status-im
/
ETHReport
mirror of https://github.com/status-im/ETHReport.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
ETHReport/data/archives/interviews.js

1793 lines
546 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

const InterviewsData = {
'0': {
'Name': 'Fabio Berger & Remco Bloemen',
'How do you handle smart contract verification and security?': '<p>Code audits before deployment </p><p>Want to add a formal verification tool to our deployment tool. </p><p>By analyzing the code, you can find patterns. </p><p>I manually did an audit in v0 of 0x: </p><p>Make sure all functions have a “Read -> Write -> External Call” pattern, so you dont have any race conditions.</p>',
'Other bounties?': '<p>Rest of the bounties from Remco </p><p>State-watching built-in diffing of state trees </p><p>Should be implemented in the Ethereum clients Geth and Rust. </p><p>They want this feature for OrderWatcher. </p><p>EIP process is suboptimal: </p><p>Lacks in consensus-building. Theres vocal people who dont have good ideas; theres a lot of noise. </p><p>To improve: committee-based approach (reputable stakeholders from reputable projects who get together?). </p><p>Problems are getting solved at the wrong abstraction level. </p><p>E.g. NFT standards. </p><p>Neufund was largest Solidity project before tokenized equity. </p><p>You want a EuroToken. You dont want your company valuated in Ether. </p><p>What if blockchain forks; which token is actually tied to the company? </p><p>Bounty approach gives many different styles within the codebase. </p><p>This is a problem; e.g. OpenSSL codebase after Masters / PhDs.</p>',
'Who are you and what are you working on?': '<p>0x - Decentralized exchange protocol. It is a set of smart contracts that handle standard transactions in an order format. </p><p>The key advantage here is that these smart contracts leads to shared liquidity </p><p>We also achieve increased security and network liquidity through our architecture. </p><p>We launched the network in August 2017. </p><p>It works, but is V1. We are working on V2 which helps people build hybrid stations, supports new token standards, and makes the contract more gas efficient. </p><p>V1 only allows humans to create orders; V2 will allow new smart contract to create orders. This is HUGE. </p><p>Notes: </p><p>Were building the protocol; designing the standard; building dev tools for anyone to build a decentralized exchange. </p><p>Orders may become invalid for any reason: </p><p>Order being filled </p><p>Griefing attacks </p><p>Weve now built an OrderWatcher that keeps relayers updated on the state of orders. </p><p>Were using contract Events as a proxy for state changes. </p><p>Can do a diff between state trees and between block headers. </p><p>We also have a set of smart contracts to handle settlement; </p><p>Everyone who wants to trade is setting allowances on a smart contract. </p><p>We want upgradability.</p>',
'What are the tools/libraries/frameworks you use?': '<p>EthereumJS / truffle hardwallet provider / Typedoc (to generate documentation) / </p><p>We dont use Truffle anymore </p><p>Not reliable can have race conditions; </p><p>Artifacts dont allow you to have versions of the contract on different networks </p><p>You dont run into this stuff if youre just building a “hello world” </p><p>Overwriting parts of the contracts; </p><p>We rolled our own. Its open-source but not documented. We have other things that are keeping us busy. </p><p>The problem is that Truffle has too much functionality we would like to see more of a Unix philosophy. </p><p>Cannot support different versions of Solidity. </p><p>Version management doesnt exist. </p><p>EthPM doesnt have versioning either? Its going through a big refactor, so we held off. We need the NPM package manager. </p><p>We have built a lot of developer tools to interface with the smart contracts ourselves. </p><p>We have also built own deployer and migration tool, as truffles did not suit our needs.</p>',
'What are your biggest frustrations?': '<p>Getting a simple experimental environment up is hard </p><p>Remix is there; but its not enough. </p><p>Tracing and profiling is not existent. </p><p>Remix does it, but cant do it locally. </p><p>“Code coverage” tool exists but inserts console.logs in </p><p>Adding up gas costs per line of code. </p><p>Need to do profiling, because gas costs depend on inputs. </p><p>Solidity language itself: </p><p>Crashed the Solidity compiler twice today. </p><p>E.g. AbiEncoderV2 is pretty new and hard to understand/use. </p><p>The code that it produces is inefficient. </p><p>There is a stark stack limit in solidity </p><p>All the variables are locally scoped. </p><p>Un-intuitive as it is a curly braced language. </p><p>The lifecycle hook value_of is within a function. </p><p>Can only access top 16 slack slots. Including input and output. </p><p>We need to implement a graph coloring register allocator to find out what the lifetime of the variables is. </p><p>“This stack slot was used in the first half the second half you can use” </p><p>Or implement register splitting. </p><p>Function inlining is frustrating sometimes: </p><p>E.g. SafeMath turns every operator into function call which is a huge gas sink. </p><p>How Solidity optimizes could be improved: </p><p>It focuses on the code size (which makes sense since its minimizing the state tree); but sometimes you need to optimize size of tx gas (e.g. 0x needs optimized fillOrder call) </p><p>ABI doesnt implement introspection </p><p>EIP 165 </p><p>E.g. “does this contract implement ERC20, or ERC223?” </p><p>Solidity should have this in-built. </p><p>Should be built into the API spec and compiler. </p><p>Inheritance: </p><p>Interface or abstract contract e.g. Solidity automatically creates getters for state functions collides with </p><p>Contract which implements an interface public or external for abstract functions they collide </p><p>ERCs there is not a formal way to describe the interface for contracts. </p><p>Have a standard repo this will lead to a canonical ABI definition can have semantic rules around this. Could run some specific unit tests against</p>',
'How do you handle testing?': '<p>Testrpc has gotten better </p><p>Increases the speed at which you can dev. </p><p>Blockstream is really cool. Written by Mica (from Augur?), under the EthereumJS lib. </p><p>Good dealing with block re-orgs and changes in state. </p><p>Continuous Integration: </p><p>Doesnt really work for smart contracts. </p><p>We just use testrpc. </p><p>Neufund was different than 0x: </p><p>Neufund was a trustee for tokens it was centralized by definition. </p><p>This made it simpler: I could create “open-ended” contracts a switch statement, that the default would send to another proxy contract. </p><p>But wouldnt be able to do this with 0x e.g. if we wanted to add Shnorr signatures because its a governance / security issues.</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'1': {
'Name': 'Leo Logvinov',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>There is a limit on local variable numbers (have a limit of 16, which influences how you write the code). </p><p>Solidity doesnt push variables down the stack, so you cant go more than 16 deep. This is an implementation detail in current compiler that needs to be improved. </p><p>ABIv2 - experimental feature for half a year or so - return structures and bus structures as parameters. 0x are planning to use it to make their code easier to audit especially. </p><p>C++ devs needed</p>',
'Who are you and what are you working on?': '<p>Started in blockchain 2 years ago in Berlin, working on Ethereum devtools, building solidity plugin for IntelliJ, built by him and an Australian. </p><p>Working on truffle, did some PRs, improving speed, usability, error handling. </p><p>Started working on 0x, primary role: devtools team.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Event watching - unreliable, no support for backfills etc. </p><p>Build tool for statically typed contract (ABI gen that generates contracts), build out the statically typed libraries </p><p>Negative experience with web3js team - unresponsive. </p><p>Frustrated with truffle because it is hard to contribute with so many packages these days. </p><p>Hard to debug and understand it all - so needed a smaller truffle for the specific use cases. </p><p>Need to standardise their artifact format (currently in talks about it). </p><p>Solidity coverage tool: built at hackathon (at least the profiler which is not super useful), standardise on artifacts format so that it works across tools. </p><p>Which line of solidity is covered by tests? </p><p>EIP712 - standardised signing for structured data, also helped finalise 721 at ETHDenver. </p><p>Solidity plugin for IntelliJ IDE </p><p>One did not exist at the time. Did not have too much stuff in it really: simple formatting, definitions, highlighting. Not “a super interesting” project, but has 36 000 users (some duplicates). </p><p>VMs </p><p>Been wanting to speed up tests recently. Bottleneck is code execution in Ganache VM (90%). We want to get down to 1-10s test runs. </p><p>GAS PRICES ARE NOT THE SAME!!!! Arghhhhh! </p><p>We need JIT compilation in more performant language (currently just executed in JS). </p><p>Project called EthJIT VM, transpiles to LLL, then optimizes contract so that it is precompiled and then runs much faster. </p><p>Would be great to see the integrated in ganache (snapshots and time travel make this a nice tool than geth to use currently). </p><p>Even better to have pluggable VMs, have spoken to the Foundation about this too.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': '<p>Prettier type plugin for solidity. I dont have time to write it but Prettier has a good API.</p>',
'Other domain specific questions?': '<p>What has your experience been like working on EIPS? </p><p>Working on EIP 712 - signing structured and typed data </p><p>Quite hard with monetary prospects and no established legislation process - need better ways of governing and enforcing the process. </p><p>Really helped to have everyone in one room at ETHDenver and align on angles of attack. </p><p>Room at ETHDenver from commenting on a thread in GH. Started unstructured and moved into structured discussion by defining the interface, which helped identify all the different parties motivations. This revealed some inertia on some teams behalf, which was interesting to see. </p><p>Lot of discussions about metadata (of tokens, which is also important for other parts of tokens) </p><p>GH PRs are one single wall of text and the comments need to be better moderated, especially for trolls or tangential discussions/ideas (especially tangential ideas need to be collapsed). </p><p>Creators need to moderate/create a TL;DR section to help people better and more easily grasp what they are working on. </p><p>Solidity code coverage - how does that work? </p><p>Before each line calling eval, and modifying Eth and ganache code to read the events, much below the current block gas limit and working through everything that comes through. </p><p>Take debug transaction with list of opcodes. Also have the source maps, which map back from opcodes to lines of solidity code, and can use that the work backwards from opcodes to understand exactly which line used how much gas. </p><p>How do you get the trace after each tx? </p><p>We wrote our own provider, whenever call to eth_sendTransaction gone through provider it sends it and then gets the trace. </p><p>Calls dont have traces though, so need to do a snapshot and then send the call as a tx, which gives you the trace back and then you can look at what happened in the call. </p><p>Did look at other tools, but felt the performance and reliability of those tools just kinda sucked. </p><p>Can you tell us more about Event Watching? </p><p>Lacking good open source project[a] </p><p>People dont have stateful nodes, you need to handle events client side </p><p>Ethereum-js blockstream enables us to use stateless nodes after installing all filters. Still not a part of web3. </p><p>Working on something called order-watcher: track when the order becomes invalid. Which happens when the user manipulates things. You can validate reactively by watching for events, but you want to actually watch balance changes and events are just an imperfect proxy for this. </p><p>People can mint and burn tokens and change balance without emitting events. </p><p>Want to track changes in balances, not events. balanceOf() is view function that returns the balance, so we want to track the result of calling that. </p><p>Might be inefficient to look at that directly, or we can register callbacks and recompute only when the state used by that function changes. </p><p>But how do we know when state changes? </p><p>Cannot rely on solidity, but can run function, get trace, see which storage slots the function is reading, and then you for sure know that this function will only change its value when one of those storage slots changes. </p><p>Use Patricia tries somehow to watch these storage slots and state changes - allow you to watch efficiently changes on view and pure functions. </p><p>Check out EIP 781: https://github.com/ethereum/EIPs/issues/781 </p><p>Can you tell us more about ABI gen for statically typed contracts? </p><p>Contracts need to be checked at compile times to ensure parameters etc (strong instead of number or something like that) and being statically typed is much easier to check this. </p><p>Inspired by geth tooling, and there are also some JS ones (salt-size etc) but were all very opinionated and made all sorts of assumptions about how you wanted to use your contracts. </p><p>With 0x tool: Consensys is using it, Sybil (journalism tools, also with typescript contracts). </p><p>Using ethers.js for backend of contracts due to issues with web3 versions (classic). </p><p>Best ideas to have in a debugger? </p><p>Not writing solidity actively at the moment and I havent used one yet because it is such a high level tool (haha). </p><p>I feel that this is quite a long way away right now. </p><p>Need bytecode, source code, source maps, traces, interruptable VM etc. </p><p>Can you tell us more about signing data in Ethereum? </p><p>Arbitrary string that people were supposed to sign, but then people figured that you could use it to send ETH, hence the weird prefix that got implemented - not an EIP, it is just a bugfix. </p><p>If there is a way to display user data and get them to understand the transaction fully, then they would surely not sign. Prefix doesnt solve anything, it just postpones the problem.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'2': {
'Name': 'Axel Ericsson',
'How do you handle smart contract verification and security?': '<p>Human thinking and auditing. </p><p>Will find some external team to do a professional audit.</p>',
'Other bounties?': '<p>Breaking out a javascript library for web pages that are accepting payments, which allows you to accept any kind of wallet mechanisms: Ledger, Metamask, Priv key, encrypted keystore, etc. </p><p>Same thing needs to exist for desktop software. Need a simple desktop wallet that accepts any kind of access to payments.</p>',
'Who are you and what are you working on?': '<p>I have built 1Protocol </p><p>It lets smart contracts sign up as miners on different proof of stake protocols </p><p>Let users provide the contract with the stake </p><p>Its like a mining pool, but for staking </p><p>Three things </p><p>Interface for signing signatures (like MEW) and sending tokens to mediators </p><p>Building actual contracts that accept tokens and are signed up in Raiden as a mediator </p><p>Actually running the mediating machine on Raiden. </p><p>Eventually, anyone can send tokens and anyone can run the machine </p><p>For this, simply writing software around the Raiden node client. Raiden has published a python client. When you run it, it exposes an API on your computer, and 1Protocol is writing software that interacts with that API.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Just web3JS and the python raiden client</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': '<p>Truffle suite. Before that, built our own unit testing system.</p>',
'What tools dont exist at the moment?': '<p>There is no tooling or anything related to state channels that is trusted yet. </p><p>Need the MEW of state channels.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Solidity is changing so quickly that, as an example, </p><p>changes to visibility modifiers (public / private etc.) has gone through a view iterations. </p><p>It would be great if there was a resource that combined solidity read the docs with the github releases[a][b] </p><p>Needing to resolve problems like how to setup web3, talk to contracts, remote vs constant transactions. Lots of re-implementing solutions.</p>',
'What are you most excited about in the short term?': '<p>Raiden is the golden egg in the space. The experience of actually using Ethereum will improve a ton. </p><p>“Counterfactual” team building some general purpose state channels. </p><p>Less bullish on actual applications on Ethereum right now.</p>',
'Was anything easier than expected?': '<p>Writing smart contracts is surprisingly neat. Not actually as hard as it seems. You can have a mental model of all the moving pieces in your head, which is actually harder with other kinds of software.</p>',
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'3': {
'Name': 'Mike Goldin',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Pretty cool to have more languages for the EVM. Solidity is only reliable one. Yoichis Bamboo is moving along.</p>',
'Who are you and what are you working on?': '<p>Software developer at Consensys </p><p>Known for Token Curated Registries 1.0. Works on team turning TCRs into product which in turn informs the engineering/design. We fully intend the projects to succeed so we can incorporate feedback. Its all still experimental, though. </p><p>TCR came from AdChain. Deployed to Ethereum mainnet on April 24th. Useful for data on how people interact when theres actual money at stake. New type of TCR where token supply inflates after every vote. </p><p>Adchain allows publishers and suppliers to find each other on a p2p. </p><p>By using TCRs to curate who may participate, cut out middlemen as well as bad actors. </p><p>Focus is on onboarding.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Truffle, useful as a testing framework. </p><p>Solidity linter, Sol Lint. Not super good, but alright. Eventually, I want an Airbnb javascript plugin for ES Lint. </p><p>Ganache Test-RPC </p><p>Eth.js sometimes</p>',
'What are your biggest frustrations?': '<p>Truffles debugger is a bit disappointing. Works well for simple pattern, doesnt support different types of contracts i.e. proxy pattern. </p><p>Need an Ethereum Package manager. Wishes packages were update. Should move from Ropsten to mainnet. Publishes and consumes to EthPM. Adoption is still low- EthPM. </p><p>Made technical assumptions early on, problem could only be discovered when going into production. User data you get from running on a testnet. Peoples behavior changes as you add real money. </p><p>Offline simulations of incentive games with $10,000, offline IRL version.</p>',
'How do you handle testing?': '<p>Writes tests in Javascript </p><p>Sol Coverage tool </p><p>Wants 100% code, branch etc. </p><p>Github is part of testing workflow because of code reviews </p><p>How do you handle smart contract verification and security? </p><p>Also Josh Cassidy</p>',
'What tools dont exist at the moment?': '<p>Fuzz Testing and formal verification desired.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Hardest part is learning to develop in a blockchain environment, not solidity. Learning the javascript versus learning the browser. You can learn the language formally but learning how to apply the language in the browser. Blockchain environment is very different from anything else.</p>',
'What are you most excited about in the short term?': '<p>Excited for Casper </p><p>Applications implemented in Plasma, generalized state channels.</p>',
'Was anything easier than expected?': '<p>Whats really easy is programming money. </p><p>On blockchain, every individual has universal payments identifier.</p>',
'Who are the other people you think we should talk to?': '<p>Infura team, client development </p><p>Spankchain - pretty aggressive on focus to</p>',
'What are the best educational resources?': '<p>Solidity Docs </p><p>Uses yellow paper gass lookup table </p><p>Not sure</p>',
'Are there any other questions we should be asking?': null
},
'4': {
'Name': 'Oleksii',
'How do you handle smart contract verification and security?': '<p>We have written our own tools which tell us, for instance, that “this variable is never used.” </p><p>Also includes optimizations to improve gas usage e.g. read address value and store in memory before loop, then call into it. </p><p>For contract address, for state variables, etc.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Started working with smart contracts in early 2016. </p><p>Started by writing tests using Truffle for other peoples contracts. </p><p>Then, started educating himself on Solidity, became a smart contract developer. </p><p>What do you do at Ambisafe? </p><p>Do custom development for clients. </p><p>Our own products: e.g. webhooks for contract calls. </p><p>Scalable supernode solution logic to make the node robust, etc </p><p>Platform to issue tokens. Fixed set of contracts, but for every new token, they deploy a new contract as a gateway. </p><p>Gateway token contract implements specific logic of different tokens. Fees, etc. </p><p>+ Toolkit for DevOps / deployment: </p><p>Javascript functions to solve common problems, tx propagation issues, … </p><p>Tx propagation issues: sometimes your node gets a tx, but doesnt propagate to any other ones. Mostly seen in Parity. </p><p>Deployment scripts </p><p>Checking that the gas thats going to be spent; if enough gas is provided. </p><p>Scripts to collect info from the blockchain, doing sanity checks to make sure its all good before proceeding, then collecting data after, … </p><p>COULD THIS BE A BOUNTY TOOL? </p><p>Cloning of contracts. </p><p>Most of their contracts dont copy any code anymore.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Our original vision was to do everything testing, deployment, etc - through Truffle. </p><p>But, in reality, weve only used for testing. </p><p>First version of truffle was using the testrpc snapshots for reverting good for unit testing. </p><p>In second, third versions this was removed. </p><p>Most companies use truffle for testing, on testrpc. </p><p>We made our own helper to make snapshots and do reverts on testrpc before/after tests. </p><p>Now, you can deploy the contracts from inside the tests; youll have a freshly deployed contract. </p><p>Truffles designed to be used by a single project a fixed set of contracts that doesnt change much. </p><p>But most of our projects have different platforms, so we end up deploying different versions of our contracts over and over again. </p><p>When Ethereum started being regularly congested </p><p>Built functions to overcome this tool for: re-submitting transactions with higher gas prices when they dont get accepted. </p><p>People dont track nonces correctly: </p><p>Tool for: figuring which nonces were skipped, and creating transactions for them. </p><p>We check for compiler errors + static warnings in Remix. </p><p>I havent used automated tools like Securify. </p><p>I just read the contract for as long as possible, so that I understand the contract as if I wrote it myself.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>What are other great tools you have used? </p><p>Ethercamp a smart blockchain explorer: </p><p>Heuristics while parsing and indexing the chain. </p><p>Had a convenient interface to explore the storage of the contract; even without an ABI, the heuristics allowed you to see that e.g. “this key is this address”. And then showed this stuff in a human-readable way. </p><p>Then, they kind of stopped their resources. </p><p>More details on you data collection &amp; devops tools? </p><p>For it to be useful, it requires time for refactoring. </p><p>Its usable right now, but code could be improved. </p><p>Making complex deployments possible. </p><p>It wont be too complicated to build. </p><p>Tool for: pulling balances of some tokens of some addresses </p><p>Tool for: making airdrops cheaper to do. E.g. 20k addresses with batch deposits happening through a smart contract. </p><p>LLL language? </p><p>If youre using Solidity, you cant have the maximum optimization in your contract. </p><p>Convenient way to write contracts in Assembly? </p><p>He wrote bytecode by hand, for the contract they deployed a million times. </p><p>Having a better low-level language that compiles to bytecode. </p><p>The call trace in Ethereum? </p><p>It doesnt currently provide you with any help. </p><p>Using 4byte.io, you have the ABI of all the functions in the trace. </p><p>You can build a human-readable layer above it, and see whats going on. </p><p>Can have a real stack trace for function calls between contracts, with what values. </p><p>Action items? </p><p>Oleksii to outline needed features / requirements for smart deployment tool. </p><p>Us: intro him to others interested in in collaborating on above &amp; scoping out requirements.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'5': {
