express purpose.We support a number of different event types, and you can filter your notification requests depending on how you structure your Event request object.For WebHooks, the JSON Event should be sent using a POST request to the “create webhook endpoint” and include a url property to denote where payloads should be delivered.The TX or Block associated with the Event will be POSTed to the provided url.The POSTed payload will also include X-EventType and X-EventId metadata in the HTTP header specifying the event type and id of the WebHook which triggered the payload.We retry individual payloads to your url five times; if one fails, we wait exponentially between retries: 1 second, 2s, 4s, 8s, 16s.In order to protect against stale callback urls, your Event will be deleted if it reaches 50 aggregate callback_errors from failed payloads.