Serverless Coinflip Dapp Deployed on Test Net

Hello, interwebs,

I must apologize for failing to deliver my follow-up blog post regarding smart contracts and smart contract security. Things are heating up around here; I have been a little more than preoccupied with an upcoming web 3 project we're working on; it's more like possessed. I manage to squeeze a vanity project out on the side, which I like to do whenever I've been working on one thing for a bit too long. It helps me get the kinks into focus and then come back and take the hill. Last night, I quickly built and deployed a Casino Style DApp to the Ropsten test net, which is currently live now. Oh, and don't worry, I will be back with part II of our smart contract security post.

50/50 Coin Flip is a serverless Decentralized Application running on top of the Ethereum Network, built using web3.js and Morlas.io. This casino-style DApp allows users to place a bet to double their money with 50/50 odds. The smart contract was written with a best-of-practice CHECK-EFFECTS-INTERACTIONS pattern to minimize potential exploitations. The contract will not accept a bet unless there are enough funds within the contract to cover it. The smart contract was re-written to operate with the current solidity pragma. With powerful tools like Moralis, it was no problem getting this Dapp up and running in minimal time. Complete with powerful features that allow the developer to get user's historical transactions and aggregate data to display helpful information like leader boards, win stats, and any other valuable details Dapp users may find relevant. This project was completed for fun and deployed to the ropsten test net, and no further development will be committed to this MVP. Using Moralis, it was easy to implement decentralized trading features via the 1inch protocol. This functionality is only possible on the mainnet, and the function has been left in as a placeholder to illustrate the capabilities of building serverless Decentralized Applications.

You can check out the Dapp here.

You can view the verified smart contract here

You can check out the Dapp here.

You can view the verified smart contract here

Aavegotchi Raider! The Liquidators Revenge

Hi, my name is Mikal Muhammad from Lynne House Publishing. I want to demonstrate my entry for the 2021 Aavegotchi Game Jam; The Aavegotchi Raiders! The Liquidators revenge. To compete in this Hack-A-thon, developers were assigned two main task and a bonus. We had four days to build a game that would use web 3 to fetch and play with as an Aavegotchi essentially bring an NFT Defi asset into your game; also, we were to build the game in a web-based framework with seamless web3 integration. For that, we choose the Phaser library and game engine. Our game is from the vantage point of the Aavegotchi verse antagonist, The Liquidators, who have aligned with the pirates of the Phaser Nation to help pillage the assets of the Aaveegotchi running through the world, stealing Ghost tokens helping to defeat the Aavegotchi Souls once and for all. We used Moralis for seamless web3 integration with metamask or coinbase wallets. We plan to add wallet connect functionality Moralis makes it simple with two or three lines of code. We implemented more Moralis features, from historical data for all the users' raids, creating leader boards, the ability for users to fetch NFTs across chain, and creating checks on UI elements only available to log-in users. With Moralis powering our serverless dapp we could secure our game and implement real-time communication between clients to enable multiplayer capabilities. Moralis also allowed us to allow the user to send ethereum to other top raiders and the developers transparently. We added sounds from the Aavegotchi world to the UI, and players can also use wearables throughout the game. Please take a look at our submission demo and play the demo of Aavegotchi Raiders! Here.

link to submission video Here.

Aavegotchi Raider! The Liquadtors Revenge. Sub Demo

Smart Contracts & Security Part 1

In light of the recent most significant monetary attack in crypto history, now known as the Poly Hack, it seemed Smart Contract security would be an ideal subject matter to begin our blog discussions. Smart Contracts handle funds, which inherently makes it mission-critical software,  and small mistakes can have an extremely high cost of failure. Interestingly the Ethereum Foundation responded to these threats with not so decentralized solutions for developing these contracts. Some of these techniques impose no danger to the natural state of Decentralized Finance. Require and Assert function, used for validation,  contract design choices like push vs. pull dictates how our contract sends funds to an agent interacting with it, to the best of practice CHECKS-EFFECTS-INTERACTIONS design pattern.  A self-destruct function makes calls to the contract null and sends all funds to a pre-allocated address—proxy contracts that enable upgradability, Pausable contracts that allow for the freezing of functions within the contract.  However, there are legitimate reasons for implementing the later mentioned solutions, none the less they remove varying degrees of decentralization. To understand the history of Ethereum, we must realize the DAO hack of 2016. The DAO Hack may not have been the largest, but it was the first, possibly making it the most crucial hack in the history of our space. April 30, 2016, a Decentralized Autonomous Organization developed by Slock.it, known by the acronym DAO was the first of its kind to launch. The DAO raised over 150 million dollars worth of Ethereum, then hacked on June 16, 2020. The agent(s) performed a reentrancy attack; meaning, the agent(s) could remove funds that did not belong to them.  With a cost of failure to the tune of 80 million dollars, it would also splinter the Ethereum community.

