📜 [專欄新文章] Scaling Ethereum 參賽心得

✍️ Johnson

📥 歡迎投稿： https://medium.com/taipei-ethereum-meetup #徵技術分享文 #使用心得 #教學文 #medium

Scaling Ethereum 是一場由 ETHGlobal 所舉辦的線上黑客松，也是我第一次參加與以太坊有關的黑客松活動，這篇文章就來分享一人參賽的過程與心得。

源起

一開始是在 telegram 群組中得知這場比賽的消息，因緣際會之下剛好有人想組隊參賽，於是就在報名截止的前一天一起跟著報名了。

報名的方式除了填一些基本資料外，最特別的是還要 stack 以太幣，也就是要傳送 0.01 顆以太幣給主辦方，規則是必須在比賽的最後，有提交作品的人才能贖回 0.01 顆以太幣，之後看到 meme 頻道有人留言：

When your project is incomplete but you submit to get back stake.

一方面，這確實也會激勵你好好把比賽完成，就算沒做完也要有些成果上去，這也是主辦方秉持的精神，他們認為大家來黑客松相互學習成長，競賽獎金則是其次。

獎金

比賽方式是由 25 個左右的贊助者（sponsor）分別提供獎金，每個 sponsor 都有錄製一段影片，說明怎麼獲得他們的獎金，大部分會要你使用他們開發的工具，或者必須跟 sponsor 在做的研究有關，去實作出創新的作品。可參考：Prizes — Scaling Ethereum

你的專案可以選擇要投入哪個 sponsor 的獎金，一個專案可以投入多個 sponsor 底下，這樣獲獎機會也會比較高。

我選擇的 sponsor 是 zkSync，他們的說明如下：

zkSync is a user-centric zkRollup developed by Matter Labs. It uses zero-knowledge proofs to keep data availability on mainnet to achieve exponentially lower transaction costs. You may have seen us powering projects such as payments and Gitcoin Grants. We are currently rapidly developing zkSync 2.0, which will feature EVM-compatibility in testnet May 2021, soon followed by zkPorter, our new exponential scalability solution.

PrizeszkSync will be awarding their Prizes as follows:
- 1 winner — 4,000 USDC
- 2 winners — 2,000 USDC
- 4 winners — 500 USDC

We encourage builders to utilize zkSync SDK’s, implemented in JavaScript/Typescript and Rust. Prizes will be awarded to projects that make it simpler and easier for non-technical users to use zkSync, other ideas include integrations of current tools such as in Gitcoin Grants and tools for easy mass payments and multi-sigs.

社群互動

這個 hackathon 很棒的地方是他把使用者體驗做的很好。每個人都會有自己的 dashboard 顯示目前專案的進度和一些訊息。

Check-In #1 和 Check-In #2 的階段會要你提供專案的構想，你隨時都可以修改。主辦方會看你提交的資訊，幫助你找到適合的 sponsor，或是給你一些建議，就算是一人參賽也能感受到回饋。

整個賽程期間，社群都是使用 discord 在互動，discord 裡頭有很多頻道，像是基本的大會報告的頻道，或是一些不重要的迷因、閒聊頻道都有。

每個 sponsor 也都有自己的頻道，我就會在 sponsor-zksync 的頻道詢問技術的問題，例如我想問問 zkSync 一些關於專案構想的意見：

Hi there, I want to build a gas fee relayer which make my ERC-20 token transfer without transaction fee, to be more precise, delegating gas payment by another party. I think this is done by GSN https://opengsn.org/ , but maybe it could built on L2 with zkSync? I’m not sure, could somebody give me some advice about this topic?

zkSync 團隊的人回應我：

This is an amazing idea! This can totally be built, as we support batching transactions which can be used for all kinds of creative things such as paying for transaction fees in an erc-20 token. Your idea seems like a combination of that and the gitcoin grants integration. To get started, I suggest you watch the short 10 minute presentation I made on using the SDK and batching. Looking forward to your project!!