'Name': 'Brett Sun',
'How do you handle smart contract verification and security?': '<p>Human audits only right now. </p><p>Trailofbits is really interesting, been wanting to play with Enchidna. These guys come from a traditional infosec background and it really shows, because their professionalism is on another level from anyone else weve been exposed to. </p><p>A lot of the actual code can be checked fairly automatically, especially with the more hardcore tools now coming out. You cant really automate some of the creative, game theoretic attacks, but there are people who are very good at this now. </p><p>Tried Oyente a while ago and did not have a good impression. It didnt really provide that much and the things it could identify were pretty easy to spot anyway.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Working on Aragon entirely. </p><p>The end goal is to create a network between organisations that live on Ethereum (and potentially other platforms in the future). </p><p>This required a lot of foundational features. </p><p>A network of organisations requires organisations in the first place! So we have been working for the last year to build these. </p><p>We are now switching gears to think about what a network between the orgs will really look like. </p><p>We build aragon_os: an OS for organizations. We tend to think about resources (i.e. people and money), and structure the OS according to well-known principles. Instead of people and money, normal OSes manage CPU and RAM etc. </p><p>Two key pieces to this sort of work: </p><p>Controlling money. </p><p>Controlling permissions. </p><p>We also provide a lot of UI components on top of the contracts that we are writing. </p><p>The entire goal of 0.5 (live on Rinkeby now) is to allow people to easily create and manage their own organisation, along with granular permission and financial management. </p><p>Should be able to create their own application to live in their organisations: and this is where we imagine the network of organisations will emerge from. </p><p>Hooking up your own apps, and designing your own interfaces to handle certain complex behaviour</p>',
'What are the tools/libraries/frameworks you use?': '<p>Four categories: </p><p>EVM and lower level stuff: </p><p>A lot of our problems have been solved by solidity 0.5 pragma </p><p>Revert with reason! Should be better for error logging. </p><p>Dynamically-sized parameters inside the EVM. We did not have an opcode before Byzantium that could have handled returndatasize with dynamically-sized stuff. </p><p>We play a lot with assembly and ABIEncoding has really bugged us before inside Solidity. So when, for eg, we want to stuff dynamic arrays with mock call data sent through delegatecalls. We have to do some funny business to properly encode them, and 0.5 exposes tooling to do this automatically. </p><p>Smart contracts: </p><p>Not a lot of great tools here yet, especially around testing. This seems to be a fairly obvious hole. </p><p>Not a big fan of Truffle, even though everyone seems to use it. It is especially slow when compiling. </p><p>Solc can be installed directly on most distros, and does stuff in less than 1s, whereas solcjs will take 20s, so why would you go for the latter? </p><p>Dapphub has their own set of nix-based tools that I havent tried yet, and really want to. But the barrier to understanding here if you dont come from the right programming background is very high. </p><p>We use a bunch of standard libraries like Open Zeppelin, and the MiniMeToken and some other cool code that tends to fly around on GitHub or Reddit in the right places. However, this is a tricky place right now, because Package Management is unclear and no-one is yet sure if they want to use ETHPM. </p><p>There is a lot of people copy-paste contracts into their own repos, which isnt great. It would be better to see them moved between repos with commit hashes and proper referencing. </p><p>We do this, as it is especially helpful for auditiability. </p><p>Dev tooling that allows people to easily build aragon applications: </p><p>Its tough to develop Ethereum applications right because there are a lot of things you need to spin up yourself. </p><p>Deploy a local chain, deploy your contracts onto it, and then only with that done can you start building a UI linked to that chain. </p><p>Not too bad if you have just a few contracts, but with the way that Aragon has been designed (esp in term of flexibility) there are a lot of components that need to be deployed on chain before it all begins to work. </p><p>ENS on local chain, APM, base logic contracts, factories to extend the proxies on top of those basic contracts, and then only do we have a good chain state for people to hook up a UI against. </p><p>This produces a lot of friction, both internally and externally, so we have this goal to simplify it all. </p><p>Ganache has a snapshotting feature where it will dump the entire chain state (the whole patricia trie into a bunch of JSON files) that can then be used to start up your own chain from that state. </p><p>However, when you tell Ganache to run from the snapshot, if you do anything on the chain, it overwrites everything. </p><p>So you actually need two snapshots and some patience to get things right. </p><p>We also need to deploy things onto IPFS, which adds another barrier for users wanting to get going with local development. </p><p>So, we have tried to build this command into aragon-cli, called “aragon run” that handles everything for you. </p><p>Based on the brittleness of tooling though, its very difficult to make this reliable, and get it to error gracefully and debug why it isnt working when it fails. </p><p>UI: </p><p>Not too much in terms of Ethereum-related tooling - a lot is just normal, front-end javascript. </p><p>Major frustration is web3.js. There are just so many things wrong with that package… “Every day is new adventure when using web3”. </p><p>Pretty much every time we have had to do something for a deadline, we have run into issue with it that have delayed us. </p><p>i.e. in Buenos Aires, we wanted a mainnet launch for our Survey App, for which we need websockets and https. </p><p>We set Parity up with secure websockets on our own node and launched our UI and web3 just doesnt connect to secure websockets. So what was the problem? </p><p>Took some hours to play with all the different settings before realising that the latest version of web3 doesnt support websockets. Downgrading then works, but the previous package didnt have some other functions we needed. </p><p>Relied on getting events to process changed information in the UI. However, the event handler in one particular version of the package would send some events in the error callback as opposed to the actual one and we were totally baffled how that could even be.</p>',
'What are your biggest frustrations?': '<p>My biggest general frustration comes with the relative youth of the whole industry, which underlies a lot of our collective frustration, including both security and development. </p><p>It feels like we sometimes have our hands and feet tied when we are trying to make something. When you make a typical web app, there is a lot of freedom in tooling and the tooling is robust. </p><p>You can make changes easily, watch these changes propagate, feel productive, and get feedback immediately. </p><p>This is not the case on Ethereum - things that should take a day actually take a week or a month. </p><p>Estimation of time is really difficult, but especially in Ethereum given how many unknown unknown there are. </p><p>Its really easy to get started, but it gets harder and harder to maintain. </p><p>Now that we have a lot of stuff built out, we now have to maintain it, and that decreases the rate at which we can ship new features as there is a lot of old architecture you need to deal with. </p><p>Feels like were playing a lot more defense than offence. Was first introduced to this by Jon Choi: you should be proactively pursuing offense and limiting defense (i.e. innovation over optimization). </p><p>All of these tools that are “not quite robust” tend to waterfall a lot, which means we are consistently on the defense, even against the tools were using. </p><p>No teams are really at the level of engineering that we need to be at. Its all shooting from the hip right now, which we fall into too because we want to ship things quickly. </p><p>There are no really great patterns or best practices or frameworks to follow just yet, or at least a shortage of them in the ecosystem. </p><p>Every year in traditional ecosystems, a new testing framework will come out, which is really great and I would love to see a similar situation beginning to happen in the Ethereum world.</p>',
'How do you handle testing?': '<p>In addition to the above we also use solidity-coverage, which can be super painful too. Not sure if the most recent version has fixed some of the issues, as we havent yet upgraded (we pin our contracts to an older version of solc for security reasons after they have been audited with a specific compiler version). </p><p>All of the tools are tightly coupled to the solc versions they use, and this becomes an issue in general for updating tools for coverage and testing. This should take 30 mins to set up, and yet, our CI is still broken today because solidity-coverage just does not want to work.</p>',
'What tools dont exist at the moment?': '<p>A nice debugger! Please… </p><p>More infrastructure to easily set up your own node, and second layer tools on top of that to help cache data, because Dapps in 10 years are never going to work with just events...</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Google + Github is my go to. </p><p>Not enough has been written on effective workflows for building decentralized products with new and largely untested tools. We need more developers writing about their experiences. Even if it is just a simple Tip &amp; Tricks list or Awesome List. </p><p>For instance, I consider the Consensys Smart Contract Best Practices repo to be really helpful, especially for people coming in. Something like this would be great for general workflows: </p><p>How to debug transactions, for instance.</p>',
'Are there any other questions we should be asking?': null
},
'6': {
'Name': 'Jorge Izquierdo',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Infura that is more decentralized. A full-node infrastructure[a]. </p><p>An open-source explorer.</p>',
'Who are you and what are you working on?': '<p>Aragon - Decentralized Governance platform </p><p>We had a feeling that they had to go deeper into the stack to launch Aragon. </p><p>What weve built: </p><p>Weve built two different interpreters: </p><p>Language for ACLs </p><p>Language for tx descriptions, similar to Natspec. </p><p>Allows you to do calls to smart contracts; but really basic stuff; </p><p>Built generic framework for interacting with their contracts. Our dApp changes; needs to integrate with 3rd party apps without allowing dApp developer to touch the database. </p><p>Ruby on Rails abstraction on-top of the data layer. </p><p>Problem here: we dont have any servers, we are a real dApp. Every single user has to compute entire state of the dApp. </p><p>Backend protocol / caching protocol / event-processing. </p><p>Upgradability stack. </p><p>Tooling to update storage etc correctly. </p><p>Trustless signer: help people understand their tx before sending the tx. </p><p>Working with metamask on this. </p><p>Our own CLI tooling </p><p>We have a package manager backend to our app store</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': null,
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Tell us more about getting deep into the EVM? </p><p>Natspec lets you evaluate functions within call this is problematic security wise. </p><p>Its not turing complete at this moment </p><p>No one describes what transactions are going to do; Radspec is the answer to this! Everyone use it, please. </p><p>Standard around commenting exactly what a transaction does. </p><p>Documenting what the source code does </p><p>Solidity puts a hash of the code, at the end of bytecode. </p><p>This process of automating the comments could be automated; pulls comments from Solidity source code, add them as comments for devs </p><p>Integrating dApps with blockchain? </p><p>Local caching in the browser; what are the block numbers; do a Reduce to see how an event impacts the state. </p><p>Problem with the caching layer: the info not only comes from the Event, but data you get back from contract depends on the block number </p><p>Performance is an issue: </p><p>Augur: ethereumjs-blockstream. </p><p>Library-driven development &amp; upgradability? </p><p>If Solidity changes how variables to storage blocks, if it changes this, therell be problems. They want to build a tool that does a sanity check that checks still works[b] </p><p>Tool to do a sanity check over the storage layout </p><p>If new contract uses different version of Solidity, could get that directly through proper use of interfaces.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'7': {
'Name': 'Jack Peterson and Sparkle',
'How do you handle smart contract verification and security?': '<p>Pay others to think about it - no process yet. We write a bunch of units tests, and we are going to run things through Oyente (Formal Verification). </p><p>Biggest problem - always has been - test thoroughly and comb through the code. Use static analysis tools. The biggest thing holding us back: </p><p>Maybe better standards for writing this stuff (NASA) </p><p>Create linting rules? </p><p>Have people working on project exhaustively review the code is the only way to do it right now. Certain classes of errors can be caught with unit tests, but we dont catch everything.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': null,
'What are the tools/libraries/frameworks you use?': '<p>Back-end: Visual Studio Code with docker images that run pythereum for unit tests. </p><p>Solidity compiler - Solium linter everyday </p><p>Integration tests run against Geth/Parity nodes </p><p>Custom libraries -- all their own RPC code. </p><p>No web3.js (ETH.js libraries are better) </p><p>Can run locally or dockerized - have a CI pipeline (Travis) </p><p>Push to Github and deploy to Rinkeby </p><p>Custom deploy tools are a huge headache. Doing a full custom deploy is like launching a satellite into space. There is a huge chasm to cross and a lot of the stuff is non-obvious </p><p>Truffle is used for this -- very challenging because it lacks deep modularity and customizability. </p><p>Failed at random on different networks after working reliably against testrpc. It wont tell you why and is deeply opaque. There is no error messaging and it is hard to use in general. The dependency of contracts gets very complicated (because logic is complicated). </p><p>There is definitely more work to get Truffle smooth for everyone </p><p>Actual contracts / delegate contracts -- build system is incredibly specific to their framework and difficult to adapt/customise. </p><p>Use Geth / Parity </p><p>UI -- react / redux. </p><p>Augur node is typescript .. </p><p>Lots of small things -- middleware library called ethereumjs-blockstream. </p><p>Library for generating keys and key files -- keythereum. </p><p>Key management is tough -- self signing (so can leave unlocked Geth instance, which is not good either)</p>',
'What are your biggest frustrations?': '<p>Lack of a debugger - by far the biggest issue. </p><p>Need to print things from failing transactions and cant do this </p><p>Right now, we just attempt the transaction until it doesnt fail. We are often unsure why things fail, just keep going until it doesnt. Whats missing is break points and executing code from that. That will shorten feedback cycles. </p><p>Development environment is really bad right now…</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': '<p>Setting breakpoints in tests! </p><p>Salesforce Development: Public thing where you post your code to it and everybody works off of it (lots of bounties projects now up from Status Open Bounties to Gitcoin and bounties.network). </p><p>Having clean Dev Nth without 30 things to set up: </p><p>React project will need to talk to Geth / IPFS / local = lot of setup is irritating. </p><p>If a transaction fails, the logs dont get written. This needs to be in the EVM </p><p>Having many slacks is a big problem. We should have 1 slack with all developers. </p><p>Documentation is also terrible. </p><p>What documentation would you like to see? </p><p>Tooling / documentation / community takes like a decade to develop. (Check Kauri for a possible solution) </p><p>“How does Geth estimate Gas” - need to ask a bunch of people and its not written anywhere. </p><p>How much gas does a particular operation cost? Is this written down anywhere? (People point you to yellow paper, but its very hard to understand.) </p><p>Issues are not addressed so well by the Ethereum Foundation. Were talking about normal software development issues and sometimes the Foundation seems unfamiliar with best practices.</p>',
'Other domain specific questions?': '<p>Lets talk specifically about UI issues / scaling? </p><p> Stabilisation of contracts: we need clearly defined APIs against contracts. </p><p>When you change behaviours on a contract it has a multiplicative effect on the UI. One small change can have effect where you change 10 views. This lengthens dev cycles and having an API defined is important. </p><p>In general, it is hard to write business logic layer. Augur is writing a middleware node to overcome this. </p><p>Impractical to fetch large amounts of data from blockchain - its too slow. It takes a minute and half to get data (how do you manage that experience in the UI?). Running a remote geth node - fetching data from logs + contracts is not fast either. This can be improved. </p><p>Have an Augur node or SQL database -- pre-fetches and pre-processes Augur gnodes to make them available… But this also constitutes an annoying extra thing between ETH and client which can be slow / unusable. </p><p>Lookup mechanisms are primitive! </p><p>Size limit on contracts is really annoying -- cant deploy to Ropsten because of it. It took significant engineering to put something on testnet (had to 51% attack it to increase block size). </p><p>Getting TestNet eth is hard --- not a way to get a good amount of rinkeby (can only get a little bit from faucet -- dont want people spamming it with transactions) </p><p>Really intense test suites running against Ropsten (Raiden…) </p><p>Would be great if we could easily spin up private chain to deal with that. Build a service to spin up private test nest that would have a certain amount of nodes. </p><p>Currently, this takes days of work -- what about standard service to do this?? People run these in different setting -- EC2 that is configured would be very useful.. Could store copies of Rinkeby and boot them up when people ask for them… (Infura will evolve into this) </p><p>What would be the hardest part of teaching your Mom how to use a dapp? </p><p>How ETH account is different than an account on a regular website. </p><p>Few ways to login to Augur -- can create an account on the website, but you have to keep track of it (like creating an account on the website). </p><p>Airbit will create accounts for Augur that will behave like regular website. </p><p>Had 2 bounties -- posted on Bounties Network -- and it worked </p><p>Linter rules -- portable debugger </p><p>Unit tests die and you attach a debugger to it -- nobody supports break points.</p>',
'What was the hardest part about learning to develop with Ethereum?': '<p>What steps do I need to follow to write these apps? Isnt anywhere here that helps you that much. </p><p>Development cycle for Augur has been roughly three years - and mostly not development stuff. We had first working version of Augur on testnet after 4 months (been iterating since then). </p><p>It worked, but it didnt scale and we found security problems. One cant release software with bugs in it. So this weird balance needs to be kept as we cannot actually “move fast and break things” </p><p>Start with simple system and iterate on it. </p><p>Only way to do it is to do it on testnet first! There, you inevitably encounter edge cases or developers notice something.</p>',
'What are you most excited about in the short term?': '<p>Raiden is coming shortly and will be very cool. </p><p>Looking forward to Proof of Steak. </p><p>UPort going live will be cool on Rinkeby. Is now integrated with Augur. </p><p>Nothing blocking Augur yet.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'8': {
'Name': 'Joey Krug',
'How do you handle smart contract verification and security?': '<p>Yeah, encourage everyone to use auditors. Lots of multisig tools out there that dont have CI builtin. Oyente, Mythril, but one problem is that no one else really uses them. Lots of bugs they found. </p><p>Tools are very well optimized to run for one smart contract. But not to run on suites of smart contracts. But if you fast forward a few years this will be relevant.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Co-Chief Investment Officer at Pantera Capital and Co-Founder @ Augur.</p>',
'What are the tools/libraries/frameworks you use?': '<p>At Augur, stack is different as its a bit older. </p><p>IDE: if youre doing something simple you can use something like Remix. Remix has all the kind of stuff you need, automatic static analysis to detect bugs and very visual and easy to run. </p><p>More than 5-10 smart contracts, beyond ERC20 and ERC-721, now Remix will fall apart </p><p>UI is a big clunky as you add more contracts </p><p>Its hard to write a complicated test suite with continuous integration. Instead use Sublime with terminal or EMACS and VIM. Augur primarily uses a Visual Studio Code syntax highlighting.</p>',
'What are your biggest frustrations?': '<p>At the end of the day, it all comes down to the tech side. Biggest frustrations are that its hard to write scalable software on something on Ethereum. State of scalability is very nascent. Product hes advising for payments, they look at state channels. But when you try to use MVPs, it doesnt work. But its really a comment on scalability not on the individual company. L4 working on generalizable state channels, excited about that. </p><p>From a business standpoint, you want to build on Ethereum. People come to them and say they want to build EOS. Reason Ethereum doesnt scale is that theyre trying to scale and not make a huge compromise. But there isnt a lot of marketing. We want to articulate why Ethereum is a good platform to build, not just look at TPS. </p><p>Would be cool if Ethereum Foundation put some posts on the blog for whats in the works for everything.</p>',
'How do you handle testing?': '<p>Run against pyethereum. Test suite is written in Python. As an investor, most companies are in JS environment with Truffle. Like Python a bit more. Truffle complaints are it has a lot of quirks. Default instructions for setting up tests in Truffle you get a weird nested stack of tests. </p><p>UX blockflow IDEO for Truffle, doesnt need to be rewritten but needs to be improved.</p>',
'What tools dont exist at the moment?': '<p>My answers changed over a time, 1 year ago it was static analysis. These tools exist now, but they need to be improved. The tools themselves dont have test suites, for example and they need more firepower in general. </p><p>From an investor standpoint these dev tools need to be improved.</p>',
'Other domain specific questions?': '<p>Would be useful if the Ethereum project could add more firepower to underlying network. Propagating a block and you have a certain amount of time to do it otherwise you could fork;. More low hanging fruit at the network level. </p><p>A really simple idea is when blocks are propagated, just propagate the tx ordering. Then have clients gossip for missing txs. A concrete example is for Bitcoin Bip152. Could this work Ethereum? Make something like this for Ethereum. Implement in Geth in Parity</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>In the short term, hes most excited about Maker DAO in the wild. A good stable coin. </p><p>Scalability for mid-to-long term focus. 4 years ago it was just discussing what the block size is, but thats an improvement for just one time. Interested in sharding implementations.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Back then documentation was very sparse, blogs posts or Reddit posts written by Vitalik or other people. Try stuff and see what works, back then everything was on Skype. Now its quite a bit easier, Solidity docs are much better. </p><p>What about for people getting into the space now? Google + original docs + Stack Overflow. If youre stuck go to one of the Gitter channel and ask the question.</p>',