                                               What Was The DAO The DAO was a project that brought this idea of a Decentralized Autonomous Organization to life. The entire premise of the DAO was to make a collection of smart contracts (essentially a DApp) that would act as a virtual organization. The idea being that this DApp would have tokens, and token holders could vote on, and suggest proposals, essentially allowing governance of this virtual entity.   By voting, token holders could govern, and the more tokens of the entity that a user has, the more influential they are.  Today this idea is done routinely from project to project but keep in mind Ethereum was started in 2015, and in 2016 this was revolutionary. However, another essential thing to note is that in 2016 there was no KYC (Know Your Customer), so every token holder of the DAO was holding securities, but that's for another discussion.

                                               The Exploit In a DAO, you have this democratic notion of voting, and the problem with democracy is that it's not always fair. This lack of fairness comes from the fact that it may be the case that there is a majority overruling a minority within the DAO. Dictatorship by the majority is also a problem for standard corporations, which have developed protections for this called appraisal rights. The DAO had similar mechanisms for protecting the minority. For example, in the above scenario where you have a majority party always making decisions that a minority party does not agree with, they can do something about it.  The minority party can withdraw their funds from The DAO and fork into a new organization, creating a "child DAO."      The problem here had to do with reentrancy, created by a simple mistake. The logic of the DAO's smart contract first refunded the user's funds, and then they updated the internal state.  The internal state is where they were keeping track if they had refunded a user or not. They were violating the best of practice CHECKS-EFFECTS-INTERACTIONS design pattern. Smart Contracts can send funds to a user address or a contract (i.e., agent); that agent now has the opportunity to call a function from within that smart contract.  When the agent receives funds, the agent can ask for more funds if the contract design pattern does not follow the CHECKS-EFFECTS-INTERACTS procedure because the contract has not internally remembered its already refunded.  It will issue a refund again and again, and this is what happened.    The DAO's smart contract had a design pattern of EFFECTS-CHECKS, done this way, the refund function can be exploited and called again, and the recording of the refund never reached.  Simply implementing a design pattern of CHECKS-EFFECTS-INTERACTIONS would make this type of attack impossible. Because when the agent attempts to call refund again, we have first recorded the refund, therefore, updating the internal state.  This error in the flow of funds came with an 80 million dollar cost of failure. It also resulted in a great divide within the Ethereum community.  After the DAO Hack, Vitalik and the Ethereum Foundation made the controversial decision to roll back the blockchain and take a snapshot at the point before the hack. Effectively allowing for them to return the funds to the victims. A portion of the Ethereum community did not want to do this, citing that it violated the most fundamental attribute of blockchain technology, immutability. What resulted was the split. ETH sought to fix the scenario by rolling back before the hack and performing a hard fork, retaining the ETH ticker with most nodes running the hard-fork. In comparison, ETHC (Ethereum Classic) nodes wanted to continue mining on the old chain. In this sense, it was a very influential hack.     In conclusion, small mistakes can lead to severe problems; we are handling financial Legos here. As we have seen over the last six years, attacks will continue to increase, and although all solutions wont be perfect I believe them to be necessary and that smart contract security will be vital to the future of this space. Please subscribe to some of my thoughts here as we continue this series on Smart Contract security; we will discuss the Parity Attack in a follow up discussion. Until the next installment it has been a pleasure to have this time with you to discuss Decentralized Finance and smart contract security, sincerely Mikal Muhammad.

Proof of Concept for an NFT Game and companion tilebased Metaverse game. I'm happy with what we're doing, and special thanks to my friend Eliezer Mia for help with GUI, design, and editing of this video.

Things are starting to heat up with a project I'm working on. #Enjimon #WalletMonsters

sounds legit

Cat Overflow

The Son Of DeFi

Hi, I hope everyone's doing well. My name is Mikal Muhammad. I'm an audio engineer; owner of Twenty Seven Sounds Inc, a full-service recording studio in downtown Long Branch, NJ. I have had a closet interest in blockchain technology since Bitcoin (literally). I say closet interest because my hardcore audio keen would frown upon any regards that stray far from the realm of audio. In 2019 containment reached maximum capacity; I enrolled in Ivan On Tech Academy and began the journey to start building protocols myself. I formed Lynne House Publishing Inc. in 2020. We develop intellectual properties from music to technology and specialize in blockchain protocols where the two collide. I've decided to keep a public illustration of my journey containing what I've built and helped build, which is available here.  Feel free to give that a look through, but here I want to write about n the developing field known as DeFi, best of practice techniques for developing said protocols, and my journey doing so. Currently, I'm working on three protocols Hodl Helper (DeFi), Wallet Monsters (NFT Game & Metaverse), & The CryptoHomies' (NFT collectible project, Game, & Metaverse).  I'm excited to be working with Web 3 technologies like Moralis Web 3, Enjin protocol, and the Unity game engine and framework to bring these projects to market. I enjoy developing with agile practices building MVP to ensure products the market wants and needs. I wanted to introduce who I am, my background, current events, intent, and motivation for writing this blog. I'm as excited now as I was in 2009 about the possibilities of blockchain technology. I'm passionate about blockchain technologies in general and DeFi specifically; I have a documented history of turning my passions into successful entrepreneurial endeavors. I hope you will come along on this journey with me as we forge new frontiers.  Thank you for building with me, yours truly, Mikal Muhammad.