在 Check-In #2 的時候，我提交新版的專案構想，有一個欄位是問：「目前專案遇到什麼阻礙？」我的問題應該是被主辦方貼給 zkSync 的團隊，於是 zkSync 的團隊成員就用 discord 私訊我，貼了一些程式碼教我怎麼使用他們的 Javascript SDK，這突如其來的救援也幫了大忙。

除此之外，主辦方每個禮拜都會寄 email 通知一些重要的活動，賽程期間舉辦了四個 Summits 研討會，邀請世界各地有名的以太坊開發者分享議題，主辦方還有一個自己的 TV 網頁，直播所有的線上活動。這些活動都有錄影，可以在 youtube 看到過去所有的演講內容：https://www.youtube.com/c/ETHGlobal/videos

因為我的作品是使用 zkSync 的 Javascript SDK 製作的，好像也只能投稿 zkSync 作為獎金的 sponsor，不過主辦方在最後一個禮拜，也寄 email 告訴我說可以多投稿不同的 sponsors 看看，他依據我的專案構想給我一些適合的 sponsors 作為參考。

不過最後我還是只投稿了 zkSync，有點懶著再看其他 sponsors 的文件，也覺得其他 sponsors 的題目需要花比較大的功夫才能完成，一個人能力有限，就做點簡單的東西就好。

關於我的專案 — Gas Relay Service

在以太坊的世界，每一筆交易都需要額外付一筆交易費，也就是以太坊的 gas fee。

我的專案是讓「收款人」能夠幫「付款人」支付以太坊的手續費。

在黑客松之前，我就想研究「第三方支付手續費」的議題，因此我大部分時間其實都在研究一般的 meta-transactions 是怎麼實作的，有興趣的人可以看看 simple meta-transactions 的原始碼：https://github.com/chnejohnson/simple-meta-transaction

之後我才開始玩 zkSync 的 SDK，並研究怎麼在 Layer 2 實現第三方支付手續費的問題，以下就附上作品連結以及簡單的專案介紹給有興趣的人參考：https://showcase.ethglobal.co/scaling/gas-relay-service-on-zksync

The target is that token sender can choose to find another account to pay for fee. The another account can be (1) the token receiver’s account, (2) sender’s another account, (3) third party’s account.

In this project, I finished the demo, which is the (1) above, that receiver pay gas fee for the sender.

有趣的是，我在研究 meta-transactions 時學到很多智能合約的寫法，結果在最後專案上都沒用到（沒寫到合約的程式），zkSync Javascript SDK 其實很簡單，他們的文件寫得很清楚。最後 Demo 還是用 zkSync 團隊的成品修改來的…XD。

所幸在沒有懂太多技術的前提下完成了這場黑客松的專案，成功贖回了 0.01 顆以太幣。

評審與決選

整個賽程來到最後一個禮拜，主辦方安排兩天的時間進行 Judges，使用 zoom 進行線上研討會，一個人基本上是 7 分鐘，前 4 分鐘播放 Demo 簡報，後三分鐘會有評審問問題。

第一個問題是說：「Demo 中你是使用 zkSync 的錢包網頁去操作，那實際上你做得部分是什麼？」

我就回答我在他們的網頁上加了一顆按鈕，使用他們的 SDK 做出 gas relay 的功能，還有一個後端的 server 去作 relay。

第二個問題大概是問：「什麼樣的情境下會需要由 receiver 幫 sender 支付 gas fee？」

我的回答是，在一般超商購物的情境，消費者通常只支付商品的價格，不會支付額外的交易費，我認為以太坊的手續費應該屬於軟體的營運成本，由賣方支付比較適合。那如果賣方希望手續費的成本是由消費者承擔，可以直接調高商品的價格。

當然，我英文講得零零落落，希望評審有聽懂就是了…

最後一場直播就是 Finale 決選，主辦方選出十二個隊伍，公開再 Demo 一次，以及提供線上觀眾詢問問題，至此整個賽程就差不多進入尾聲。

決選後的不久，主辦方就公布了這次有獲得獎金的隊伍，幸運拿到了 zkSync 頒發的小獎～

zkSync — Matter Labs

- Zeneth — 2000 USDC
- ZeroSwap — 1500 USDC
- Kangaroo — 500 USDC
- Gas Relay Service — 500 USDC