'Are there any other questions we should be asking?': null
},
'9': {
'Name': 'Mark Beylin',
'How do you handle smart contract verification and security?': '<p>Consensys diligence is an auditing team available for their teams. </p><p>Argus (Berkeley audits chain) </p><p>Didnt find anything in our latest audit </p><p>Diligence at Consensys later found a re-entrancy vulnerability </p><p>Oyente also missed the re-entrancy bug(!!) </p><p>Having bug bounties in general is a good standard</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Creator of the Bounties Network. Bounties on any task in any Ethereum token. Frontend that relies on Infura and IPFS. </p><p>Infura doesnt let you listen for events. They have websocket capabilities that may be in beta right now. </p><p>Users use metamask for calls and transactions on it </p><p>I am the only solidity developer throughout its life.</p>',
'What are the tools/libraries/frameworks you use?': '<p>I know and use the solium linter. </p><p>Use truffle, testrpc. I love Remix. </p><p>Use Remix for deployment. Feels like I can trust remix to work as its meant to. </p><p>Web3JS, BigNumber, site is built on React. </p><p>IPFS JS library. </p><p>Blockies react library.</p>',
'What are your biggest frustrations?': '<p>Not being able to upgrade my contracts easily. </p><p>Better ability to return data, specifically variable length data. Arrays of strings. Mappings of strings to data, etc. </p><p>Ability to just dump the whole state would be great. </p><p>Gas limit: </p><p>Gas costs are high. Gas limit was a problem very briefly when trying to deploy a contract. But if your contract is running into the gas limit, its probably too big. </p><p>Off-chain computation: </p><p>No. Smart contract doesnt care about off chain. Stores stuff on IPFS and just stores the hash on-chain. </p><p>State Channels: </p><p>Only read about them and researched how they could be used.</p>',
'How do you handle testing?': '<p>Mocha tests using Truffle and testrpc. </p><p>Also use Rinkeby for when deploying staging versions.</p>',
'What tools dont exist at the moment?': '<p>Better querying possibilities on the state of contracts. Better indexing to do this. Even something that will just shoot results into a SQL table. </p><p>A good wiki that is endorsed by the foundation but curated by the community. </p><p>E.g. “How to do X” </p><p>E.g. “What is X” </p><p>People dont know what they dont know</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Didnt understand the stack. People dont understand whats in between dapp and the blockchain. </p><p>Really solid boilerplates would be very helpful for new people to see how easy it could be.</p>',
'What are you most excited about in the short term?': '<p>Sharding. Thats all I want. </p><p>uPort is getting ready for mainnet, feeling excited about that.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Joseph Vander (learning the be a solidity developer right now) </p><p>Kevin Owocki from gitcoin</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>Curious to know about developer incentives. Assuming you can make the same amount of money, would you prefer to build your own project or work on other peoples more established projects? </p><p>E.g. bounties for Augur vs building your own little dapp</p>'
},
'10': {
'Name': 'Aidan Hyman',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Working with parity and geth and parity-bridge. Optimising the EVM for bespoke needs - could be for clients, for enterprises. Lower level focus. </p><p>Create tools and mechanisms for people to utilise the tech as easily as possible. </p><p>Collaborating with Aion &amp; Shyft on potential implementation of a bridge. </p><p>Both on top of parity-bridge, which has some limitations: </p><p>Made only to work with POA. </p><p>Data availability for token information, following delegate_calls and not events. </p><p>Suggest work with Jay Rush and maybe add them into the team!!</p>',
'What are the tools/libraries/frameworks you use?': '<p>Truffle </p><p>Lack of modularity is the biggest problem (across all tools listed below). Building on top of, rather than within, the EVM you need to update the toolset youre using and this becomes really difficult with the current tools. </p><p>If you implement some different opcodes in solidity, you need to take them all the way up. Open source is great, but it needs to be easy to fork and re-implement it easily in order for it to be really powerful. </p><p>Talk to person who had to modularise Truffle internally (not just testing, but also the lack of modularity - if you want to change something and still talk to others in the space, the best solution is often to rewrite the whole tool yourself, which is less than ideal). Aidan to send intro to David about this. </p><p>Parity and Geth </p><p>Also speak with David and Greg. </p><p>Use Parity due to responsiveness from the community and how good they are at answering questions!!! Great community - so NB!! Aidans biggest asset is his network of core community members, which really matters in decentralized communities - open channels of communication. </p><p>Rust is a more obscure language and people lack experience, hence geth is somewhat easier to use and troubleshoot. </p><p>Geth has a bigger community, but the actual people developing the client arent as readily available as Parity. </p><p>MetaMask for frontend development </p><p>Were tasked with making MM work for client and had to rebuild a lot of the stuff. Will also send an intro to the dev who handled. Greg is his name. </p><p>Mythril </p><p>Huge frustrations with this tool. Getting it running is a pain in the ass. </p><p>If it could be applied at the stack layer and not the smart contract layer. Build something like Mythril for an EVM implementation, trace things up the stack cleanly, add/remove opcodes, make new instructions. A stack explorer so to speak. </p><p>Could spawn so many things because we could understand the stack in a better way and grab a lot more logic. Pity to see focus on higher level tools, which has become somewhat of a hindrance. Why hyperledger went out and did it themselves (not just the licensing issues). </p><p>Educational tool for stupid web devs like me to learn about how opcodes actually work and are composed in the EVM. </p><p>Regular rust and node related stuff (also some go stuff). </p><p>Are there tools from these arenas that dont exist in Ethereum which would be really cool? </p><p>We need to make these tools more closely aligned with the chain itself. With WASM coming online, this is already happening and we just need to be ready - i.e. teach everyone WASM. </p><p>The end if here for really high-level development with WASM. What this will mean for the community and internet in general has yet to be discussed completely. </p><p>Try to use ethers.js as much as possible as opposed to web3 </p><p>The person developing these tools (Richard) is totally accessible, responds to issues immediately (faster than a bot!!) - he is so collaborative and wants to make sure everyone is using the best tools possible, and this all makes such a difference. </p><p>Polymath people doing off-chain signing, which you couldnt do at the time and 1 of the methods didnt have a response variable they needed, and by the next morning it was updated. Tight feedback loops make it so much better to use tools. </p><p>You can create your own wallet in 4 LOC in your terminal - again the language and syntax is so much easier for a non-dev that this solution ought to win in the long time. Very relatable and understandable code base. </p><p>Gave solidity and parity/EVM workshops: </p><p>EVM workshop: took instructions, showed how it would be passed onto stack, where things go, how it gets passed on to memory. Questions were so relevant and knowledgeable. </p><p>Whereas in the solidity workshop, the questions were much more absurd and irrelevant. Talking about the stack, people from a dev background get it. It just makes sense. Take away: if we want devs who have been developing for 20 years, we need to actually show them how the stack works. </p><p>This is a community-wide failure that we need to focus on - for someone with a CompSci degree, solidity is crazy, but the stack is not!! </p><p>Bounty for cleaning up the yellow paper. Speak with David about this and his more in-depth version of the yellow paper. </p><p>Only ever hindered by delivering work because of MetaMask. Event and event monitoring between different networks was a fix that took a long time to be fixed. They have updated since and we havent done any more work there since.</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': '<p>Talk with Stu, who handles all the testing stuff. </p><p>Used to do what Mythril does: visualize the contracts as it does now, so once it is set up, it is very cool for us to use. </p><p>Such a focus on formal verification in Solidity (but who even knows if it really matters?). </p><p>Not doing fuzz testing for instance, and it seems like a lot of these requests are based on assumptions that have not been proven. </p><p>No-one knows what the optimal testing framework is, so more default templates in general that allow people to use what they need to use across different projects. </p><p>Again, modularity is what matters most. </p><p>Both unit and functional test as necessary. Unit testing seems more standard. Mocha and chai within truffle for the most part. </p><p>Ethereum-js VM has really bad testing around it and could be really usefully improved. We need some kind of local implementation to do testing on! Write another test suite as a bounty here.</p>',
'What tools dont exist at the moment?': '<p>Mythril for the EVM stack. Rewrite a complete stack visualizer for the whole EVM. Add opcodes to the stack and see how it looks programatically and logically would be awesome. </p><p>Even an overhauled IDE that is actually Integrated. Again, rewritten from scratch with a focus on modularity would be really nice to see. Even just clearing your cache properly and the way it physically looks is not good enough.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>Two of our most exciting projects: </p><p>Shift - decentralized KYC/AML platform. </p><p>Bunz - a hyper-localized bartering solution. Started as FB group, grew to 60 000 users all bartering locally in Toronto. The people werent just bartering anymore, but using gift cards, subway tokens, beer bottles, anything that could be converted into transactable good. Crypto can be the main medium. Currently have 200 000 users on the app and website and over 1 000 000 items available.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Honestly just readthedocs, gitter channels and searching through GH issues. </p><p>Moved from slack and gitter, to riot and gitter, and also ethereum stackoverflow. </p><p>If there is an issue, go to those repos as it is so unlikely that you are the first person to experience an issue using Ethereum tools. </p><p>Hardest to learn about the stack and opcodes </p><p>Find the right local communities and get involved with them. Pair programming and being equally confused together is really helpful.</p>',
'Are there any other questions we should be asking?': null
},
'11': {
'Name': 'Greg, Stu, David',
'How do you handle smart contract verification and security?': '<p>Mythril, as mentioned above.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>David: EVM layer stuff: interactions between opcodes, JS dev and web3 also comes into this at the other side </p><p>Greg: Reimplementation and adding functionality to the EVM and a lot of “bridge work” </p><p>Setting up bridges, working with parity bridge and other existing contracts </p><p>Added efficiencies for personal needs to types when blocks are getting written. Basically recreated in the EVM to get a sender. </p><p>Way blocks are written into the merkle tree. </p><p>Parity bridge is cumbersome because it is not well versionized and depends on the version of the EVM you are running/that you forked from. Often requires a ton of extra configuration. </p><p>Stu: solidity and PM (managing groups of people working at that layer of the stack), building smart contracts for clients</p>',
'What are the tools/libraries/frameworks you use?': '<p>JetBrains suite as an IDE. Remix comes in there for extra convenience but has it faults and is not totally integrated. </p><p>Biggest problem with Remix is that it is written in jQuery and it is monolithic. Dont know when it compiling/rebuilding contracts. Spinner doesnt spin more than once, no responsiveness, very frustrating. Well laid out for an MVP ;) </p><p>Pass in data as strings and not having it parsed as strings is frustrating. </p><p>Will meet with Remix team this week to advance development further. Seeing it as only 2 devs hammers home how under-resourced a lot of this software infrastructure is. </p><p>Debugger has not really been touched since the first version. Critical software lagging behind is not good. Still better than the truffle debugger though. </p><p>EVMLab - has an old school debugger that lets you step thru opcodes and examine what is happening in memory and storage. Has not been maintained recently, so you need to hack it together yourself. </p><p>Web3 and truffle sometimes, but not often. Often Remix and a couple RPC calls with console.log()s suffice. </p><p>Looking over Mithril and visualisation of the control flow seems really interesting. Handles all the low hanging fruit, as an automated system should.</p>',
'What are your biggest frustrations?': '<p>Up to date documentation!! </p><p>System dependence stuff would also be great to include (Mac OS/Windows/ Linux) </p><p>Thing s are fairly minimal, often have to hack together things yourself because the specific functionality you need is not implemented </p><p>When doing tests, get very unhelpful errors. Make them more specific! EVM errors in general are garbage. </p><p>Their error handling, geth specifically, basically used the same error in most cases to propagate it out. Go through subsections of EVM and write proper errors[a]. </p><p>Are you going to be using revert with reason in that case? </p><p>Call contract that deploys another contract. If gas is too low, it will just revert with no clear error. Needed to raise the gas, and it took 3 days of trial and error to figure it out (not clear if they will be or not, answer was more general about past problems they have had)/</p>',
'How do you handle testing?': '<p>Mostly unit tests in mocha and chai. </p><p>Mostly using Travis to automate the pipeline. </p><p>Projects are fairly young and PoC - so not necessarily a major concern at this point. </p><p>If not already mentioned, are there any libraries you rely on regularly?</p>',
'What tools dont exist at the moment?': '<p>EVMLab certainly has some of the features required, but they are very inaccessible </p><p>Directly execute arbitrary code and trace through it in nice fashion that is not just some JSON output. </p><p>Need to be able to step through those traces easily, which is also not possible there currently. </p><p>Go implementation of parity bridge (to make it leaner). Only one bridge that is open source, so having another one would be useful, especially seeing as Parity devs dont document well, especially changes between versions. </p><p>Some level of standardisation around bridges and agreement about how they should be structured. </p><p>What does interoperability actually mean in this context?</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Greg: Looked at web3 documentation (as it was more web based stuff at first). </p><p>Truffle pet shop worked well for a lot of people </p><p>David: Ethereum wiki was starting point, but you HAVE to talk to people about it. </p><p>Reinforcement comes through discussion and USE. </p><p>Stu: some limited solidity tutorials, go on to gitter and ask questions with code snippets nd other organic community involvement.</p>',
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': '<p>Community! Going to EDCON was an eye-opening, validating experience. Impostor syndrome is real and the remote work can be very isolating, but you can also own that and it is inspirational to see. </p><p>Perfectly OK to make stuff up as you go. </p><p>Availability of people, and the amount of people who can and will answer your dumb questions. </p><p>Also, itd be awesome to actually put computer science background to use.</p>',
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>Where do we actually find out more about all these tools? ← highlight top-mentioned tools in report.</p>'
},
'12': {
'Name': 'Jon Maurelian',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>I work at Consensys Diligence doing audits; similar to Zeppelin. </p><p>Also, I do technical communications / writing blog posts about best practices around security / Consensys docs / token repos.</p>',
'What are the tools/libraries/frameworks you use?': '<p>We use Truffle a lot (never had to use Dapple or Embark) </p><p>Zeppelin used by clients -- would like to use EPM more </p><p>Runs a Geth node myself </p><p>Solhint linter </p><p>Solidity Coverage is test measurement coverage tool </p><p>ETHGasReporter (Takes your Mocha reports and says how much Gas your test used.) </p><p>Would like to see a fuzz tester. </p><p>Excited to learn more formal verification + bringing into practice intro to Sergio?</p>',
'What are your biggest frustrations?': '<p>Auditing: </p><p>A lot of my time is spent understanding what the developer was trying to do. Theres lots of back-and-forth and I want to maximize the probability that this is the only audit the company needs to do (end up doing a lot of free work this way &amp; comms); </p><p>I would like to see better standards in what the idea of “ready to launch” is / what docs should exist / what the depth of testing should be. </p><p>https://media.consensys.net/preparing-for-a-smart-contract-code-audit-83691200cb9c </p><p>I want to see: </p><p>More efforts on gas optimization. </p><p>Using Assembly to do things. </p><p>Use different languages. </p><p>One thing that kills me: </p><p>When people copy-and-paste from Zeppelin or other libraries. </p><p>As an auditor: do I run a git diff? </p><p>Large inheritances. </p><p>Ugly repos. Not tidy. Clean directory structure is key. </p><p>These are real contracts. </p><p>These are testing contracts. </p><p>Wrote blog post so far. </p><p>What are most prevalent errors: </p><p>People should use EPM to import / or Dapphub. </p><p>Add linting -> Solehint (?) / Solium. </p><p>What happens in a security audit: </p><p>Run the tests. Usually because of different truffle or testrpc version. </p><p>Have npm scripts to run local version of truffle. </p><p>The easier it is to read tests, the better. </p><p>Self-referential tests. </p><p>Code coverage. Want all code to be run during testing; important code to be run multiple times. </p><p>Test the full specification. </p><p>Static analysis: we use a tool called Nifroll (?) </p><p>Look at Solc warnings &amp; analyze bytecode. </p><p>Reading the code is the most time-consuming part. Best opportunity to make us all more efficient: automated tools to help auditor pay attention to right parts. </p><p>This is the most annoying part of the process. </p><p>Devs need to have written down their intentions for the code. </p><p>Specification is evidence of thoughtfulness. </p><p>Use Oyente; but it doesnt find anything new generally. </p><p>We also think through game-theoretic attacks: </p><p>E.g. front-running (transaction-ordering stuff). </p><p>Whats ideal process for testing: </p><p>1) run local testing </p><p>2) run that test suite on some testnet. </p><p>Put system on mainnet with 2 week bug bounty. </p><p>E.g. ENS bugs werent caught on testnet. There was a typo that didnt get caught. </p><p>Want: more scenarios were theres economic incentives to break the system vs. just out of good will of devs spending time. </p><p>Documentation around best practices external to writing smart contracts </p><p>E.g. how to safely deploy your system. </p><p>Theres easy tricks how to make this easier.. </p><p>Theres lots of operational &amp; security related info to share.. </p><p>Bounty this into one doc as resource list.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Piper Merriam </p><p>Nick Johnson </p><p>Christian Lundkvist (@ Consensys) </p><p>Joseph Chow (@ Consensys) </p><p>Mike Golden (@ Consensys)</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'13': {
'Name': 'Nick Dodson',
'How do you handle smart contract verification and security?': '<p>Mythril will be useful when in full bloom - need more oversight on contracts in general</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Working on experimental infrastructure. ARES, GovernX. </p><p>Building off-chain stuff - in order to conduct governance in organizational structures, most of the work is off-chain. </p><p>Will also be doing on-chain governance, where they build DAPPs for ICOs </p><p>Infrastructure level stuff: infura.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Solidity Compiler </p><p>The C version is very fast - but if you run the emscripten version, its painfully slow. In transpiling process of C++ version, it drops down performance. The JS transpile needs to be improved. </p><p>Solc compiler slows down development time. Ideal to stay in local JS (and not have to go back to solc), have it compiled super fast inline using a tagged template literal or something like it (using require(“solc-inline”) or equivalent). </p><p>Could write `solidity` in backticks and have it compiled all in same file. </p><p>Would make experimentation and testing much easier and faster. Could potentially provide some specs/API for this. Will provide further specs via email. </p><p>Trying to build complex systems with 20 contracts and everytime need to wait 20 minutes </p><p>TestRPC + Geth Client </p><p>Not well maintained - ask Truffle team. </p><p>People are trying to get away from it - people want to test on GETH / Parity and use them to run their own Geth nodes, but its a pain in the ass. </p><p>Was working on Geth library that allowed you to run in Mac / PC with JS </p><p>Used Geth like Testrpc - allowed you to test contract codes against all clients (Geth / RPC / Parity) </p><p>Never finished, but definitely needed. </p><p>If youre running contract tests locally, TestRPC is only ETH JS VM. This is, however, not the VM most of miners are using, and that can be cause for concern. </p><p>Can we make testing contracts against Geth easier? NodeJS Wrapper against Geth (most people are using Truffle - would be happy if Truffle had a module for this) </p><p>Truffle uses Ganache which is ETH JS VM - this isnt used in production. </p><p>Truffle involves hassle of having to download run and configure GETH </p><p>Maybe a wrapper or easy install script - run Geth like TestRPC</p>',
'What are your biggest frustrations?': '<p>Data verifiability problem - nobody is going to another source of data </p><p>Run your own local system and test whatever is run by Infura vs. your system -- should be able to test this against your own local Dapp </p><p>Not a lot of utility to compare -- would be great to have library and testing script </p><p>Protection mechanism to keep an eye on infura -- ecosystem driven thinking to reduce amount of trust to test what they are giving us </p><p>Exchanges should be running internal nodes to make sure getting the right data - need something to compare their node to Infura </p><p>Build a Dual Provider. Make a little library, connect your own provider and Infura, and then compare that both are behaving the same. Verify yourself </p><p>ETH.JS Stuff - small items </p><p>Websocket support </p><p>Moving ABI module to Richards module</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Tell us more about TCRs and DAOs? </p><p>There are many groups that need it for protocol or token </p><p>Rendered basic systems and services that we really need </p><p>Notifications - if youre in governing body, you need to be notified via normal devices to conduct governance </p><p>Working on notification systems for TCRs, multi-sigs, Aragon DAOs </p><p>Scraping chain data and issuing emails - databasing and emailing. Should be easy to do. </p><p>Verifiable chat system - most governance is about the conversation. </p><p>Low level real time, high performance, contractually restricted chat. This is centralized, but data storage is decentralized and data content is verifiable. </p><p>Can be encrypted using RSA </p><p>Will spin out live chat for ecosystem - enhance dapps with real time live chat </p><p>Data / Statistical Analysis - Alethio (deep rich blockchain analysis system) </p><p>Lots of data coming in for governing structures - no reason to load from Infura </p><p>Reporting and data analysis on governance structures </p><p>What is participation like? </p><p>How well is a TCR performing? </p><p>Off-Chain verifiable polling - votes and data are verifiable </p><p>Coordination is only attack vector. </p><p>Final tally is rendered sum of onchain and offchain sum </p><p>How can off-chain channels be made into a near-front end experience? </p><p>How are APIs made in a very simple manner</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'14': {
