By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
Decentralization and trust‑less systems are the backbone of Web3: they let participants exchange value, vote, or run code without needing a central authority or “middle‑man.” By moving logic onto the blockchain (the EVM) and using cryptographic guarantees, anyone can verify that the rules were followed. Real‑world example: a user swaps ETH for DAI on Uniswap – the trade is executed by a smart contract that enforces the AMM formula, and no exchange operator can intervene or steal the funds.
solidity // Minimal DAO proposal execution function execute(uint256 proposalId) external { require(proposals[proposalId].passed, "not passed"); (bool ok,) = proposals[proposalId].target.call{value:0}(proposals[proposalId].data); require(ok, "execution failed"); }
solidity // ❌ vulnerable function withdraw() external { uint256 bal = balances[msg.sender]; (bool ok,) = msg.sender.call{value: bal}(""); require(ok); balances[msg.sender] = 0; } // ✅ fixed with Checks‑Effects‑Interactions
solidity balances[msg.sender] = 0; // effect (bool ok,) = msg.sender.call{value: bal}(""); // interaction require(ok);
k
solidity uint256 amountOut = (reserveOut * amountIn * 997) / (reserveIn * 1000 + amountIn * 997);
solidity // facet selector → implementation mapping stored in a central Diamond
msg.sender
solidity (bool ok,) = libraryAddress.delegatecall(abi.encodeWithSignature("setX(uint256)", 42));
Tx.origin vs. msg.sender: tx.origin is the original external account that started the transaction; msg.sender is the immediate caller. Using tx.origin for auth is unsafe because a malicious contract can forward calls.
tx.origin
Optimistic Rollup: Batches transactions off‑chain, assumes they’re valid, and posts a fraud proof window (e.g., Optimism).
ZK‑Rollup: Posts a succinct zero‑knowledge proof that the batch is correct (e.g., zkSync).
ERC‑20 vs. ERC‑777: ERC‑777 adds hooks (tokensReceived) and allows operators, but is backward‑compatible with ERC‑20.
tokensReceived
Gas‑Refund (SSTORE2): Storing data in a separate contract and reading via extcodecopy can be cheaper than many SSTORE writes.
extcodecopy
SSTORE
TrustlessSwap.sol
npx hardhat compile
test/Swap.test.js
bash npx hardhat run scripts/deploy.js --network goerli
npx hardhat etherscan-verify --network goerli <contract-address>
ethers.js
js const contract = new ethers.Contract(address, abi, signer); await contract.swapExactETHForTokens(…);
npx hardhat run scripts/upgrade.js …
Mistake: Using tx.origin for access control. Correction: Always check msg.sender; tx.origin can be spoofed through a malicious contract, breaking the trustless guarantee.
Mistake: Forgetting to set the receive()/fallback() function payable when the contract should accept ETH. Correction: Add receive() external payable {}; otherwise the transaction reverts and users lose gas.
receive()
fallback()
receive() external payable {}
Mistake: Deploying a contract with the default Solidity optimizer disabled. Correction: Enable optimizer: { enabled: true, runs: 200 } in hardhat.config.js to cut gas by 10‑30 %.
optimizer: { enabled: true, runs: 200 }
hardhat.config.js
Mistake: Hard‑coding addresses (e.g., Uniswap router) for mainnet while testing on Goerli. Correction: Use a network‑aware config file (addresses[network.name]) to avoid “address not found” errors.
addresses[network.name]
Mistake: Ignoring the “unchecked” overflow in Solidity 0.8+ when deliberately using it for gas savings. Correction: Wrap the arithmetic in unchecked { … } only after confirming the values can’t overflow; otherwise you expose a classic bug.
unchecked { … }
delegatecall
tokensToSend
initialize()
Scenario: A contract uses tx.origin == owner to restrict withdrawals. Answer: Dangerous – a phishing contract can call the vulnerable contract on behalf of the owner, and tx.origin will still be the owner’s address, allowing theft.
tx.origin == owner
Scenario: You see a function that writes to a storage slot, then immediately calls an external contract. Answer: Likely a reentrancy risk; the correct order is effects first, interactions later (CEI pattern).
Scenario: A DeFi protocol advertises “zero‑fee swaps” but charges a hidden 0.3 % on the token’s transfer. Answer: That’s a transfer tax (ERC‑20 extension) – the protocol must account for it in the AMM formula, otherwise users receive less than expected.
transfer
uint128
unchecked {}
runs: 200
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.