後記

這次的參賽隊伍中，Zeneth 跟我的主題非常相似：
Zeneth — Use Flashbots to enable arbitrary meta-transactions so EOAs can enter L2s without ETH

另一個我覺得有趣的專案是 Alexandria：
Alexandria — A dApp using STARKs to verify aspects of your identity without revealing more than you should

沒想到主辦方 ETHGlobal 下個月又要再舉辦一場黑客松，有興趣的人可以看看：https://defi.ethglobal.co/ ，這次的主題是 De-Fi。

最後，只要有到 ETHGlobal 的 TV 網頁參加 Summit 研討會的直播，就能夠獲得 POAP 勳章，它就是一個酷東西～😋

POAP: Proof of Attendance Protocol

Scaling Ethereum 參賽心得 was originally published in Taipei Ethereum Meetup on Medium, where people are continuing the conversation by highlighting and responding to this story.

👏 歡迎轉載分享鼓掌

📜 [專欄新文章] EIP2929, EIP2930 簡介
✍️ Anton Cheng
📥 歡迎投稿： https://medium.com/taipei-ethereum-meetup #徵技術分享文 #使用心得 #教學文 #medium

Opcode 加油Proposal，會不會讓以太坊變更貴呢

昨天在同事的推薦下發現了這個YouTube系列：Peep an EIP，也聽了Vitalik和Martin介紹EIP2929 + 2930的這一期。這兩個EIP都已經被列入下一次的硬分岔(Berlin Hardfork)，所以我就來寫個學習筆記。先打個預防針，本人對EVM可以說是非常不熟，但也希望藉著這個機會逼自己學習，如果有錯誤的話也希望懂的更多的各路大神可以不吝賜教。

Berlin without hardfork. (By Claudio Schwarz on Unsplash)

EIP2929: Gas cost increases for state access opcodes

乍看之下這是一個極為恐怖的Proposal。在Gas已經高到爆炸的2021年，理論上不應該再通過這種「加油」類的方案。不過不用緊張，其實這個EIP真正改變的是第一次access的價格，如果一筆交易內要執行一樣Opcode動作輛次，那麼gas cost 將降低為100。

Increases gas cost for SLOAD, *CALL, BALANCE, EXT* and SELFEDESTRUCT when used for the first time in a transaction.

大家都知道，合約最終會被Compile成一堆Opcode，這些Opcode也是用來計算最終交易手續費的依據：理論上越是花時間的的Opcode，應該要收越高的手續費。

但是一直以來，state access opcode 太便宜都是一個已知的問題：在2016年的上海DOS攻擊中，其中幾個攻擊的手法就是透過惡意交易大量讀取帳戶資訊、大量的創造合約再銷毀，或是不斷用 EXTCODESIZE 來讀合約大小等等，讓Client必須花大量的IO資源處理交易(需要讀寫disk的動作特別慢)，最終使Client程式Crash或是延長出塊時間。儘管大部分的弱點已經透過EIP150中大量提升gas cost獲得改善（還有其後的EIP1884），但在EIP2929中，也引用的這篇Paper的數據：現在replay所有以太坊上的交易，當時那些惡意交易中的worst case還會需要~80秒才能完成。這跟以太坊所定義的13秒出塊時間有著很大的差距，也代表這個潛在的攻擊是可行的。

透過增加這些opcode所需要的gas cost，可以降低每個區塊最大可能的讀取數。以下是偷抄Vitalik PPT 的數據：(12,500,000 為gas limit上限)

Pre-EIP 2929:

BALANCE spam: 12,500,000 / (400 cost + 320 address size + 50 boilerplate) = 16,233 accesses per block

CALL spam: 12,500,000 / (700 + 320 + 50) = 11,682 accesses per block

SLOAD spam: 12,500,000 gas / (800 + 25 boilerplate) = 15,151 accesses per block (but of a smaller tree)

Post-EIP 2929:

BALANCE spam: 12,500,000 / (2,600 + 320 + 50) = 4,280 accesses per block

CALL spam: 12,500,000 / (2,600 + 320 + 50) = 4,280 accesses per block

SLOAD spam: 12,500,000 / (2,100 + 25) = 5,882 accesses per block

說實在的這個數據的解釋也很廢話，就是把Opcode變得用貴，能Spam的數量越少。平均來說Gas cost 變高3倍，所以之前worst case的80秒執行時間可以被下降到大概 ~27秒。

SSTORE changes

在實作層，EVM會維繫一個本筆交易讀取過所有交易的 Set。每次有尚未讀取過的slot時，就會先收取一筆 CLOD_SLOAD_COST (2100) ，然後把這個slot加入這個set中，下次讀寫就會比較便宜。

對於已經讀取過的Slot，再次寫入的Opcode SSTORE 之gas cost為會降低為

5000 — COLD_SLOAD_COST (2100) = 2900

簡單的說，單純只操作一次 SSTORE 的總gas 會維持一樣在 5000 。但如果這個slot是之前有讀過的，則寫入的gas cost就會降低。近一步來說，一個 x += 100 ，其實會變得更便宜:

Pre-EIP-2929: 800 SLOAD + 5000 SSTORE = 5800
Post-EIP-2929: 2100 SLOAD + 2900 warm SSTORE = 5000

其他Side effects

這個改動除了降低了最高能夠spam的次數以外，也降低了以太坊想要做到stateless client，理論上最大的witness 大小。其實這裡的原理跟前面很類似，下圖的表格比較的是目前使用hexary tree所需要的witness大小：若12.5M的區塊全部塞滿該Opcode的witness，理論上最大會佔多少空間。在EIP2929之後由於gas cost增加，就壓縮了最大可能的witness size.

這裡單純只比較增加gas cost後，對於max witness size的影響。影片中有提到其他許多方法旨在減少Witness bytes，包括使用binary tree而不是hexary tree，以及用Code Merklization等等。這些其他方法也能夠降低最後的Max Witness size，但跟這個EIP沒有直接相關。不過可以注意的一點是，這些其他在witness size上面的優化跟 gas cost 所帶來的優化的效果是可以相乘的，例如 SLOAD，更改gas price已經能夠讓max size 縮小2.6倍，若是改用Binary tree可以將 Witness bytes降低到 288 bytes，就會是再3~倍的優化。

對用戶的影響

依照Martin Swende 給出的數據，這個EIP對於一般交易的影響僅有提高0.3~0.4%。理由很簡單，雖然第一次access storage變貴了，但是後面幾次讀寫就會變得便宜。大部分應用的程式邏輯都是類似的幾個變數進行讀寫，因此可能有不少的動作反而會變得更便宜。一個最簡單的例子就是ERC20 Transfer，兩個餘額的 +=和 -= 都會變便宜，所以總共的花費也是變便宜的。

這其中也會對於Solidity的開發pattern有著一定程度的影響，我目前想到的影響可能有兩個：

由於多次的storage access變便宜，永遠cache state variables不再是一個最佳策略。以前我們會盡量想辦法減少寫入state storage的次數，現在可能會基於coding style考量減少一些的memory cache。

之前寫合約都會盡量避免external call，甚至會寫一些一次把所有 variable都回傳回來的笨函示，來避免多次的external calls。這有一部分原因是因為每次external call都會需要使用到 EXTCODESIZE 這個Opcode所以很貴。但如果 EXT 系列的Opcode也變得越call越便宜，那麼這個一次全部call 回來cache 住的pattern也可能改變。

以上兩個想法都還沒有經過實證，如果之後看到更有證據的分析的話，也會來這裡分享。

EIP2930: Optional access lists

EIP2929可能會影響一些鏈上的合約，因為有些合約有hardcode external call的gas 上限。對於這方面的問題，EIP2930提出一個新的交易類型，讓交易中多帶一個access list，即所有這筆交易即將讀寫的storage slot，並且先幫忙付掉第一次讀寫的gas，而真正交易讀寫該storage時，只會被要求付100 gas。