'Name': 'Ilan Benbrith',
'How do you handle smart contract verification and security?': '<p>Consensys Diligence provides some of the best resources and best practices online</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Im the Technical PM at Consensys Academy working on an 11-week developer program. Im responsible for maintaining the course and making sure people reach their development goals. </p><p>The course is for experienced developers - experience with languages/git required. </p><p>Overall objective is to attract people to and grow the Ethereum community </p><p>Content creation, assignments, course, customer/student support, external resources, connection with Consensys mentors </p><p>The course starts with intro to blockchain in general, so that students dont have to know too much about blockchain. Historical context/ timeline, technical underpinnings of blockchain, technical underpinnings of Ethereum. Difference in mindset between traditional development vs DApp development. </p><p>Teaching them the setup and tools theyll need for the program (Truffle, Ganache, Remix, etc.) </p><p>Then EVM, Solidity/smart contracts, connecting a front end with React Native </p><p>Security smart contracting and auditing with help from ConsenSys Diligence </p><p>Finally, different integrations (IPFS, Oracalize, etc.) and design patterns of different teams. </p><p> LLL, Assembly language for the EVM, Vyper. </p><p> Ethereum Improvement proposals/ Ethereum Request for Comments processes</p>',
'What are the tools/libraries/frameworks you use?': '<p>Truffle, Ganache, Remix, Metamask etc. </p><p>Front end </p><p>React Native </p><p>LLL, Front end libraries </p><p>We give wide exposure</p>',
'What are your biggest frustrations?': '<p>Gas and fees is a common frustration, given that they are an extra consideration that must be taken into account. Test Ether required. </p><p>Speed, once launched on mainnet latency is frustrating.</p>',
'How do you handle testing?': '<p>Truffle testing </p><p>Best practices resources</p>',
'What tools dont exist at the moment?': '<p>Drizzle is a really cool idea for front-end development</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': '<p>Were still so early on but we hope to incorporate feedback for now.</p>',
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Youtube videos </p><p>Conferences and Meetups - putting names to faces, seeing others pain points </p><p>Watching someone build out an application</p>',
'Are there any other questions we should be asking?': null
},
'15': {
'Name': 'Goncalo Sa',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>None come to mind right now. Lets keep the focus on EthPM here - we need to make sure as many people use it as possible! We should have done this a long time ago and we need to dogfood it as a community!</p>',
'Who are you and what are you working on?': '<p>I work at Consensys Diligence - focus on security of the ecosystem. Everything that is related to security: its on our roadmap to tackle it. </p><p>95% of our work today consists in doing security audits on smart contracts - any EVM-compatible or “compilable” code. That accounts for building security tools that do the checks automatically, or that assist on manual inspection. </p><p>The goal is to eventually encompass everything related to Ethereum security. </p><p>I have always been hacking - a grey hat of sorts. </p><p>Built an ad tech startup, which had a built from scratch ad server that I did the architecture for. </p><p>Had a mobile app to tell Portuguese people what was happening in their city.</p>',
'What are the tools/libraries/frameworks you use?': '<p>I used to use Remix a lot more than I do today (though I still use it heavily). </p><p>Use it as a text editor, in fact, but mostly for debugger when I am auditing, especially when trying to prove/disprove an attack I have thought up. </p><p>Visual debugging feature helps me a lot. Its not perfect, though. </p><p>Were fans of dogfooding, so I use Mythril a lot, which was initially created by Bernard, but is now being developed by a bunch of people we hired. </p><p>Used mostly for automatic detection of errors. </p><p>Oyente is falling behind a bit, so I havent used it in a long time. </p><p>Manticore is not built by us and does the same thing as Mythril (we have compared it). Though the inner workings are very different, the result is largely similar. </p><p>Have played with, but never tried to integrate, Enchidna into my workflow, as it is difficult to work with due largely to deadlines. </p><p>Rattle is closed source, so havent yet got around to playing with it. </p><p>I extended a tool from Federico, who has an ANTLR parser for solidity, that is basically a viz and query tool for solidity contracts. Everything from inheritance trees to function call graphs and querying function paths in the function call graph. It is a tool to help with manual inspection particularly.</p>',
'What are your biggest frustrations?': '<p>I really, really want a good visual debugger. I dont think Im alone on this one either, but I also dont think people are as passionate about this as I am. </p><p>My main motivation behind this is that I really like visual debugging and it is just so much easier, when debugging a very low level program, to have a visual aide. </p><p>It requires real experience to reason about things at a very low level and see the effect of each line of code. </p><p>Remix, right now, has a very steep learning curve and we are missing the opportunity to make sure that every developer coming in gets clear insight into the nitty gritty details, the fine print, of the EVM that actually gives them full control over what they are doing and what they want to do. </p><p>I feel that very contained environments are usually more appealing to people just entering the world of computers and programming. </p><p>When Apple started with Swift playgrounds and lots of integrations, I saw a bunch of people just flocking into iOS development. It was just so easy to understand what is happening - its all very visual and easy to grok.</p>',
'How do you handle testing?': '<p>Remix, Surya and Mythril as above. </p><p>Very small number of instances where I need to do something off chain, for which I will then use Truffle.</p>',
'What tools dont exist at the moment?': '<p>A proper, local dummy client. I love the Truffle team and I love Ganache, which I use a lot. </p><p>I run a lot of tesst on Ganache, which are not seamless to run on other machines, so I would love a super seamless cross-platform client that has a great block explorer in it. </p><p>Using the visual version of Ganache about a month ago, I couldnt see events being fired, or various important details on transactions happening there. We need a more full-fledged local client. </p><p>We havent really prepared for how to handle contracts across shards (coming months to years, who knows?). </p><p>We are looking mostly at tools to support the WASM architecture. This is likely the problem that will take the most of our time, I think. I have talked to Johan Barbie about this and Im not sure anyone has a very good solution for what a tool that would help scheme the interactions out actually looks like. </p><p>I am personally more worried about language design stuff, and languages in general, than I am about the consensus layer, or anything below the language and application layer. </p><p>We are also working hard on updating our tools to support, for instance, Vyper. John has been doing a terrific job there, doing contract translations from Solidity to Vyper, built a plugin for Truffle. </p><p>Mythril will also eWASM at some point before it goes into production.</p>',
'Other domain specific questions?': '<p>What are the details/patterns in smart contract audits you see often that people should not be writing? </p><p>People are lacking the granular insight that is required - along with the right mindset/philosophy/paradigmatic approach to writing smart contracts. This goes back to the need for better visual tools, in my opinion. </p><p>A lot of contracts do not acknowledge that they are operating in a resource-constrained environment. For instance, I see lots of loops - which is not a desirable thing when operating on top of Ethereum. </p><p>People also dont have that “asynchronous mindset”, unless you have been working with a very strange stack indeed. Even people coming from JS and pure node backgrounds - its not quite the same thing. </p><p>They keep favouring push mechanism when there should be a pull one (or vice versa). </p><p>In reality, this is a very hard question. I do have a collection of very specific stuff I have seen people do wrong, but - in a very general manner - the biggest problem is bringing synchronous patterns into smart contracts. </p><p>Thinking of a way to have them do otherwise, this whole thing is promoted by people not getting what is actually happening beneath their code. They know it is “distributed”, but what does that mean to them? Hence the need for something like a Swift playground in order to make it easier to grasp the use of resources on the network</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Bernard Miller from our team, focussed entirely on Mythril.</p>',
'What are the best educational resources?': '<p>I do this less frequently now, but I basically watch every interesting repo to know what they are doing next before any announcement or anything. </p><p>I also spend a lot of time reading the docs in that repo. In fact, a couple years back, I would spend most of my time reading those kind of docs. </p><p>Also, the Ethereum wiki has a lot of super involved stuff that is not easy to grasp and there should be somewhere where those things are explained far more simply. </p><p>Again, Im a very visual guy, and that wiki really lacks graphics and images that could be really helpful in terms of giving a wider group of people insight into the innards of the systems. </p><p>Things like RLP encoding, Patricia-Merkle tries, or the ABI sender (which I went back to over and over again until eventually getting to a sort of Eureka moment re encoding reference types). I feel like the tries, in particular, are very visual things. </p><p>RLP graphic resources would really help because it is such a specific thing. </p><p>The Beige Paper is awesome, but its still not the end game - its too technical still with almost no visual guidance still requires a very big leap for people dealing with blockchain for the first time.</p>',
'Are there any other questions we should be asking?': null
},
'16': {
'Name': 'Fabiano, Jordan, Nick',
'How do you handle smart contract verification and security?': '<p>Audit code: bounty hunt program, found one major one via community. Ran our own repo specifically for this on Github. </p><p>Community auditing through bounty programs.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Cryptokitties! Goals they have are to get multiple millions of users, the sooner the better. Ethereum sharding would be very nice, but even then there are scalability problems. Looking into other chains, EOS, Neo, Cardano Looking at things from a scalability perspective. </p><p>Back-end stuff reconciling state of the world between blockchain and their stuff</p>',
'What are the tools/libraries/frameworks you use?': '<p>Been a while since we have done smart contract development, havent done any since we deployed. Truffle framework, TestRPC (now Ganache). The standards at the time.</p>',
'What are your biggest frustrations?': '<p>The lack of proper debugging support. That caused us to lose so much time. Even more than the slow compiles. </p><p>Biggest pain points: </p><p>When we were using Solidity, some safety features were added later, especially visibility modifiers on functions. </p><p>The compiler is very slow. Recompiling took ~30 seconds slow. T </p><p>ests were slow as well. </p><p>No easy way to debug. </p><p>Debugging tool for Solidity, what would it look like? </p><p>Write “debugger” and it stops there. </p><p>Breakpoints, step through code. </p><p>Quite difficult to log something through a function. It would revert if it failed, even logging was failing. If a require failed it would be tough to find error. </p><p>Planning on working on contracts soon? Or moving on? </p><p>Have plans for a MetaData extensions, push kitty images to IPFS, and have kitty image as a piece of metadata for the cat. Thats the big one. </p><p>Front-end: </p><p>web3 is the only library required. The web3 works as any wallet solution has the implementation web3. </p><p>Web3 1.0 beta, 0.26. On webapp they are on web3 1.0 beta, seems stable for the browser. </p><p>Read and write functions for the contract, nothing crazy. </p><p>The problem with web3 0.2: docs are not great at all.</p>',
'How do you handle testing?': '<p>Standard testing and using community to audit contracts</p>',
'What tools dont exist at the moment?': '<p>2 main areas with significant problems: </p><p>Data analytics and reconciliation btw on-chain and off-chain data. </p><p>Our first MVP didnt have a back-end at all but we had to develop a back-end as we scaled. Reconciling these quickly and correctly is key. </p><p>Analytics is difficult. Web3 and Geth, have to hook into data. But there are too many hurdles to jump to get these. </p><p>In particular, the biggest problem is when we want to deal with analytics where some of the data is implicit, like a series of transactions. One tx doesnt give enough data. When someone bids on a sale option in cryptokitties, bidder, price, and catId. Have those 3 pieces of information. But when you ask how many cats has this person sold? This info is implicit in a wider set of txs, all of which you have to fetch and then compare.. </p><p>Part of this is not them including this info in advance. A common problem in the ecosystem is that once you deploy something you need more info after deploying a smart contract and its hard to get this</p>',
'Other domain specific questions?': '<p>Have you written any open source tools for scaling? </p><p>Looked into side chains and micropayments. </p><p>Side chains as implemented in something like Raiden dont allow people to build off what they build. On side chains kitty hats would not be possible. </p><p>Cryptokitties run son chain. Sidechains arent the option, but Plasma is really interesting to us. </p><p>Are you writing your own Plasma stuff? </p><p>Were looking for options that allow them to scale. </p><p>Plasma seems possible in theory. </p><p>We chose Ethereum in the first place because infrastructure is good, Metamask, Infura, etc.</p>',
'What was the hardest part about learning to develop with Ethereum?': '<p>The real problems come into play when you are very dependent on 3rd party apps, in their case MetaMask. Memory problems in Metamask. Cant really detect the state of Metamask. Stuck in a situation where they cant provide the relevant info to their users </p><p>When a user does something, its kind of a hope for the best situation. May take a long time. If a user buys something on Amazon, they get a confirmation in 30 seconds. In blockchain, we cant guarantee that info. Spent a lot of time educating users. Less with the libraries and more with the user communication and understanding of blockchain.</p>',
'What are you most excited about in the short term?': '<p>The thing we are excited about most in the next 3-6 months is whatever ends up being the scaling solution</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Solidity documentation was quite good. Had all the jumping off points. </p><p>Random mishmash of articles and whatnot :)</p>',
'Are there any other questions we should be asking?': null
},
'17': {
'Name': 'Andy Milenius',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>DappHub: </p><p>Working on dev tools since I got into the space in 2015. There were no tools at all; we wanted to create them in a holistic way from first principles. </p><p>Made tools to make use of Solidity compiler &amp; make Ethereum API &amp; EVM simpler in general. </p><p>Formal verifications &amp; contract safety.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Ethereum relies heavily on Javascript dev tools; “that node modules way of life”. </p><p>Javascript: its polarizing; you either love it or hate it. </p><p>The fact that theres a JS tool for something doesnt mean that it doesnt need to exist otherwise. </p><p>Examples: </p><p>Pipers python tools </p><p>(would like to see C++) </p><p>Makers bash tools </p><p>Some dapphub Haskell tools </p><p>EF should put money into language ecosystems; replicate what we have (more front-end library systems!) </p><p>Second layer tools - the Ethereum API is a huge pain point. </p><p>RPC - if youre on the command line, its a pain in the ass. </p><p>High-level access into the Ethereum API; more granular than the REST API </p><p>In JS this is: Web3.py; in python its web3.js </p><p>Small drop in solutions for talking to a client </p><p>Why is there not a good robust solution for caching the blockchain in a normal database? </p><p>Maker has funded this. </p><p>VulcanizeDB done by Rick Dudley; Maker is funding </p><p>When you talk to Infura, the Ethereum API, is mostly via HTTP. Need sockets. </p><p>If you want to query events, itll probably time out. </p><p>It will be cool if EF runs archive nodes, cached data. </p><p>Feels bad about Metamask: </p><p>If you only used them to write to blockchain, then it would be so much simpler for them. </p><p>Metamask just pipes all the requests to Infura; costs around 100k a month. </p><p>The reason why everyone uses Metamask, is because theres no other robust solution. If EF funded a solution, itll be helpful </p><p>Metamask is customer support for the entire Ethereum ecosystem. </p><p>Event querying </p><p>Make it so that its not scanning for the whole blockchain. </p><p>Light clients </p><p>Everyones trying to build the perfect architecture. Metamask is trying to build something that works. </p><p>Metamasks version: </p><p>An awesome intermediate step: </p><p>Infura publishes a block onto IPFS using pubsub </p><p>All the metamask nodes gossip it to each other. </p><p>Could EF support this. </p><p>There is someone publishing all blocks from all blockchains on IPFS, into a meta-blockchain, called Braid. </p><p>Whisper &amp; Swarm: </p><p>Theres other people still working on these outside of ETH </p><p>Swarm is similar to IPFS. </p><p>Does ETH need p2p messaging </p><p>Theres systems that work: </p><p>DAT protocol / secure scuttlebut (1,000s of people on these networks) </p><p>Ask the Secure Scuttlebut ecosystem what their issues are </p><p>Dfinity gave a grant to secure scuttlebut </p><p>It would improve the Ethereum community image if were working with others. </p><p>Identify other projects that are good; trim the fat from our ecosystem; and then build a relationship with them. </p><p>“Living life on hard mode” people who dont do ICOs. </p><p>Other ecosystems that are good: show commitment to Protocol Labs </p><p>Libp2p </p><p>IPLD </p><p>More formal partnership -- integrating properly </p><p>Devp2p is bad </p><p>Less than 1% of requests you make are Ethereum mainnet. </p><p>You contact other nodes without knowing if theyre on Kovan, Mainnet etc </p><p>Super inefficient; all these handshakes. </p><p>Main bottleneck in Geth -- every ETH node talks on Devp2p </p><p>Gotta switch to libp2p! </p><p>Are Geth team dynamics good? </p><p>Idea: a parallel IPFS pinning service; as a hedge against Filecoin not working.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>How can Ethereum create more cultural norms and lead by example? </p><p>Take a more leadership role to say nice things about other ecosystems, languages etc. </p><p>Ethereum Comms department.</p>'
},
'18': {
'Name': 'Esteban Ordano',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Biggest request: have ERC20 upgraded to ERC223. </p><p>We have troubles with small re-orgs transferring immediately upon approvals causes issues. </p><p>This was a problem with our code; hard to develop. </p><p>Have watchers on the Blockchain, and sending transaction to make correct transfer, e.g. for MANA token.</p>',
'Who are you and what are you working on?': '<p>Im hiring two or three people excellent engineers to build tooling. </p><p>Were calling the project Voltaire Labs, after the Voltaire house. Trying to get Sergio Lerner to help with that. Getting people I know from Google. Maybe we should join efforts? Will intro to Federico Bond. </p><p>Our infra: </p><p>MANA token which is an ERC20. </p><p>Auction of Land. </p><p>Land smart contract which is an NFT token standard. </p><p>Got tired of not hearing back re ERC non-fungibles improvements. Proposed alternative ERC. </p><p>Land registry of who owns which land parcel. </p><p>These link to IPFS or IPNS for content of land. </p><p>Decentralized exchange of land parcels. </p><p>Small tool for sending emails whenever an event is triggered on your contract. EthAlarm: takes address of contract, ABI, pick events that youre interested in. </p><p>We run the land auction off-chain, we had a period of registration where youd send the MANA you wanted to use in the auction. At the end of the auction, we distributed the NFT tokens and returned MANA. </p><p>Auction was mostly an independent application better UX, less fees </p><p>Why the auction was off-chain: </p><p>We processed around 115k bids. The UX for the auction was great. We managed to provide the user with an experience that was way better, because it wasnt blockchain-based. </p><p>Both on the browser and the server, we exchanged cryptographic receipts “Id like to bid for the following parcel (x,y), (x,y) at the end youd receive a signed receipt” the server would receive that message, and say back “Ive received a bid, and heres your receipt”. All these receipts are public. </p><p>Anyone in the auction everyone could act as an independent verifier of the auction. </p><p>We returned a receipt had a nonce </p><p>We can audit the whole auction. Can prove every bid that we received. </p><p>How weve been running auditing </p><p>We sold $16m worth of parcels of land. </p><p>We wanted to make sure that they werent messing up. </p><p>Not many people were checking but a few did and even reported back some issues; community trusted them. </p><p>Would be best if this was run on a decentralized protocol so people didnt have to trust these guys. </p><p>Were building a voting scheme with MANA: </p><p>“How tall should this building be?” </p><p>We are repeating the same pattern as the auction. </p><p>Our voting scheme is offchain and non-binding, because the project is early enough that people can back out.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': null,
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Pains: </p><p>The gas issues the expensiveness of the whole process. </p><p>We are subsidizing the whole process of deploying the land. </p><p>We are also subsidizing the second transaction after the ERC is assigned. </p><p>This whole process will take 12 million, 150 ETH. </p><p>We also had to make the contract upgradable with the delegate proxy pattern </p><p>We are worried that Solidity will change, and the structure of storage will change. </p><p>Our thinking: were doing some engineering on how to sell the next batch of land we came up with a better system to sell that land its going to be pretty neat. Were not going to have this issue. </p><p>Decentralized exchanges: </p><p>Looking forward to 0x adding a version of their protocol for non-fungibles. Which has now happened! https://blog.0xproject.com/introducing-0x-protocol-v2-9f5bda04d38d </p><p>State channels: </p><p>Looking forward for Raiden </p><p>Was thinking of funding Lightning Network for ERC20 network </p><p>Simulating a UTXO model on ERC20 tokens </p><p>Wants for interoperability between Bitcoin and Ethereum. </p><p>Olaoluwa (from Lightning) is the best coder in the world. </p><p>Bitcoin world is more secure. </p><p>Lightning code is written like poetry.</p>',
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Should speak with Fede should collaborate together theyre interested in throwing money at sidechain &amp; Plasma chain.</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'19': {
'Name': 'Matias Bargas',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>I used to be an investor, but came to crypto and Decentraland at the same time. </p><p>I used to work with Juan and 2 other guys who all joined the team at the same time. I really wanted to leave enterprise companies and loved the team already there. </p><p>Its about the open philosophy, and break down the walls around the 1% of the 1% and diffuse power into the hands of everyone. </p><p>I was working on an online IDE for an in-house language at MuleSoft. Now the engineering manager at Decentraland.</p>',
'What are the tools/libraries/frameworks you use?': '<p>The whole Ethereum stack, basically. </p><p>Truffle </p><p>Integration with common developer tools is not fantastic. We need to start thinking about and building our tools in such a way that is easier for the guy/girl who comes after me to fix the issues that come up. </p><p>If we are changing the world, why are we still thinking in narrow ways about how our tools should be used and by whom? </p><p>VS Code </p><p>React, typescript, nodejs </p><p>Bablyon.js as an engine for VR </p><p>Web3 </p><p>One of team members rewrote web3 into typescript for EthBuenosAires and all the tests are passing! Will post a link here after the hackathon. </p><p>There were typos there! </p><p>There was functionality not working (and there are billions of $s running on top of it!) </p><p>IPFS for decentralized deployments. </p><p>Scalability is a concern here. If we want to deploy the whole metaverse in IPFS, we actually cant. We need to replicate data in, I dont know, Amazon or something because we cant supply the level of connection we need to (just 100,000 users or so, not even in the millions). And even this will require bootstrapping nodes like crazy. </p><p>The IPFS cluster is still in alpha and not as stable as we need it to be. </p><p>We are waiting for scalability, but we dont have the tools to monitor and handle that amount of information anyway, and this is a concern for us. </p><p>I havent used this yet, but this seems to be an interesting tool: https://github.com/nomiclabs/buidler</p>',
'What are your biggest frustrations?': '<p>Real monitoring information is tough to come by. I come from enterprise where this stuff just exists and the ability to fetch the data you want to fetch is never really in question. </p><p>Browsing through a node that has a huge list of unindexed transactions without all the information you need in an easily accessible place is hard. </p><p>With our own tools, we are building our own framework in order to move tx information from the blockchain to the db and from the db to the app. </p><p>We need transformations between each layer (which wasnt that hard to build). But now we need a really generic way to do this and to publish it for people building DApps and using our SDK. And with a centralised DB, this is not possible. </p><p>We are failing with dev tools in general. </p><p>Lets think about Java a bit. You have the JVM, a mature language and a complete set of IDEs. You also have a tonne of framework for building Java applications. There are also great monitoring tools. </p><p>Logging systems are a great and practical example of this. How can I log failures from Solidity without using events in a way which they werent really intended to be used? We need a Splunk equivalent. </p><p>Terraform, AppDynamics, etc - these things dont exist for blockchains and really need to be built. </p><p>We need to focus more on tech and shipping things and less on the people with money or how our token is performing. </p><p>We care about nothing but the tech we ship. We encourage others toward similar feelings ;)</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': '<p>Starting from the infrastructure stuff: we need a new language to describe all the set of things that you need to do in order to deploy one or more contracts. </p><p>You have you application made up of a set of contracts that are all talking to each other: we need a decentralized logging system to make sure they are all still working properly and the events that are being dispatched by the nodes are correct. </p><p>A complete set of tools for testing. Truffle is not adaptable enough. </p><p>The work being done by Zeppelin on securing contracts and providing best practices around how to use audited contracts is great.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>The Decentraland client!! Woot woot. </p><p>Something that helps me to generalised solve side channels. </p><p>Status.</p>',
'Was anything easier than expected?': '<p>No, not really. </p><p>Actually, extending the open zeppelin stuff was pretty easy. </p><p>Someone tried to exploit Decentraland and because we validate with open zeppelin it was safe, and we got that for free! </p><p>Its great to see that security is taken seriously (though I still have a tonne of concerns about managing funds on public networks).</p>',
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>I came from a strange backend doing tooling for languages for the last 6 years, so I dont have the right approach to learning for most, I think. </p><p>Should be readable, reliable and consistent. E.g. I prefer typescript over js because it behaves as expected and has been validated by the communicated. Java > python because it also behaves better and more in line with your expectations. I need a language with only one way to do things. </p><p>If Solidity fulfilled this, why do we need to test it with javascript? </p><p>I never did any course, I just read contracts and code that seemed interesting. </p><p>Started with Zeppelins ERC20 and went from there through GitHub and started writing little tweaks and commits myself. </p><p>I had also had some experience with React, so that set me up well for DApps. </p><p>Having awesome and intelligent colleagues is such a bonus too!</p>',
'Are there any other questions we should be asking?': null
},
'20': {
'Name': 'Nadav Hollander',
'How do you handle smart contract verification and security?': '<p>Write down in plain text documents what the invariants are for the contracts. Just very clear human speak for how the contract should behave. </p><p>Then write unit tests relentlessly. </p><p>Ideally, there would be code review, but he is coding solo in his stuff write now. </p><p>Finding an audit is a crappy process. No information on who is doing it, what prices look like, which auditors are good / have good reputations. </p><p>Talked to zeppelin </p><p>Talked to Consensys diligence </p><p>Talked to Quantstamp</p>',
'Other bounties?': '<p>A GREAT SOLIDITY DEBUGGER </p><p>A turnkey solution to the “trusted relay chain” thing. Just make it easy for people to spin up a side chain, run their programs on it, rewind history to a specific point in time, etc. </p><p>Also let you set up rules on it like locking up deposits for a week between the side chain and the main chain.</p>',
'Who are you and what are you working on?': '<p>Building Dharma - open protocol for tokenized debt </p><p>Pretty much exclusively at the contract level, sometimes using stuff like libraries that wrap around contracts.</p>',
'What are the tools/libraries/frameworks you use?': '<p>I like to use Typescript for testing. </p><p>0x team built a great tool for generating typescript tests from ABIs </p><p>Using truffle to test.</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': '<p>Truffle to write JS unit tests. </p><p>** There are not good mocking libraries for solidity ** </p><p>Had to roll my own mocking contracts for testing </p><p>A better native solidity testing framework with mocking would be awesome </p><p>No manual testing. </p><p>Its still pretty painful to do this too</p>',
'What tools dont exist at the moment?': '<p>Good logging and debugging </p><p>Setting up your own side chain easily to test things on because it would be way faster</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>“What is the thing that makes debugging solidity code the hardest?” (for me, its that you cant log anything at all, and no working debuggers)</p>'
},
'21': {
'Name': 'Alex van de Sande',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Finding talented people is very hard. They are in such high demand. Trying to get people out of school. Online courses in Solidity. </p><p>Web developers, software engineers. </p><p>Separate recruiting approaches for the Foundation.</p>',
'Who are you and what are you working on?': '<p>Working on Mist, the Ethereum browser. </p><p>Developers contributing open-source. </p><p>Theres a wall between core team &amp; open-source team. </p><p>Would love for people to be paid reliably for features. </p><p>3 Developers. Talk on Discord. </p><p>Current experimentations in paying open-source developers: </p><p>Colony </p><p>Commit F </p><p>We want beter Github integration. Now possible with Status Open Bounties and Gitcoin etc.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Securing Electron (desktop JS) was hard. (JS in website can take over your system - happens with chrome) </p><p>Integrating with other technologies: IPFS, Swarm, etc. Frustrating that they are all in their early days. </p><p>Information overlap - this is a major problem - e.g. in keeping up-to-date with Solidity developments, even though Im on the Foundation. </p><p>A lot of people have been trying to integrate this information without success </p><p>I like two things from the Foundation: </p><p>Daily standup for Geth team. </p><p>Every quarter Vitalik and Ming post an update on what happened in the Foundation. </p><p>To be improved at the Foundation: </p><p>On the operational side: </p><p>Make the foundation more open, more modular with their finances. Each team should have more autonomy, with their finances transparent on the blockchain. </p><p>On the technical side: </p><p>Autonomy would play into this as well. </p><p>What are you excited about: </p><p>Casper. </p><p>Sharding. </p><p>Applications: Aragon, MakerDAO.</p>',
'How do you handle testing?': '<p>People build new features, we check, and then approve it. </p><p>Weve had issues </p><p>Meteor.js migrating to React.</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>One dev working on a backend integration I stopped working on this to work on one issue “password wasnt working for user” couldnt reproduce the bug. Could put a bounty for someone to recreate the bug &amp; solve it. </p><p>Different systems: Gitter, Github issues, different wallets </p><p>How we solved: created a single issue with all comments from other issues. Created google form for anyone who had an issue, to see if theres a pattern amongst problems. </p><p>What type of expertise is needed for this: we dont have enough security oriented people on our team. We passed the bug reports to the Foundation security person, who tests them.[a] </p><p>Single case: serious bug report came in and was fixed. But couldnt test the fix, because they would have run exploit on their machines. They dont have pen testers. </p><p>Wanted less of a wall between their team and the outside. </p><p>Need: Recurring open source developers --- that are working for bounties -- </p><p>They havent tried bounties yet. </p><p>Is the problem: dev awareness or payment? </p><p>Theyre making app more modular.</p>',
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Nick Johnson </p><p>Ryan Zurrer</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'22': {
'Name': 'Nick Johnson',
'How do you handle smart contract verification and security?': '<p>Write a spec and define edge cases and corner cases </p><p>Lots of unit tests </p><p>Make a point of testing where you intentionally break </p><p>Ultimately get it audited </p><p>How will this get easier for beginners? </p><p>Open source solidity libraries so that less code needs to actually be written by beginners (just 10 lines of customization) </p><p>Build some of these best practices into static analysis tools (linterns on steroids) </p><p>Solicit crowdfunding to pay for the audits of projects that the mainstream is interested in </p><p>Open Zeppelin appears to be the best open source solidity library out there</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>ENS: documentation, smart contracts, UIs, </p><p>Auditing other smart contracts </p><p>Other smart contracts </p><p>Ether cards </p><p>Offchain: dev tool, EVM static analysis tool,</p>',
'What are the tools/libraries/frameworks you use?': '<p>Open Zeppelin tools are increasingly good. But try to keep the smart contracts as small as possible </p><p>Just web3 itself in terms of javascript </p><p>ETH Gas station and etherscan are useful for different reasons</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': '<p>Truffle unit testing with mocha </p><p>Added built in testrpc </p><p>Testrpc still doesnt have big number support for certain signatures so we have to fire up a geth node</p>',
'What tools dont exist at the moment?': '<p>Byzantium added return data size (prevents arbitrary return data size limits). Once solidity implements this, it will be possible to return strings and stuff. </p><p>Automated updatable smart contract?</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Becoming familiar with the execution model </p><p>You dont store the results on the blockchain, you store the invocations (because the computer is entirely deterministic)</p>',
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'23': {
'Name': 'Elena Nadolinski',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Documentation </p><p>Debugging, so helpful. A debugger with a memory view but without using Remix. Online IDE is not great UX for a developer. Coding in a website not a great pattern </p><p>Something that abstracts away MetaMask. An Open Source core. They are using a Chrome plugin because they are storing your private keys on your browser\'s local storage. If you could provide a core of this is how you talk to Infura. </p><p>Design system patterns. They really stick blockchain in your face. Want to sacrifice accuracy for a better UX. Design system. Very interested in participating in this. </p><p>Figma does a preliminary case study on design in the Bay. The crypto teams that do design use Figma. Corporate Design system, open source Figma file.</p>',
'Who are you and what are you working on?': '<p>Last 6 months have been working on Solidity, Ethmoji (like Gravitar for Ethereum). </p><p>Went to ETHWaterloo, have done talk at Hackathons about NFTs. Make your own NFT from scratch at ETHDenver. With tools that we have, things are not as hard as people think they are. Can write something in 20 minutes with tests! </p><p>OpenZeppelin came up to her and invited to talk at ETHBA. </p><p>With EthMoji wanted to make it the best smart contract as possible, wanted to make it upgradeable.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Use Truffle because its by far the best framework for testing. Used Embark and Biddler, used Remix a bit for debugging things in memory. Memory explorer would be fascinating. In Solidity everything is a hash table. No case at all for catching hash collisions. </p><p>OpenZeppelin, played around with ZeppelinOS but would use it more in the future. </p><p>VSCode with Solidity plug-in, almost never have problems. </p><p>Eth-gas-reporter is amazing :) </p><p>Command line tool for code coverage, Solidity-coverage is a mocha plug-in</p>',
'What are your biggest frustrations?': '<p>Lack of error messages, since Solidity 24 you can add messages. But its not backwards compatible. More visibility on what failed and where, that would be extremely helpful. </p><p>Do your own Metamask. As your client you dont have to run your own Node, but want a way to abstract that. Dont have to rely heavily on Metamask. People get confused on why you need Metamask.</p>',
'How do you handle testing?': '<p>Truffle for testing. Force people to do TTD in events! </p><p>Truffle is not efficient in deploying things, can have a deployer contract that handles with more gas efficiency.</p>',
'What tools dont exist at the moment?': '<p>A lot of tools exist but arent being utilized here. Theres no reason that Travis cant run with Truffle. But this pattern doesnt exist. Now that we have upgradeable contracts we can think of smart contracts like regular development. </p><p>Documentation, for a beginner starting out its extremely difficult. Not that many good tutorials on how to use technologies together. </p><p>Index of good tutorials. For IPFS in a smart contract. Want more deeper tutorials. Want to understand the why.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Its a myth for how hard it is. “Im a Solidity developer” is associated with something difficult, but a smart contract is just a piece of code. Once that clicks its easier.</p>',
'What are you most excited about in the short term?': '<p>Quitting her job to start her own project so very excited about that. Excited to explore privacy in tech. Crypto is binary, either it fades aways or takes over the world! </p><p>Scalability and stability are covered. But not a lot of people are focusing on privacy. Monero and Zcash and explore others, but theyre pretty slow.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Christopher Gewecke, Wyvern team</p>',
'What are the best educational resources?': '<p>Personally found a couple Medium articles here and there, Medium article on how to do your own ERC20 coin in 60 minutes or so. Had to Google a lot. </p><p>Good article on NFTs, read the docs website for Solidity. For a beginner its hard </p><p>Various projects have good resources, Dharma has a good walkthrough. Collateralize an NFT, you have a loan on a CryptoKitty. Walks a beginner through step-by-step. </p><p>CryptoZombies is really good. They do a really good job. They move very quickly into advanced topics.</p>',
'Are there any other questions we should be asking?': '<p>Real world companies that are not tech savvy could benefit from blockchain. Want to sell art to the blockchain, thats a day project. Squarespace or Wix for dApps. Patterns are so common. If we want to make blockchain more widely used, make this drag and drop and easy. Abstract that away.</p>'
},
'24': {
'Name': 'Swaroop',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>We are building EthVigil an API gateway to to help developers build apps on blockchain without worrying about nodes or RPC calls. We take any smart contract and turn it into a REST interface. Use a modified ERC20 token (and a hacked Remix IDE). So you dont have to worry about encoding it, filling out strings, etc. Deploy it to a testnet. Even take care of issues that could occur on the blockchain. </p><p>Once its deployed its like a Swagger API, make all the Get calls, etc. Any web developer can see how it works. Setting up private keys, all that signing, all that stuff is taken care of (custodian feature). All you need is an API key, abstracts away some of the pain. </p><p>Demoed minting some tokens. EthVigil goes deeper and will investigate if transactions will fail. Any web developer can use it upfront. Can add integrations, their system monitors the whole blockchain for events, can get notifications on Slack/email.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Mostly custom tools. Started with web3, started with Truffle but was running into a lot trouble using them so rolled their own.</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': '<p>Basic unit tests, integration testing. So much of the codebase that keeps changing so difficult to stay on top of testing, but have must stricter tests on mainnet. At the moment dont have external auditing.</p>',
'What tools dont exist at the moment?': '<p>Web3 is a library to make it easier for a lot of developers in the space. But we use JSON RPC calls directly, dont want to abstract on top of this so dont want to get anything in between this. Had some issues with web3py. </p><p>Recommend that our customers use Truffle, Ganache, etc.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>The first thing I built was a tool that looks for any ERC20 transfer automatically. Built in one month. Not just writing code but understanding the Ethereum paradigm. But Im not a finance guy or trader so wasnt super excited about this. </p><p>Current error codes are not that useful. Getting a response back saying 0x from JSON RPC for some very weird reasons, but doesnt handle errors in a great way. Better error codes. Wanted to jokingly call themselve the 0x company but it was already taken. </p><p>Lack of documentation, but it has improved a lot.. </p><p>Dealing with the clients themselves, not using Infura. When you use clients directly and bypass Infura it can be painful to get things running. </p><p>Theres no flow at all really. I would randomly learn a bunch of things but nothing flowed together. I bought Ether but didnt need it to actually build on the blockchain. Ropsten was down all the time. Did our stuff on other Testnets. </p><p>Maybe we need to have a flow of learning the fundamentals. Its all out there but its not connected.</p>',
'What are you most excited about in the short term?': '<p>We built a platform to help people use blockchain but people dont know what they can build on blockchain. We think Digital Assets are the next big thing, CryptoKitties are the first step in showing the world what they can do. </p><p>They are setting up their company in the old way, but can do stuff on Ethereum. Writing stock on the blockchain could be a gamechanger. Document signing. </p><p>I hope the scaling issue will be solved soon.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Barely anything with tutorials when they got started. He gave his cofounder a crash course in a couple days, and then his cofounder went off and did a self-study. Some good videos were out there (Udemy?) that they bought. But the best thing is to do it on your own, especially because they are operating on a lower level. </p><p>Recommend to go to Ethereum mains website but not friendly enough for beginner to intermediate developer. But this is a paradigm change, completely different way of doing things. Have to educate the developers.</p>',
'Are there any other questions we should be asking?': null
},
'25': {
'Name': 'Alex Beregszazzi &amp; Pawel Bylica',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Pawel - focused on VM in general, spent a lot of time designing / optimizing the EVM for the future. </p><p>Experimenting with new ways to make the VM faster for future upgrades </p><p>Classic code optimization - added some small features to EVM (like Revert / Return Data Buffer / Shift Operators) </p><p>Works mostly with Alex -- changes in Byzantium were with Christian </p><p>Joined 2-3 months ago </p><p>Maintained C++ code base for Ethereum client -- experience with EVM </p><p>Alex </p><p>Started with building dApps, contracts, UIs everything was broken in 2015. </p><p>Then jumped into proposing things and fixing things; </p><p>Solidity </p><p>Testing </p><p>Javascript </p><p>Led to working on testrpc &amp; ganache-core </p><p>Worked on Trezor, and build a dApp for it. </p><p>Ended up with all these other issues: cpp-ethereum; testrpc; RPC methods. </p><p>Tried to raise issues, and sometimes they end up in improvements. </p><p>Spends most of his time in Solidity design. </p><p>eWASM started 3 years ago for 6 months then took a big break then now working on it for 3-4 months (really started in Jan).</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Communication is bad within EF and within ecosystem in general </p><p>People arent aware of existing products / solutions </p><p>Duplicate effort solving the same problems </p><p>Not everyone agrees on the same communication channels </p><p>People use different tools </p><p>Seems to be fixed now with Gitter. </p><p>Lack of resources </p><p>People jumping across projects </p><p>Workflow on EVM / eWASM problems (below): </p><p>Axic: Review process </p><p>On Solidity weve grown 200% </p><p>Some people are remote; a lot are part-time </p><p>Theres a lot of onboarding </p><p>Because of onboarding not everyones review is equal, takes some people with experience and insight. </p><p>Its very easy to block people </p><p>Github Projects kinda helped this process: </p><p>Organize features into versions. </p><p>They had a label for breaking changes; </p><p>Should be clear from the PR list. </p><p>Backlog is really large and growing. Theres too much that we dont have enough time to get setup project management process. </p><p>For every PR, someone has to learn all the subsystems that are involved. Solidity is a big codebase. </p><p>Its a complicated codebase; needs refactoring </p><p>Three ways of generating bytecode from AST: </p><p>Way 1: cpp stream of instructions, values, and comments </p><p>Way 2: append inline assembly </p><p>Way 3: compile Julia into bytecode </p><p>Our focus is moving to Julia, and using that to generate bytecode. </p><p>Weve planned a full rewrite of the “code generator” subsection. </p><p>But they found a way to do it without a full rewrite. </p><p>Julia: </p><p>Has an internal AST, a parser, a syntax for the parser. </p><p>Backends: which generate bytecode from the AST->EVM, EVM15, eWASM. </p><p>Transformation steps: things that happen on the AST; could be built independently. </p><p>These exist for EVM and EVM15. </p><p>Building these for eWASM could be a task. </p><p>But theyre good on-boarding work for new contributors. </p><p>The external static analyzer: </p><p>Written in Javascript. </p><p>Currently part of Remix. </p><p>Try to use a number of options that the compiler gives you. </p><p>Theres no option to turn off warnings. </p><p>Therefore: anything there is a warning, you should fix it. </p><p>Delegating warning generation for things that are conventions to this external static analyzer. </p><p>Two major things to be done for bounties re the static analyzer: </p><p>Bounty #1) Separate it from Remix, and make it independent. </p><p>Bounty #2) It uses the old AST format, that the compiler used to generate. </p><p>In other words: the compiler parses, creates an AST (which is a big JSON object), which is then passed to the static analyzer </p><p>The new AST JSON is much more compact but means that the static analyzer should be written. </p><p>This could be more iterative. </p><p>Mist has this notion that it has Solidity compilation built-in. </p><p>Considers “warnings” and “errors” the same so throws. </p><p>The homepage has 1) old Solidity examples (which has errors), 2) recommends Mist (which throws errors for warnings). </p><p>Pawel: </p><p>Making cpp-ethereum more modular. </p><p>Started removing some parts, and moving it to different repos. </p><p>Two things: </p><p>A Proxy for JSON RPC. </p><p>Maybe should write the Proxy in Go. </p><p>What it is: </p><p>Previously, we had 1) an HTTP server to handle the requests, and 2) some Unix sockets to handle other incoming requests. </p><p>The HTTP server is replaced by a simple Python script. Replaced the HTTP requests with a Unix socket requests, so same underlying system can be used. </p><p>Theres no reason for implementing all the transport layers in each client. </p><p>This Python script only exists in cpp-ethereum, but should be included in other clients. </p><p>Only complaint about Python: its hard to ship an executable object of code. </p><p>A proxy for the p2p network stack </p><p>Same as above, but for the networking layer. </p><p>E.g. devp2p or libp2p protocols. </p><p>Your application protocol (e.g. Ethereum or Swarm) connects to a new p2p layer. </p><p>We should instead use the same p2p layer. </p><p>Problem: duplicated effort of implementing the same things. </p><p>Need a nice interface for inter-process communication. </p><p>Can combine different parts of the stack in different languages. </p><p>EVM-C: C interface for EVM. </p><p>Should stay under Pawels control. </p><p>Potential bounties: create EVM-C bindings for different languages. </p><p>E.g. Python, Go. </p><p>Could be useful to have a fast EVM implementation; </p><p>Same idea for eWASM: </p><p>Use the same interface within go-ethereum to hook in eWASM. </p><p>Other bounties? </p><p>Research for opcode gas costs</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'26': {