這不但可以避免這次EIP2929帶來的副作用，也可以被使用在其他因為gas price 改變的硬分岔升級而壞掉的合約，例如在EIP1184 增加 SLOAD gas price 時影響到的 Aragon 和Kyber 等等。儘管當時升級前各大專案都有幫助用戶提出migration 方案，但如果有人曾經卡錢在裡面，也可以Follow一下這次柏林Hardfork。

小結

新的一年就用一篇簡單的文章來開頭。最近發現自己以前的學習習慣有點亂無章法，所以新年整理了reading list，逼自己做筆記，順便發想一些想要寫的主題。今年的期許就是學更多Ethereum底層一點的知識，當然還有上層一點Defi的知識。也歡迎大家分享一下自己都是怎麼follow這麼多東西的><

EIP2929, EIP2930 簡介 was originally published in Taipei Ethereum Meetup on Medium, where people are continuing the conversation by highlighting and responding to this story.

👏 歡迎轉載分享鼓掌

Breaking‼️

美東時間1月5日傍晚，川普以國家安全為由，用行政命令方式禁止阿里支付寶、微信支付、QQ錢包在內的8款中國應用程式（App)。

行政命令發佈後45天，禁止任何人與實體與這8款中國應用程式（App）進行交易。

按照日程，美國下任政府將在15天後，1月20日上任。

—

美國商務部長在同一時間發聲明表示，已指示商務部按行政命令執行禁令，「支持川普總統保護美國人民隱私與安全，免於受到中國共產黨的威脅。」

—

▫️8款App:

支付寶（Alipay）、掃描全能王(CamScanner)、QQ錢包（QQ Wallet）、茄子快傳（SHAREit）、騰訊QQ（Tencent QQ）、阿里巴巴旗下海外短視頻應用VMate、微信支付（WeChat Pay）和辦公型App WPS Office。

圖三：美國商務部聲明

圖四：美國國安顧問聲明
—

▫️白宮行政命令全文：

The White House
Office of the Press Secretary
FOR IMMEDIATE RELEASE
January 5, 2021
EXECUTIVE ORDER



- - - - - - -



ADDRESSING THE THREAT POSED BY APPLICATIONS AND OTHER SOFTWARE DEVELOPED OR CONTROLLED BY CHINESE COMPANIES



By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), and section 301 of title 3, United States Code,

I, DONALD J. TRUMP, President of the United States of America, find that additional steps must be taken to deal with the national emergency with respect to the information and communications technology and services supply chain declared in Executive Order 13873 of May 15, 2019 (Securing the Information and Communications Technology and Services Supply Chain). Specifically, the pace and pervasiveness of the spread in the United States of certain connected mobile and desktop applications and other software developed or controlled by persons in the People's Republic of China, to include Hong Kong and Macau (China), continue to threaten the national security, foreign policy, and economy of the United States. At this time, action must be taken to address the threat posed by these Chinese connected software applications.

By accessing personal electronic devices such as smartphones, tablets, and computers, Chinese connected software applications can access and capture vast swaths of information from users, including sensitive personally identifiable information and private information. This data collection threatens to provide the Government of the People's Republic of China (PRC) and the Chinese Communist Party (CCP) with access to Americans' personal and proprietary information -- which would permit China to track the locations of Federal employees and contractors, and build dossiers of personal information.

The continuing activity of the PRC and the CCP to steal or otherwise obtain United States persons' data makes clear that there is an intent to use bulk data collection to advance China's economic and national security agenda. For example, the 2014 cyber intrusions of the Office of Personnel Management of security clearance records of more than 21 million people were orchestrated by Chinese agents. In 2015, a Chinese hacking group breached the United States health insurance company Anthem, affecting more than 78 million Americans. And the Department of Justice indicted members of the Chinese military for the 2017 Equifax cyber intrusion that compromised the personal information of almost half of all Americans.

In light of these risks, many executive departments and agencies (agencies) have prohibited the use of Chinese connected software applications and other dangerous software on Federal Government computers and mobile phones. These prohibitions, however, are not enough given the nature of the threat from Chinese connected software applications. In fact, the Government of India has banned the use of more than 200 Chinese connected software applications throughout the country; in a statement, India's Ministry of Electronics and Information Technology asserted that the applications were "stealing and surreptitiously transmitting users' data in an unauthorized manner to servers which have locations outside India."