'Name': 'Christian Reitwiessner',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Gas profiling: </p><p>Solidity does some upper-bound gas cost estimation but its not very useful because its just an upper bound. </p><p>How to calculate: run the EVM with specific inputs? </p><p>Or: run the function with larger and larger arrays; and find a “gas function” as a function of input size. But this also depends on state. </p><p>Solidity 16 stack slots issue: </p><p>Soon: well have structs, and this will be less of an issue. </p><p>When we have IULIA, this requirement will go away. </p><p>When IULIA compiles to EVM, it can move variables from stack to memory, after analyzing which is used or not. </p><p>Interesting: IULIA will compile to eWASM. </p><p>Inlining common function calls: </p><p>Were conservative when it comes to adding new features in the code generation flow. </p><p>We already have an optimizer for IULIA which does inlining; so that will resolve this. </p><p>The optimizer (in solc) has a switch which decides what to optimize for: code size, execution cost. </p><p>This exists, but is rather crude it assumes every opcode is only run once and this assumption breaks down if you have a loop. </p><p>Have Remco share his 0x example with Christian and how it could be improved in terms of gas estimation. </p><p>Constant delegation. </p><p>Have Remco to share example of hash not being calculated at compile-time. </p><p>Having a good technical writer who can understand the technical details of Ethereum, and improve the documentation. </p><p>Another model could be to create bounties for improving the documentation. Wont be bounties for a specific issue; but general rewards for improvements to the documentation. </p><p>Improving the documentation for Solidity </p><p>Theyre too deep inside this. Having an external viewpoint would be helpful. </p><p>In the research area: due to the way research funding works people publish the work, but do no maintain the software or integrate with other tools. </p><p>Integrating research software with development tooling &amp; keeping them up to date. </p><p>Big example: Formal Verification software </p><p>Five or six tools that similar to Oyente. </p><p>Remix has a plugin architecture possibly supports Oyente. </p><p>Idea for tool: being able to test very quickly if a contract implements an interface. </p><p>The problem is that you cannot enumerate the functions of a contract. </p><p>Theres a way to resolve this.</p>',
'Who are you and what are you working on?': '<p>90% of my time: design of Solidity language and its implementation </p><p>Formal verification part of the language </p><p>Deprioritized over the last 2 months. Will take on again in April. </p><p>Other projects: </p><p>General research </p><p>Less research re sharding or plasma More research on computational scalability of SNARKs, STARKs, Truebit </p><p>Handed off cpp-ethereum to Pavel not working on it as much.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': null,
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Tell us more about computational scalability on SNARKs, STARKs, Truebit? </p><p>Research on SNARKs implementation ZoKrates project. Only a PhD student right now Jacob. </p><p>A toolchain for creating ZkSNARK-enabled smart contract </p><p>Need help there, and can pay $ for it. </p><p>Why they havent focused on getting more people, is the project management burden there. </p><p>What kind of help we need: </p><p>Implementation. </p><p>The project is a compiler that takes a high-level language, turns it into an arithmetic circuit. Its PoC stage right now. Also needs help with the direction the project needs to go. Needs an evaluation of use-cases. </p><p>Also needs people with cryptography backgrounds who can implement efficient arithmetic circuit gadgets. </p><p>Someone who can deal with Rust as a language; finite-fields. </p><p>Open-source on Github. </p><p>Potential help: university research partners Dan Boneh? </p><p>Its early, PoC stage. currently the elliptic curve pre-compiles are too pricy. </p><p>The first step is to see how much it costs, and if its feasible because of this. </p><p>Analyze use-cases, and see whether its not too expensive. </p><p>Improve the trusted setup experience. </p><p>Solidity? </p><p>Development resources: were pretty much good right now. </p><p>We have issues marked: “good first task” or “help needed” these are good to pick up by external contributors. Theyre small in scope, so maybe doesnt make sense for large bounties. </p><p>Usually someone creates a PR, we have comments, they update the PR, we make comments, then the contributor loses interest. </p><p>Maybe: could have a person who is responsible for external contribution across all projects? </p><p>Another project: analyze external contributions, and understand why they werent completed. What was missing in the description / what was the issue? If youre creating an issue for external contributors, what is the detail / info you need so it gets picked up. </p><p>Where we need help: </p><p>External people to translate the documentation. </p><p>This is a big effort. Requires management. Need to keep translation up to date. </p><p>This doesnt really exist right now. Only have a Russian / Spanish translation that are old and rudimentary. </p><p>Theres people to do the translation need someone to do the project management. </p><p>More feedback from people who try out the most recent version of Solidity before it is released. </p><p>Before Remix was set to the most recent development snapshot. Now its set to latest stable, so dont get immediate feedback. </p><p>Truffle and etc only upgrade manually so its more stable but slows down the feedback / dev cycle. </p><p>How would this work: </p><p>“Reminder: people please try out new versions.” </p><p>Way to give feedback exists: creating an issue on Github OR their Gitter channel. </p><p>Most people cant use the latest the version because the toolset doesnt allow it. </p><p>As part of the CI, were running some tests with specific libraries. </p><p>Possible solution: </p><p>People submit their contracts to Solidity team. </p><p>They get integrated into their CI pipeline every time a new version is pushed, their contract tests are run. </p><p>We get contacted if tests pass re new version working. </p><p>Tools for developing Solidity </p><p>Its written in cpp, we usually cmake toolchain for building, cpp-ethereum for semantic tests; thinking about switching to their own interpreter to speed up tests. </p><p>Uses cpp-ethereum with a few extra RPC endpoints. Lets you rewind the blockchain to a particular block. Its also allows you to modify the timestamp in the next block. </p><p>Theyre standardizing these API endpoints. -> include ganache-cli in these discussions? </p><p>Ganache needs to have this ability. </p><p>Having a testing only Ethereum blockchain </p><p>Has a memory-only blockchain; is mainly meant to run tests on smart contracts. </p><p>Similar to ganache; but performance could be improved? </p><p>Ganache has a UI </p><p>To improve: high-throughput, many txes at once. </p><p>Notes on IULIA: </p><p>Compilation from IULIA to EVM is finished. </p><p>Optimizer is 90% finished. </p><p>This is why the ABIcoder isnt out yet, because it depends on the optimizer. </p><p>Big remaining chunk of work: </p><p>Writing code generator to go from Solidity to IULIA this is in solc. </p><p>A year away.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'27': {
'Name': 'Fabian Vogelsteller',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Need good IDEs: </p><p>Remix is good, but has problems. </p><p>Omkara Remix for Atom. Sophisticated Solidity IDE for the Atom browser </p><p>This project can get a lot bigger. Could add debugging. </p><p>Formal verification </p><p>Write specifications for smart contract implementations, generated proofs that can be tested against EVM code. </p><p>Smart contract security / best practices </p><p>Also comes down to an editor gives you recommendations, formatting, etc. </p><p>More examples in the Solidity documentation </p><p>Theres someone at the EF working on documentation now. </p><p>Unit-testing for Solidity contracts </p><p>Dapple: a tool for testing Solidity contracts using Solidity contracts unmaintained for 2 years now. </p><p>How is it that we dont have unit-testing for Solidity contracts?! </p><p>OpenZeppelin works on these audited pieces. </p><p>Ideas: </p><p>“Results-based” bounties. </p><p>having smaller tasks, having a lot of eyes on the project and setting smaller bounties. </p><p>Incentive structure for the reviewers &amp; maintainers. </p><p>Idea: standing bug-bounties for large ecosystem projects &amp; contracts, funded by EF.</p>',
'Who are you and what are you working on?': '<p>My future project: Lukso blockchain: EVM-based blockchain. </p><p>Working on industry-specific blockchains. </p><p>Built the Mist browser and Ethereum Wallet(worked with Alex van de Sande, who came up with the idea / design, and Fabian built it). </p><p>Works on web3.js. Proposed ERC20, ERC725/735 identity standard. </p><p>Joined Jan 2015 before mainnet. First person to make the user-facing / developer-facing tools intuitive. Simplified the RPC API. </p><p>My main focus now: half-time: web3.js &amp; half-time: Lukso.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Web3.js </p><p>History: </p><p>Initially, it was built by Jeffrey Wilke. </p><p>Then Marek was working on it. Then I joined. </p><p>After Marek left, I took over. Ive been on it on my own for the last and a half year. </p><p>Did a full refactor. I changed everything to be more intuitive, simple, how I thought it should be. </p><p>Changed to a Pub/Sub model can currently subscribe for logs, transactions, block headers. In the future, you should be able to subscribe to state changes, account balance changes, or anything else. </p><p>Its harder now to make global changes across Ethereum because of different clients, agreements take time </p><p>E.g. Parity has the Pub/Sub model, and a parity-Pub/Sub model. </p><p>A lot of work around promises resolving based on conditions </p><p>Better documentation. </p><p>Account generation, key generation, signing, … </p><p>ABI Encoding, decoding, all are exposed. </p><p>Going forward: the API is good now, so someone should simplify the internals. </p><p>e.g. scrypt package is super large. </p><p>We hired a new person who starts in July. </p><p>The security model: either the person developing web3 is trusted, or you need a lot of people looking at it. </p><p>Would love to at some point decentralize &amp; bountify the project. </p><p>The project doesnt need too many more people. The main work is done, but future addition could take more work. </p><p>There are two groups around the identity profile now: </p><p>Put it off-chain: for privacy etc. </p><p>Put it on-chain: ERC725.</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'28': {
'Name': 'Hudson Jameson',
'How do you handle smart contract verification and security?': '<p>Use the Remix tool to just scan for general bugs. </p><p>Wanted to use Oyente, but dont know how to use it </p><p>Remix is thinking about being modular to the point where you can just plug in your own about module - that would be awesome to see.</p>',
'Other bounties?': '<p>Dev Grants from the Foundation </p><p>Ethereum foundation had 2 iterations of this program </p><p>Get some money to build something at the protocol-level </p><p>The foundation is looking into revising the process.</p>',
'Who are you and what are you working on?': '<p>Mainly focused on solidity smart contracts. A little node JS and Java but not very good at it.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Remix, MyEtherWallet, MetaMask</p>',
'What are your biggest frustrations?': '<p>Hard to read error messages. Solidity and EVM might fix this with error messages. </p><p>Are you running into problems with any of the following: </p><p>Gas limit: Totally. If you dont properly separate your contracts or import too many, the gas limit blocks you. Especially on Ropsten with a dynamic gas limit, this doesnt work. </p><p>Off-chain computation: Many things cant be done until TrueBit becomes a real thing. Biggest one being stuff like Plasma and side chains arent possible until TrueBit is ready. </p><p>State Channels: Havent worked with them personally but understand them and think theyre cool.</p>',
'How do you handle testing?': '<p>Have been using Truffle more lately but was mostly just using Remix before. </p><p>Write the contracts in Remix, deploy them in Remix. Usually do it all through Remix and MetaMask. Used to connect metamask to a ropsten node run locally, but now metamask is more reliable.</p>',
'What tools dont exist at the moment?': '<p>Remix combines an editor with a deployment mechanism and thats what I like about it. </p><p>EthMix was like a full IDE with better syntax highlighting and better debugging. And it was a native app instead of web-based. Pity that it has not been maintained. </p><p>Something that automatically uploads the contract to ENS.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>The resources are pretty spread out, and everything moves so fast its hard to keep up today. If youre using resources from 6 months ago they might be wildly out of date. </p><p>Andreas Olafson had the only videos and tutorials on solidity, so I just watched those to learn.</p>',
'What are you most excited about in the short term?': '<p>Casper. Its already kind of going into testing. </p><p>TrueBit near the top of the list because it has so much potential.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Raine Revere from ShapeShift</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'29': {
'Name': 'Martin Swende',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>I was a security professional, doing consulting, came into Ethereum a couple of years ago solving bounties for VMs. </p><p>October 2016 - became Head of Security at The Foundation. </p><p>Monitoring mainnet. </p><p>Being able to react when there is a consensus flaw. Had an API call to geth, called getBadBlocks. Geth will save bad blocks and you can query node for it. </p><p>So, we run geth and parity simultaneously. Ask parity node for last block, ask geth for bad blocks, If they match, can see more easily why and who might have acted badly. </p><p>But cant do it vice versa - been nagging Parity to add that end point so we can do the same process in reverse. </p><p>Geth client has a lot of metrics: how many i/o connections, db writes, block processing times, peer connects. Can export from geth and display in any charting you like. So, thats exactly what we do; get nice graphs about tx churn, how txes were rejected, queued, pooled. </p><p>Optimizations in geth which made block processing faster in the past month. You can also monitor for performance, not just security... </p><p>Shanghai attacks taught us that performance very much related to security. </p><p>P2P network information, protocol dissector / analyzer -- if I can see what is happening on my node and what my peer capabilities are, what have they seen, etc. Is there any one peer that is sending me transactions that I reject? That way, I can identify bad behaving or lying peers (more in-depth view of what people are telling me over the network) </p><p>Would be difficult as an add-on (need node keys, decrypt data, etc.), Much simpler to do within a client. Protocol layer in Geth. </p><p>Build tools for analysis, especially when things are going wrong: hacks, network problems. </p><p>E.g. transaction propagation when network was overloaded with txes going back &amp; forth between parity and Geth. </p><p>Needs for lots of testing around hard forks as the existing tools were not sufficient to cover all cases. </p><p>Coverage guided fuzzing - generate code and run on instrumented version of Geth / Parity. This matches code coverage, generates new code and increases coverage using fuzz tactics to mutate inputs and can test geth and parity differentially. Do they have the exact same stuff in the stack, in memory etc.? </p><p>Another fuzz testing tool based on EVM Lab that can generate tests for CPP ethereum and can cover py-ethereum etc by running in docker container with a switch that enables an output after every opcode and compare internal state differentially again. Run this 24/7. </p><p>Caught 5-6 consensus issues with this. Last hard fork was a controversy as Parity had done a whole bunch of releases prior to the hardfork and the suggestion was to postpone, which would have caused its own issues and forced clients to update again. </p><p>If patched before hard fork - no problem. Beat the drums and tell everyone to upgrade. </p><p>If you find a consensus issue on an existing client it is a bit more problematic.Telling everyone means giving people the chance to exploit it - tough to handle. </p><p>Examples of consensus issues: make a tx which invokes a precompile like verify_signature and if that, in one case returns true and in another returns false, or if they cost different amounts of gas (i.e. x on geth and y on parity) then post-state will be different so they wont accept the same blocks and then we have a fork. </p><p>There was a consensus issue that happened after Spurious Dragon when we implemented state cleaning. Chain split for 200 blocks, which were created on the wrong chain that were then abandoned. Block 2 600 000 or so. </p><p>Developers need to be alerted as soon as possible so they can fix it ASAP. People can lose money in the meantime, txes can be reverted. All exchanges need to be alerted to hold deposits and withdrawals. </p><p>Have built tools to detect this, so we consider it solved from a technical p.o.v. </p><p>Recommend that exchanges run all clients, but not sure if they do. Could be standardised with docker containers that could be more streamlined. Documentation around best practices, automated tooling etc. </p><p>Building something like Ethstats but more detailed. If there is a consensus failure, you might want to see exactly which tx in which block caused it. Nice to see blocks, txes and intermediate root hashes between each tx. Then you can see different post-state hash, i.e. that is where we should start looking. </p><p>Need detailed traces of exactly what happened in every opcode of this transaction. </p><p>One of the things I built in EVM Lab is a reproducer. Synthesises pre-state for that particular tx, then executes it and gives you a detailed trace from geth and parity that you can then compare. </p><p>Not much active development on EVM Lab. Use it mainly for investigating certain condition or opcode or potential attack. Pretty easy to put together desired scenario in an EVM assembly-like way by setting genesis you want and then run &amp; benchmark it. </p><p>It is usable right now and I have no immediate plans to do anything in the near term. Might need some updates and it is not so user friendly.[a] </p><p>One of core devs for go-ethereum. </p><p>We want to expand - have 2 interns now, but had to turn someone away recently too. Send interested developers to Peter. </p><p>Working a lot with the signer, which was just merged in latest release. Standalone binary which can run off some secure enclave, USB armoury, parallel VM, some other machine on your network. Can be used for offline signing and has trusted UI. </p><p>Can be configured with particular rules written i.e. in JS. Definitely needs more work on the UI. has implemented one in python-qt and python-cleft. Can also be run in a console, with remote ports etc so you can decouple pvt keys from your daily computer. </p><p>Hoping MetaMask will integrate with it directly. Has spoken with Dan and another guy called Jordan building a tool called (?) which has integrated it already. </p><p>Hard problem: how to make it more secure for end users. Surf internet with unpatched browsers with 0 days and they get exploited. How can we improve upon that so that you have a sign what you see flow. Submit a tx, see the details of that tx when you approve it. </p><p>Unlock feature is most horrible thing he has seen where it will sign every tx sent to it for a given period. </p><p>I dont do too much DApp development, so Im not up to speed with capabilities of current tools and how they have matured over the last 6-8 months. </p><p>I have heard there is a debugger out now which I remember as being one of the main pain points.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Definitely a need for more developers, either full time or for some scoped project. And not just people wanting to work on ethereum-js!! </p><p>Proper debugger would be easy enough to scope out. Built into geth VM, a standardised debugger with hooks so that it can be hooked to FireFox debugger etc. </p><p>Network visualisation analysis tool is also very NB.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'30': {
'Name': 'Kevin Owocki',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Gitcoin X EthPrize </p><p>More talent than fundable issues right now at Gitcoin - always looking for more cool stuff for the community to work on. </p><p>Happy to help.</p>',
'Who are you and what are you working on?': '<p>I developed Gitcoin, a bounty (and tips) platform for incentivizing open source contributions. </p><p>Solve incentivisation problem of OSS, where it is highly strategically valuable but difficult to capture in real-time the value being created. </p><p>I want to bring more devs into the space - MAIN GOAL. </p><p>300 bounties fulfilled so far and recruiting opportunities for OSS developers </p><p>Consensys offered customers (projects creating bounties for pilot of gitcoin), funding, regulatory protection </p><p>Not totally interoperable for now with EthPrize, recruiting strategy etc. Bounties are just one of the tools to recruit developers</p>',
'What are the tools/libraries/frameworks you use?': '<p>Truffle for managing deployments and smart contract versioning </p><p>Web3Py, due to comfort with py and personal relationship </p><p>Django, Bootstrap, Metamask, Infura for Gitcoin Platform - which is mostly a standard web interface.</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': '<p>Pytests with TravisCi </p><p>Using product. Use gitcoin to build gitcoin. </p><p>Selenium tests with native web3 functionality</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Onboarding users with first time Dapp user experience like metamask, mainet/testnet really sucks and could be improved in a number of ways. </p><p>We started off chain, since standard bounties is not something we wanted user to pay gas for </p><p>What wed like to do on-chain </p><p>Start work feature signal in off-chain DB </p><p>Would be stored on-chain </p><p>Staking process for starting work on a particular bounty </p><p>What features from web dev background are lacking with Dapp Development? </p><p>Weve struggled with managing gas fees on behalf of users </p><p>Built gitcoin.co/gas for scraping EthGasStation for least amount of gas + low confirmation time. </p><p>Would be nice to visually see gas price vs confirmation time. </p><p>Wouldve been nice to integrate gas manager with block explorer, more dapp UIs </p><p>Easy javascript widget to take place of metamask to not hinder gitcoin developers by requiring chrome download. Web2 payments to Web3 payments bridge to abstract away the harder blockchain concepts. Maybe an e-commerce-like widget for paying for gas via CC. </p><p>Portis might be like this? </p><p>Stablecoins and improved UIs </p><p>Selenium integration tests with native web3 functionality </p><p>You can work with DOM on Selenium but you cant hookup chrome extension (Metamask) </p><p>Might be possible with JS widgets </p><p>https://github.com/ethereum/EIPs/issues/948 Subscriptions on the blockchain would be great</p>',
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Below links, youtube videos </p><p>https://gitcoin.co/help </p><p>https://www.youtube.com/watch?v=cZZMDOrIo2k </p><p> https://github.com/gitcoinco/gitcoinco/issues/38 </p><p>General help content writing</p>',
'Are there any other questions we should be asking?': null
},
'31': {
'Name': 'Quazia &amp; RJ',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>A solid debugger needs a rare breed of dev to build. </p><p>Scaffolding tool for prototyping things </p><p>To test a small contract before integrating with everything else. </p><p>Think this will standardize over time.</p>',
'Who are you and what are you working on?': '<p>Giveth - Charity platform with three layers </p><p>Fairly complex contracts on-chain. Pushes the limits of gas limit. Making transactions is relatively expensive. </p><p>Off-chain stuff. We cache everything; we store images and profiles offchain, will eventually be on IPFS. </p><p>Some actions are not on-chain: “reviewing a milestone”.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Remix vs. your local dev environment: </p><p>Can write code, deploy, and debug in Remix. </p><p>EVM Lab: written by Martin Swende; give it a tx hash; spits out opcodes, storage, memory. </p><p>RJ wrote source code mapping doesnt work for complex contracts. Show your contract code along with the opcodes. </p><p>We use it often. Simple CLI tools. Just need Web3 and a tx hash. Sounds AMAZING. </p><p>To be improved: bugs with reproducing certain transactions. </p><p>E.g. couldnt recreate contract creations. </p><p>Source mappings.</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': '<p>Offchain stuff is not dispute related. </p><p>Gas limit issues: </p><p>Jordi wrote contracts to begin with so WE had a good start. </p><p>Multiple DELEGATE calls to the same contract are the same price each time; but this doesnt make sense. Youve already loaded the contract in memory, so should be cheaper in consequent calls. </p><p>Abstracting one key-value contract that stores pointers to data. </p><p>Rest of data stores all data. Mappings of hashes to boolean to structs / addresses / etc. </p><p>Leads to upgradability of contracts. To the parameters used in the logic. </p><p>Separate data from the application; lets you iterate. The data contract is owned by the business logic, ETC. </p><p>Estimating gas / optimizing code: </p><p>To get gas limit: run it on testrpc. Easy. </p><p>Debugging is hard, after you start adding assembly in there. </p><p>Remix is hard for large contracts. Multiple contracts. </p><p>Testing flow: </p><p>We use Mocha + wrappers to generate contracts in Js. </p><p>Needed: better errors. e.g. if testrpc spit out more useful messages. </p><p>Deployment &amp; CI: </p><p>We have Node scripts to do this. Async await. Pretty simple contract. </p><p>Jordis tool compiles everything into a single file; makes verification on Etherscan simpler.</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'32': {
'Name': 'Griff Green',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Scaling proof-of-authority. </p><p>Block explorer. </p><p>Ropsten testnet gas limit -> attacking with gas limit. </p><p>Open-ended: apply for a bounty with your own idea. </p><p>We need a 24/7 security team. The network is not being watched by anyone; because right now the network is being attacked in a weird way, through the estimate gas function and throwing txs in pools.</p>',
'Who are you and what are you working on?': '<p>3-tiered approach: </p><p>Blockchain smart contracts: liquid pledging; pledges that take control of authority and funds. Blockchain layer does the accounting. </p><p>Owner gets notified by email. </p><p>Bounty system: basically a chat room. Project discovery layer. </p><p>UI layer: reads off the blockchain, interacts with the blockchain.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Use Feathers interface to do caching. Improves UX. </p><p>NPM. Etherscan. Metamask. </p><p>Set of tools that we made ourselves. We dont use truffle because we were building smart contracts before truffle was a thing. </p><p>React. Remix.</p>',
'What are your biggest frustrations?': '<p>Irregularity of gas price. </p><p>Key management - hands down stopping adoption. Need more people teaching about key management. Tutorial materials? Bounty? </p><p>Ropsten testnet gas limit.</p>',
'How do you handle testing?': '<p>We lean on the community a lot and give them “sneak previews”. We let them to go through the UX, and watch what happens. </p><p>The same person does all the testing. </p><p>We do a lot of auditing for other projects. Audria does this. We have a lot of good auditors and always maintain 100% code coverage. </p><p>Use travis for CI. </p><p>Most bugs they see are about game theory &amp; cryptoeconomics. </p><p>These come up in ad-hoc situations. </p><p>We try to isolate things into individuals. Clear interfaces. </p><p>We always wanted push to live mainnet right away, but... </p><p>Today we made the decision to go to testnet, because mainnet is so expensive. </p><p>Testnet is not real a test (since its not real money). </p><p>Were going to have a testnet token that represents real Ether. </p><p>“Proof of Authority” using Rinkeby. </p><p>Using the Minime token controller. Multisig pays out based on whats happening on testnet. </p><p>Ehters price has gone up, gas is high, so everything is super expensive. </p><p>BAD for our users. </p><p>This is game over for dApp developers. </p><p>If Ethereum cannot solve these issues, developers will leave. </p><p>RSA, Ubiq will have Solidity. But dont have block explorers. White hat hacker group is looking into </p><p>Open-source Etherscan.</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>What was the first thing you built related to Ethereum? </p><p>Built a Will contract. Got a Masters degree in Digital Currency. </p><p>Alex van de Sande took the time to correct his code on Reddit. </p><p>Talking about price makes people act like assholes. </p><p>The DAO!!</p>',
'What was the hardest part about learning to develop with Ethereum?': '<p>Lack of sharing and communication. I know other people are using React, building UI and that we could re-use that. </p><p>How to go from web3 to the UI. Could do more research to re-use existing open-source tooling. </p><p>In the beginning we were purely running on the blockchain as a db. Then, their UX suffered due to slowness. Feathers helps alleviates this. </p><p>We are a holocratic org. We work in small teams, building the GivEth Galaxy.</p>',
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Taylor and Hendry from myetherwallet </p><p>Dave Appleton </p><p>Jack from Colony </p><p>District0x crew </p><p>Swarm City - Bernd Lapp </p><p>Khosla </p><p>Nick Johnson </p><p>Jorge Izquierdo </p><p>Jordi Baylina </p><p> Phil Dian </p><p> Matthew Diafrante </p><p> Karl Floersch </p><p> Emin Gun Surrer </p><p> MakerDAO - Andy </p><p> David Knott - Plasma</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>What other projects do you interact with the most? Building the Ethereum topology, who works with who and which projects? Where there are chasms, so you can get bridge them. Maybe a bounty? </p><p>Theres so much good stuff on peoples githubs. </p><p>How do you know where to find stuff. </p><p>“Sort all Ethereum projects that are using React” -- aggregation of data. How can we get this data into searchable formats?</p>'
},
'33': {
'Name': 'Jordi Baylina',
'How do you handle smart contract verification and security?': '<p>Its important to communicate to everyone that whatever you do will help, but will never give a warranty that there wont be an error. </p><p>Im a bit skeptical of formal verification stuff, but I think its important to keep pushing it forward. </p><p>Do more audits. </p><p>Write defensive code. Dont try to do crazy things. </p><p>For the first time, were mixing two things that havent been mixed together: </p><p>The two: </p><p>Critical code contracts holds money. </p><p>Open-source everyone can see how it works. </p><p>E.g. you dont have this in planes critical program but not open-source. </p><p>E.g. in a website it could be open-source but not critical. </p><p>So you realize you need to write perfect code, but thats not possible. Because code is written by humans. </p><p>Its important to improve: </p><p>Do not take risks. </p><p>Try to isolate the critical part. E.g. if youre doing an ICO, dont hold the ETH in the contract, instead put it directly into the multisig. </p><p>Minimize the box, with its known security vectors. </p><p>On one side, you have a blockchain that by definition that is immutable. On the other side, immutable is not compatible with making mistakes. </p><p>Humans make mistakes. We are building things on top of that immutable base that could have mistakes. </p><p>But we need to keep blockchains immutable, because if dont, we lose their power. </p><p>How do we solve this? </p><p>Possible approach is having a second layer instead of ETH, we use an ETHToken. ETHToken has governance built in and can be modified. You build it in a more centralized manner, it can be changed; and then overtime, you soften the centralization rules, and make it decentralized (take away the authority, make it operated by a DAO, etc). </p><p>E.g. having an escape hatch would be super helpful. If there is a hack, it could be sent to the EF or whitehat group. And then you can decide what to do. Better than it going directly to a hacker. </p><p>And then you can build the smart contract applications on this second layer. </p><p>Want to make decentralization linear; so you dont have to take the risks from the beginning. </p><p>All contracts in Giveth have escape hatches built in. </p><p>STANDARD LIBRARY for using ETHToken in your contract, layer for security, escape hatches => I think it might be a bit too early though since were still figuring it all out. Other teams working on this include Zeppelin, Aragon. </p><p>Better compilers. Better testers. Better formal verification. All the tooling helps. </p><p>There are some errors that are not due to programming theyre conceptual, due to economics, etc.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Experience: 35 years of programming; 3 years in blockchains. </p><p>Learning more everyday; exciting from a global perspective. </p><p>This tech can change society over time. Well see centralised power disappear, the world will become more trustless, people will take responsibility for themselves. </p><p>One of my first smart contracts was liquid democracy for the DAO. </p><p>Smart contracts for the white-hat group that originated from the DAO. </p><p>Wrote the Minime contract maybe not the best time now because of gas costs, but it is an interesting smart contract. </p><p>Did the Status ICO. </p><p>Liquid pledging for Giveth. </p><p>Pushing DappNode - should be released soon and is really important for true decentralization. </p><p>Audits for MakerDao and Aragon. </p><p>777 standard. </p><p>Working a lot on an identity project.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Debugger </p><p>The debugger is still hard you have to learn crazy tricks to be able to do it faster. </p><p>Return codes </p><p>When a function reverts, you want to know why it reverted. </p><p>Code coverage </p><p>Truffle has something, but its specific to truffle. </p><p>Id like these tools to be more generic. </p><p>Truffle that works for larger projects </p><p>Across multiple repositories. You want the contract repo to be able to publish its interface, and another repo can use that to interact with it, etc.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Where do you think improvements can be made? </p><p>before we can really go mainstream: </p><p>Scalability. </p><p>Security. </p><p>Usability </p><p>Seems like security is as much an education problem, as tooling. Any ideas how we should approach this? </p><p>Documentation helps. </p><p>Realize that you will spend proportion of 40-to-1 on testing/auditing your contract vs writing. </p><p>Team audits </p><p>Doing an audit within your team. </p><p>Once youve done your personal work on the smart contract, and youve done your own audit; then get together with your team, and start talking about your concerns, and youll see that one idea leads to another, and you discover issues. </p><p>Audits </p><p>Write some small bugs in the code, and see if the code reviewers find that bug. </p><p>Even if the auditor knows that there are bugs, they will be forced to go deeper into the code. </p><p>Bug bounties. </p><p>I was skeptical of these at first. Why would people review this code? </p><p>But I have seen personally over the last year that big security holes have been discovered in bug bounties. </p><p>Bug bounties force you to write very good code. </p><p>You need to choose the right names for variables, document it, it needs to be understandable. </p><p>Good resource: Consensys, on the history of all bugs. https://github.com/ConsenSys/smart-contract-best-practices </p><p>This wiki could be complemented with these more generic ideas around bug bounties, reference smart contracts etc. </p><p>Maybe even write a book around it. An open-source book. </p><p>Smart contract developers could do an annual event to categorize all the new bugs, new patterns and consolidate them into the knowledge base.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'34': {
'Name': 'Stefan George',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Bounties are great for small problems, but we need to hire people full time to actually work on this stuff constantly and fix the long term incentives!! </p><p>Just waiting for the Ethereum Query Language ;) :p</p>',
'Who are you and what are you working on?': '<p>CTO of Gnosis and is building a prediction market, ddex and smart contract wallets. </p><p>Started in 2013 - discovered that we could add prediction markets using btc escrow because that was missing (a p2p marketplace for predictions). </p><p>Joe Lubin convinced us in 2015 to start a formal platform based on Ethereum, did the token launch and spun out of Consensus and begin working on the more fundamental problems </p><p>Decentralized exchanges!! But not efficient on Ethereum today (scalability and number of participants). We have had to contribute to building the DDEX infrastructure. </p><p>Prediction markets are a way to create new ERC20 tokens (conditional payment/purchase). The value of those tokens is only defined at a certain point in the future. We can therefore create derivatives of other ERC20 tokens, which are more precise investments under certain conditions. </p><p>DDEX allows people to trade the efficiently. It can be done in Ethereum on chain, but scalability, front-running and ease of use just isnt there yet (need everyone participating and having a global liquidity pool). </p><p>Dutch exchange implemented on chain to solve front running problems. </p><p>Integrating with USD price feed of Maker - was a little hard to depend on other peoples infrastructure and therefore the tests that they have deployed. We ended up mocking their service for test net, would have been awesome to just point at their package, specify a contract on either network and go without having to mock any of the other services. </p><p>Make sure that things like ETHPM are deployed across all test networks. </p><p>Also built the multisig wallet for our own token launch, has been very successful and we now want to offer the same experience for every user: more secure wallets for personal use that are even better than hardware wallets.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Secondary indexing of blockchain data!! </p><p>Only json-rpc calls to retrieve prediction market data would make it impossible for users to see what markets they hold tokens on. </p><p>Expose state changes between blocks in an easy to consume fashion. Right now you apply txes, but you dont know what effect on the state is immediately. You have to assume that you know, or listen to events. </p><p>But events shouldnt even be there as they are just replication of info that is already there on the chain - just make that info more accessible and easy to read and use!! </p><p>State changes between blocks, sort of like a github diff that you can take and use to index in a secondary indexer - that would be really helpful. </p><p>Writing their own indexer specifically for prediction markets. So is Aragon, and even Augur is now doing it. </p><p>More client developers - too few people working down there in the protocols. Set incentives for improving the stuff - which is why ETHPrize is so important.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>What does the Gnosis stack look like? </p><p>Contracts written in solidity </p><p>Many pitfalls, especially for newcomers - need to read documentation 10 times and then sometimes you still dont get it. </p><p>For e.g. the low-level stuff like .call() is implemented differently from what you might expect that caused funds to get stuck in multisig contracts. </p><p>The concept of gas is not that easy to understand and is not transparent. </p><p>If you use .send() you use minimum amount of gas versus .call() using all the gas. </p><p>Verification of code and garbage handling is not well documented - verifying down in the byte code is very difficult. </p><p>Particular problem for symbolic execution and all the additional checks that solidity is doing. Not well optimized at all. </p><p>If you access a storage variable twice, you will always have to pay twice, rather than optimizing to keep it in memory - very annoying in the end. Means you have to do a lot of gas optimisations yourself which really should be automatic. </p><p>These kind of issues require domain expertise - why dont we all put up a $1 million bounty for a new smart contract language/compiler.[a] </p><p>Might be interesting to keep it lower level, something similar to Vyper with the much simpler bytecode and cheaper execution, better verification etc. We cannot have only one smart contract language. </p><p>Using truffle framework because it is most used framework and want their codebase to be as approachable as possible. </p><p>Debugging is an absolute pain in the ass - even truffles debugger is not great. No easy breakpoints, difficult to step through easily, or change variable to run different kinds of tests. </p><p>Would be better to statically typed testing environment - only test framework in JS (python one is not maintained). We need another framework that can go deeper and be more precise. </p><p>Web3 itself really sucks. </p><p>API versioning for ethereum json-rpc stuff. No versioning, no documentation, no proper error codes. Plenty of useful calls that are missing, plenty of calls that exist that no-one uses and its just chaos in general. We have to assume what version is running on the user end, so have to assume they are running all kind of different versions. </p><p>Everyone using MetaMask and Infura makes this slightly more hidden. </p><p>I proposed a new json rpc call but geth ahd already implemented it, but it was documented nowhere and Parity hadnt really thought of doing it at the time, so there is no clear way of defining what the standard is. </p><p>Was about allowing users to sign offline transactions in a specific way: ask the client to sign and return the tx data that can be then used from an offline location. </p><p>We need a test suite against the json-rpc API: just to test that Geth and Parity are actually behaving in the same way. </p><p>Using Remix IDE - then go to local text editors for further dev once they are sure the contracts run well. </p><p>Would be amazing to have a properly integrated environment. Uses Atom with solidity linter. Would be great to be able to do proper debugging in that environment as well. Things work now because complexity is relatively small - but as soon as you want to integrate between projects it becomes a total mess. </p><p>Gas metering and fuzz testing in addition to break points, stepping through, and changing variables easily. </p><p>Use Mythril to check smart contract security, executions and test coverage. Aim for 100% code coverage and use solc code coverage. </p><p>Would love a tool with some basic checks (like overflows etc), but needs to be extended to do optimisations for gas efficiency, standard way to apply smart contract best practices automatically. </p><p>Map test coverage to code execution paths so that you can easily see which cases to write tests for. Something better than code coverage which only shows where you touch the line so that we can cover the most important scenarios (i.e. where things are failing).</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'35': {
'Name': 'Alex Leverington',
'How do you handle smart contract verification and security?': '<p>It would be nice if some of the audits were completely opened up rather than some statement from the auditors. Could be a security issue. </p><p>What we have right now for audits can be improved upon with better tools. </p><p>Audits and testing framework go hand in hand. </p><p>Auditor should be able to write a test to demonstrate the problem at the EVM level. </p><p>Instead of the auditor suggesting some workaround or wrapper. </p><p>Or auditor provides proof for something that works well.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Cant say what Ive working on in a concrete way, but I am building a team and starting a new project. </p><p>Im advising some projects. </p><p>Did some original stuff on the P2P system.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': null,
'How do you handle testing?': '<p>Havent come across any tools for game-theoretical stuff. </p><p>For code: using scripts for testing. </p><p>Ideally there would be a testing env that can do “introspection” &amp; which can evaluate the state of the memory. It should test the effect of code rather than the output of the code and make sure that the tests all integrate with Solidity. </p><p>Its really hard to write unit test for the EVM state, as a result of some code executing. It would be good to have a test for this[a]. </p><p>Will be looking at tools in the next two weeks. </p><p>Having a tool which exposes the EVM state for this you need some code that understands how Solidity stores data in the EVM. </p><p>For looking at EVM state: </p><p>Remix is ok. </p><p>Aleph0?! Doesnt exist any more. </p><p>Some cases where your code doesnt change, but the environment around your code changes having actual tests.</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Debugging Solidity and EVM </p><p>Robust distributed system for content delivery. </p><p>Swarm and IPFS are both in Proof-of-Concept form. </p><p>IPFS is minimally viable when you use gateways. But theres potential for improvement </p><p>I havent used either in a while but my understanding is: </p><p>Swarm is a little slow </p><p>IPFS is ok but you need the client software to run multiple p2p nodes. </p><p>All the demonstrations use HTTP gateways there arent tools and packaging for having production software on the p2p protocol. </p><p>Integration should be in the offchain code.</p>',
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Ambisafe - Olekseii. </p><p>Lunyr - theyve been kindve ahead of the curve in implementing things. </p><p>I advise them. </p><p>They &amp; cryptokitties have production code on mainnet.</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'36': {
'Name': 'Alex Miller',
'How do you handle smart contract verification and security?': '<p>Hasnt had any novel code that needed security audits before </p><p>There are common patterns that could be detected. E.g. reentrancy attacks, etc</p>',