The United States has assessed that a number of Chinese connected software applications automatically capture vast swaths of information from millions of users in the United States, including sensitive personally identifiable information and private information, which would allow the PRC and CCP access to Americans' personal and proprietary information.

The United States must take aggressive action against those who develop or control Chinese connected software applications to protect our national security.

Accordingly, I hereby order:

Section 1. (a) The following actions shall be prohibited beginning 45 days after the date of this order, to the extent permitted under applicable law: any transaction by any person, or with respect to any property, subject to the jurisdiction of the United States, with persons that develop or control the following Chinese connected software applications, or with their subsidiaries, as those transactions and persons are identified by the Secretary of Commerce (Secretary) under subsection (e) of this section: Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office.

(b) The Secretary is directed to continue to evaluate Chinese connected software applications that may pose an unacceptable risk to the national security, foreign policy, or economy of the United States, and to take appropriate action in accordance with Executive Order 13873.

(c) Not later than 45 days after the date of this order, the Secretary, in consultation with the Attorney General and the Director of National Intelligence, shall provide a report to the Assistant to the President for National Security Affairs with recommendations to prevent the sale or transfer of United States user data to, or access of such data by, foreign adversaries, including through the establishment of regulations and policies to identify, control, and license the export of such data.

(d) The prohibitions in subsection (a) of this section apply except to the extent provided by statutes, or in regulations, orders, directives, or licenses that may be issued pursuant to this order, and notwithstanding any contract entered into or any license or permit granted before the date of this order.

(e) Not earlier than 45 days after the date of this order, the Secretary shall identify the transactions and persons that develop or control the Chinese connected software applications subject to subsection (a) of this section.

Sec. 2. (a) Any transaction by a United States person or within the United States that evades or avoids, has the purpose of evading or avoiding, causes a violation of, or attempts to violate the prohibition set forth in this order is prohibited.

(b) Any conspiracy formed to violate any of the prohibitions set forth in this order is prohibited.

Sec. 3. For the purposes of this order:

(a) the term "connected software application" means software, a software program, or group of software programs, designed to be used by an end user on an end-point computing device and designed to collect, process, or transmit data via the Internet as an integral part of its functionality.

(b) the term "entity" means a government or instrumentality of such government, partnership, association, trust, joint venture, corporation, group, subgroup, or other organization, including an international organization;

(c) the term "person" means an individual or entity;

(d) the term "personally identifiable information" (PII) is information that, when used alone or with other relevant data, can identify an individual. PII may contain direct identifiers (e.g., passport information) that can identify a person uniquely, or quasi-identifiers (e.g., race) that can be combined with other quasi-identifiers (e.g., date of birth) to successfully recognize an individual.

(e) the term "United States person" means any United States citizen, permanent resident alien, entity organized under the laws of the United States or any jurisdiction within the United States (including foreign branches), or any person in the United States.

Sec. 4. (a) The Secretary, in consultation with the Secretary of the Treasury and the Attorney General, is hereby authorized to take such actions, including adopting rules and regulations, and to employ all powers granted to me by IEEPA, as may be necessary to implement this order. All agencies shall take all appropriate measures within their authority to implement this order.

(b) The heads of agencies shall provide, in their discretion and to the extent permitted by law, such resources, information, and assistance to the Department of Commerce as required to implement this order, including the assignment of staff to the Department of Commerce to perform the duties described in this order.

Sec. 5. Severability. If any provision of this order, or the application of any provision to any person or circumstance, is held to be invalid, the remainder of this order and the application of its other provisions to any other persons or circumstances shall not be affected thereby.

Sec. 6. General Provisions. (a) Nothing in this order shall be construed to impair or otherwise affect:

(i) the authority granted by law to an executive department, agency, or the head thereof; or

(ii) the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.

(b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.

(c) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.



DONALD J. TRUMP



THE WHITE HOUSE,

January 5, 2021.