'Other bounties?': '<p>Collecting logs &amp; events used to be hard. Web3 1.0 made this a lot easier. It is quite good, even-though its in beta. </p><p>People should be using websocket calls more. Maybe more education around this. Serious efficiency gains to be had here.</p>',
'Who are you and what are you working on?': '<p>Started ETH development back in 2015. Shortly after launch; there was nothing. I remember booting up private chains from shell scripts. Weve come a long way in terms of dev tools. Problem isnt that there arent tools, but not knowing where to look. </p><p>The problem here is sourcing a centralized repository for information[a][b]. </p><p>EF website doesnt do that. </p><p>Wouldnt know where to point people from intro documentation. </p><p>Truffle &amp; Solidity have good docs e.g.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Truffle </p><p>Configure parity instance https://github.com/GridPlus/trustless-relay/blob/master/parity/boot.js </p><p>Infrastructure tool to spin up local instances of Parity or Geth</p>',
'What are your biggest frustrations?': '<p>Biggest pain points: a place where all these tools get published that isnt just Github. </p><p>Is the solution to hire / pay people to manage a wiki? </p><p>Maybe a better solution would be to fork NpmJS.com, source that data, curate that list for Ethereum dev tools </p><p>Would check that deployment to node packages happened &amp; EthereumPM setup correctly. </p><p>Can see how many people have downloaded. Its a good method of discovery. </p><p>Could have different subsections e.g. Merkle tools, hashing tools, ABI encoders. </p><p>I use Ethereumjs-util but I know there are others. </p><p>What about EthPM? </p><p>Its only on Ropsten. What is the link between EthPM and the actual blockchain? I like that there is an actual package manager. Good thing is that you can install packages with Truffle. </p><p>I dont get where the data is stored is it on IPFS? Is it linked to Ropsten? Why?! </p><p>Still, its great. But recently it stopped working. </p><p>I wanted to deploy a trustless-relay but had issues. </p><p>Could make one of these Awesome-Ethereum Github repos? </p><p>Also knowing what you need to discover is important: wiki would help here.</p>',
'How do you handle testing?': '<p>Use Mocha; plain old truffle tests. </p><p>I dont do contract unit tests.</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Truffle </p><p>The fact that you dont really get errors, or more specifically stack traces. Whenever you run into an error, it gives you a line number[c]. </p><p>In JS files. </p><p>How to match up hashes of data with what you get in Solidity. </p><p>e.g. When youre tightly packing arguments, they need to be left-padded to 32 bytes. But not always, e.g. different for addresses and numbers. </p><p>A little app like this for Solidity would be amazing, which gives you all the Solidity hashes: https://emn178.github.io/online-tools/md4.html </p><p>Emulate whats happening in Solidity in the browser.</p>',
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Sean Pollock. </p><p>Mark Beylin. </p><p>Goncalo (from Consensys audit) -> has a great library for dealing with bytes (byteslib).</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'37': {
'Name': 'Dave Appleton',
'How do you handle smart contract verification and security?': '<p>Helps that Ive been coding for a helluva long time. </p><p>The hardest thing for new devs is getting to contact the people they need. </p><p>Its also hard to find non-expensive auditors. </p><p>Gitter community is the key </p><p>Best dev communities or Gitter channels: </p><p>Go-ethereum </p><p>Solidity </p><p>Parity </p><p>I go to the specific one I need at the time.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Lead blockchain dev @ HelloGold. </p><p>Token backed by gold. </p><p>Does consulting as well writing smart contracts &amp; backend for blockchain projects</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>About a year ago, it was ok running blockchain on your machine. </p><p>Switched from geth ropsten to Parity. </p><p>Its hard to run a Parity node now the toll it takes on your machine. </p><p>Both on mainnet and testnet. </p><p>You cant do serious stuff with Infura: </p><p>e.g. getting events reliably </p><p>In Geth or Parity you can do some event filtering, but is tough to get right and maintain </p><p>Infura limits the number of logging or block calls -> to limit server complexity or costs. </p><p>Debugger </p><p>Ethercamp </p><p>Promote hackathons. </p><p>Ethereum Studio - what happened to it? </p><p>Gave you break points in Solidity code (?!) </p><p>Youre running in a simulated VM. Youre in your own dev environment. </p><p>Let you see all the state and local variables &amp; methods </p><p>Came up with a node that EF took over and turned into EthereumJ </p><p>Ethercamp code is open-source -> Look into this… </p><p>I use Remix for prototyping something. </p><p>Will probably be a niche product.. Because not many developers are getting that low level. </p><p>Web3.js is another pain point: </p><p>Getting up to speed trying to do Web3.js is quite hard. Theres a lot of conflicting information. The examples dont work. This is where you find that the node youre using doesnt support features. </p><p>Go-ethereum wrapper: abigen. This is my favorite tool.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Programming languages: Go </p><p>Compiled program with strong type checking, before the code even runs. </p><p>Enforces code standards, meaning your code is maintainable. </p><p>The linter formats the code in a certain way. This makes it very easy to understand. </p><p>I choose readability over speed; Go over Rust.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Talk to Andreas to get to people in Singapore. </p><p>Rick Bale @ The team at Endorse.io </p><p>Or also talk to the CTO.</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'38': {
'Name': 'Peter Kieltyka',
'How do you handle smart contract verification and security?': '<p>Obviously security audits, looking through network and past experienced colleagues. Dont see us using formal verification unless that process is made easy, but I dont think that will happen. We will stick to security audits. Thoughtful in how things fit together and are secure.</p>',
'Other bounties?': '<p>Gas profiler 100%. </p><p>Would love to see an Ethereum Virtual Machine written in JavaScript. The Ethereum JS VM written but its a little bit bulky. Important to offchain application, important for state channel applications. Richard Moore is writing this.</p>',
'Who are you and what are you working on?': '<p>Started Horizon Blockchain games, building decentralized multiplayer games. What were excited about is a new class of video games, in which players truly own in game items. Own them, and can trade them. They can even compete cryptographically to earn/unlock new items. </p><p>One of the core areas of work that is started immediately: how can we make high fidelity games that are scalable, low-cost, and provably fair. Video games with a decentralized economy. Can mine new items as part of the economy. </p><p>Love building new models on blockchain. What is most excited to do is to create utility through video games via blockchain.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Weve built a blockchain gaming architecture with a low fungibility token, similar to ERC 721. We built our own state channels. Weve also created offchain game logic, and can verify the game in a single state. Skyweaver.net was our very first game. All work will be open source, wont do an ICO. </p><p>Game is offchain, persist the awards on chain. Based on a finite state design. </p><p>Use Truffle, Ganache-cli, write the infrastructure in Go. Geth is written in Go, thats very nice. </p><p>Client side application, standardize on Ethers.js (Richard Moore). Without Metamask you lack adoption. Ethers.js is being ported to Typescript, excited about that! </p><p>Web3.js has a lot of dependencies, large in filesize, and the API is not as compelling as Ethers or productive. Just too bloaty. Was great that it exists, but want very very lean tools. Ethers is just so active and very tight. Following newest standards and practices. Back the guy with the deepest knowledge. </p><p>Truffle is really cool. Helps with Developer workflow, but we spin up own testRPC service with Ganache. Truffle helps with deployment of contracts as well as package management. Truffle is now a monorepo, I pushed them to become a monorepo.</p>',
'What are your biggest frustrations?': '<p>Need more example of really great dApps, more high quality examples. Zeppelin is doing a great job of making a standard library, but more interested in end-to-end. Dont know of great examples of these high quality dApps. </p><p>Scalability is super important, when state channels and plasma channels arrive the whole game changes. Want to see good convergence in state channels, need off-chain computation. Want to see good collaboration here. </p><p>Focus more on end-user. Improve onboarding to Crypto. </p><p>When people think about scalability, people think about throughput and performance. But cost is integral to this. But what is the transaction cost. Optimizing for cost is a form of scalability.</p>',
'How do you handle testing?': '<p>Do it in Typescript with Ethers.js and Chai and Mocha. Use Remix Solidity IDE. Amazing IDE for testing little blocks of code. Testing would be another great things to see more examples of Ethers.js</p>',
'What tools dont exist at the moment?': '<p>Profiler at ETHDenver, to see gas costs. </p><p>eWasm will be game changing. Potential for having other languages target the EVM will create a more productive developer experience. </p><p>Vyper will be great. Their goals are twofold, improved security through usage of the language. Learning from Solidity. Security + productivity. </p><p>Really happy with seeing progression of Solidity. As cool as ewasm is, who knows when it will be ready.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Wrapping your head around the architecture. Very multidisciplinary. And the tooling is in flux. Lack of examples. Architectural issues. Costs are fundamental thing. </p><p>Ethereum coding is really like developing for an embedded system with little memory, storage, and cpu power. Unfortunately don\'t encourage beginner to be writing this stuff. But getting better. </p><p>Try to map existing architectures to existing things that people knew about. Realizing how everything fits.</p>',
'What are you most excited about in the short term?': '<p>Blockchain video games. </p><p>Very excited about Casper+sharding. The team is doing incredible work.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Richard Moore, </p><p>CTO of Dencentraland. Esteban Ordano. Great guy, very knowledgeable. </p><p>Liam Horn, should pick his brain. Very hands on in Solidity.</p>',
'What are the best educational resources?': '<p>Point them at Blockgeeks, all about Blockchain development education on Ethereum. Plus searching Twitter and Github, look for those great open source dApps out there. Look for examples of end-to-end dApps </p><p>CryptoZombies created a rad Ethereum tutorial.</p>',
'Are there any other questions we should be asking?': '<p>AwesomeList, community curated high quality tools. Ethereum website needs to be completely redone. Here are the awesome projects, here are the awesome tools, heres how to get started. Same with website work. </p><p>Exactly Ethereum Foundations problem, do not want to make any opinions that arent in community consensus. People voting for what they want worked on. People can vote on things. Certain weight to reputation. Consensus machine to conduct this type of thing. </p><p>With a footnote, dont need to perfect this system. Dont need a perfect design to start.</p>'
},
'39': {
'Name': 'James Prestwich',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Simple contracts to manage cross-chain swaps and contracts.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Python ETH Library - ABI Parsing expects events to be in two different formats neither of which you expect - ecosystem standardizes on hex strings </p><p>RLP is a hot mess - why use a non-standard serialization format for everything </p><p>Ensures nobody understands whats going on and things arent readable - serialization format for everything ETH - includes transaction data </p><p>As a human - cant reason very well about those blobs or what those structures will have </p><p>Developing contracts on Bitcoin first - Solidity, Script, Snark tidbits, IVY (compiles to bitcoin script)</p>',
'What are your biggest frustrations?': '<p>Solidity is the wrong tool. Imperative language and everything on blockchain is declarative. Solidity should be declarative. </p><p>IVY is best example of for blockchain language. On blockchain control logic is impossible: blockchain never decides how or when a function is called. No such thing as on-chain control logic: off-chain controls how humans can manipulate state. </p><p>All lies: completely wrong tool for blockchain. This is what causes render mistakes: trying to write on-chain what happens, but should be defining what can/can not happen (Bitcoin: whether you can or cannot spend a UTXO). </p><p>Require statements example of Solidity becoming declarative language is not a good way to fix this and modifiers are an anti-pattern: </p><p>Either happens as atomic single unit at will of human or it doesnt? </p><p>Configurable constraints on-chain: we should still define them as constraints -- no math happens on-chain (not actually adding 2+2 on chain). </p><p>Weird that tests are control logic for your code. Control logic is whether human makes a transaction. </p><p>Idea that we are writing things that add variables on-chain is wrong. </p><p>Reality of state, state root and blockheader is what causes a lot of the bugs </p><p>IVY: really heavy modification to write on ETH -- more easy to write languages for the EVM. A declarative language for EVM. Tooling for Solidity only recently got workable. </p><p>Onchain systems should define constraints around what cser can / cannot do -- they are the control logic of the program. </p><p>Cross chain contracts for integral is what users can and cannot do at what time and on what chain (declarative programming again). </p><p>Checks, Effect, Interactions to write code. We need more good programming to prevent race conditions, re-entrancy, double spend etc: </p><p>Transactions happen atomically, cant have overlap in state changes </p><p>Can shoe horn ETH into this by using Require / IF Statements (??) </p><p>Avoid modifiers as a pattern </p><p>Thats always the effect of the Solidity youre writing - puts more pressure on the client </p><p>Makes testing more intuitive -- specified tests youre testing against </p><p>Very interesting miner attack on EtherDelta: they front-run; make tx throw; collect the fees. </p><p>The problem with Solidity isnt expressiveness; it is shared state. Other transactions can get ahead of you and modify state that you rely on.</p>',
'How do you handle testing?': '<p>Wrote tests with James on Integral stuff</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Proof of Stake </p><p>Getting someone slashed decreases supply, increasing value of ETH. Does this mean every ETH holder is incentivized to getting stakers slashed? </p><p>In the Blockchain/cryptography in general, there is attack-defense asymmetry with defence being stronger. As soon as you move towards servers, attack-defence asymmetry leans towards the attacker.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Did all the Ethereum tutorials -- set up the token </p><p>Integral: written in Solidity with Truffle -- derivatives platform</p>',
'Are there any other questions we should be asking?': null
},
'40': {
'Name': 'João Gabriel Carvalho',
'How do you handle smart contract verification and security?': '<p>Every project Ive done will go through an external audit. As a developer, usually run Mythril and Remix (uses Oyente?). But these only find basic bugs, are years away from more complex stuff. These are just the most basic checks. </p><p>For Auditing, use a lot of Remix with manual testing as opposed to JavaScript tests. This is easier and less fake. </p><p>The harder thing is flattening files. People use OpenZeppelin, other frameworks. Have to go through a lot of different files to understand the logic. Tool to make understanding this easier.</p>',
'Other bounties?': '<p>A really good IDE.Not a plug-in, but a full IDE. Best elements of Truffle, best elements of Remix. Could connect to Geth. More refined deployment options. Make compiling easy, knowing the gas prices easier. Debugging, deploying. Everything in one place.</p>',
'Who are you and what are you working on?': '<p>Contributed to OpenZeppelin and Aragon about 1.5 years ago, met an audit company called Solidify. Worked with them as a developer, and also have done a lot of audits securing smart contracts, now back to development. Things happening that will be public soon, stay tuned!</p>',
'What are the tools/libraries/frameworks you use?': '<p>Truffle. </p><p>Used a little bit of Embark but not a ton. </p><p>Use Mythril, Remix, TestRPC -> Ganache, Geth, also used a few Solidity flatteners. </p><p>Infura. </p><p>Web3.js.</p>',
'What are your biggest frustrations?': '<p>A really good IDE. The integration between Truffle and Remix is not good at all. Remix debugger is better than Truffle but painful to upload a bunch of stuff to Remix just to check. Wish there was a way to integrate both tools. </p><p>A more robust testing framework for Truffle, its very basic and dumb if you think about it. A lot of room for improving testing tools. </p><p>The issue is that I dont have functions to hit a contract with 1000 transactions, I have to do it manually. Create me 200 tokens and send to this contract and see how it behaves. Tests are small scale. Testing suite at scale could be interesting. </p><p>More state management in testing. Want to save specific states and fork it and compare it to the fork. A lot easier and automatic. </p><p>10 accounts are provided with 100 ETH. Thats not enough to test an ICO like condition. If he wants to test 100 accounts with 1 million Ether, its not easy.</p>',
'How do you handle testing?': '<p>Do it manually, 1000 accounts with 1000 Ether. A big loop and keep sending transactions </p><p>Do this multiple times with multiple states. A lot of handwork for not a lot of results. </p><p>Large scale testing is not really worth it. </p><p>Was testing an interactive ICO, very complicated process. State management was very hard, multiple states at same time. Made a loop to do it manually but was quite difficult.</p>',
'What tools dont exist at the moment?': '<p>Love to see a premium version of Infura. Infura is public nodes. Has to sign txs offline, has to sync my own Geth. I wans to have an Infura account. Infura is pretty good here but could be a bit better. </p><p>Lacking resources for other languages other than Solidity. Doing anything with any other language, there is not enough material and you cant find the answers. Creating a gigantic gap between Solidity and other languages. Usually use Solidity because its way faster.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Hidden barrier for understanding blockchain in general. Could be a decent developer, but to understand Ethereum you have to understand what is a blockchain, how does it work. And you cant learn this in a day, there are complicated concepts that you have to learn with time. Have to really know what a blockchain is to develop a contract that makes sense. </p><p>Have to do a lot of handwork that you dont do in other languages. There are no error messages. Have to comment your code and run it a thousand times to see how its failing.</p>',
'What are you most excited about in the short term?': '<p>Excited to see where all the scaling is going. Plasma, Casper. Starting to get implemented and finalized, can see demos. Thats awesome. </p><p>Excited for proof of stake. To see how the ecosystem changes. </p><p>Interested to see how average user interacts with Ethereum. UI/UX.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>CryptoZombies is pretty good for a beginner. Capture the Ether is a bit more focused on security and hacks. The best thing to learn more is to read contracts. You can understand a lot of how big projects work and its very good for learning. </p><p>OpenZeppelin is a good place to start, has day 1 level stuff. Gnosis has a lot of well-written contracts, a bit more advanced. Same for Aragon, complex but its well-done. These are the ones Im more familiar with.</p>',
'Are there any other questions we should be asking?': null
},
'41': {
'Name': 'Andreas Wallendahl',
'How do you handle smart contract verification and security?': '<p>Also Josh Cassidy</p>',
'Other bounties?': '<p>In-browser signing. Would make new user onboarding much, much easier. Metamask works on it but a bounty might drive it through. </p><p>A lot of people have built interaction with IPFS, thats why we built IPFS-store and eventium. </p><p>Blockchaimulator for testing that runs through 100,000 blocks, somewhat instantly. We had to wait for blocks to be produced.</p>',
'Who are you and what are you working on?': '<p>Kauri </p><p>Decentralized knowledge base built on Ethereum and IPFS </p><p>Github is for code, Kauri is for how to use it. Built in incentivization layer enabled by Ethereum, enables bounties for new content. No token, uses Ether/ERC-20 token. </p><p>Most popular tutorial is new content from Maker.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Truffle </p><p>Geth nodes on Google Cloud </p><p>Eth.js </p><p>React</p>',
'What are your biggest frustrations?': '<p>Helping a user know what to sign and what it actually means at the blockchain level. </p><p>If new user comes to your website without Metamask, they cant interact with any web3 on your page. </p><p>Gitcoin uses a faucet to get around this </p><p>Onboarding experience </p><p>Most users are devs so they understand it better than most </p><p>Internal Consensys initiative started to onboard new users</p>',
'How do you handle testing?': '<p>Needs to ask teammate (Josh Cassidy)</p>',
'What tools dont exist at the moment?': '<p>Simple spin up of side-chain or scaling solution kind of like Heroku </p><p>Spankcard for counterfactual state channels is a good attempt at this </p><p>Omisego and Plasma team </p><p>Rapidly spin up and set criteria for Plasma chain </p><p>Gas costs </p><p>In web signing capability- I could preload Eth or fund with credit card. But, if users are used to this behavior there might be man in the middle attacks.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Hardest part was not knowing where to go in the beginning. Watching videos to understand concepts of blockchain. From there, Truffle and its intro tutorials. </p><p>Everyone was rebuilding the same stuff/components for public apps and enterprise use case.</p>',
'What are you most excited about in the short term?': '<p>Anything people can experiment with, and that can prove interest/demand. </p><p>NFTs, Ujo and Cryptokitties. </p><p>Blockchains version of single sign on. Store user information in some way (IPFS or UPort contract) </p><p>How do we get to 1,000,000 daily users</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Sam Smith, reputation AI at Consensys </p><p>Josh Cassidy </p><p>Michael Cena </p><p>Sarah Baker Mills (designer)</p>',
'What are the best educational resources?': '<p>Cryptozombies - the more modules the better </p><p>Chainshot - like codecademy, checks with unit tests </p><p>https://github.com/ConsenSysLabs/ethereum-developer-tools-list/pulls </p><p>https://medium.com/covee-network/here-are-the-best-courses-and-resources-for-learning-solidity-ethereum-dapps-600e18287381 </p><p>https://medium.com/bcgdv-engineering/getting-started-with-ethereum-as-a-developer-af20d78c49f </p><p>https://medium.com/@wslyvh/getting-started-with-ethereum-solidity-geth-part-2-d195144fe6c7 </p><p>Cryptomechanics.info </p><p>Consensysacademy for a full course </p><p>https://t.co/aRO7B8z50h</p>',
'Are there any other questions we should be asking?': null
},
'42': {
'Name': 'Clement Lesaege and Nico Wagner',
'How do you handle smart contract verification and security?': '<p>Write our own functional tests - but dont provide proper security against malicious actor (cant simulate those kind of network conditions easily). This is where fuzzing would be really, really useful. Try to understand how contracts could be exploited in ways that the developers cant directly specify in tests.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Working on dispute resolution through smart contracts </p><p>Arbitration - process to decide who is right/wrong. Looks more like an arbitration DAO - system of incentives. </p><p>Enforcement </p><p>Decision-making </p><p>Incentivising people</p>',
'What are the tools/libraries/frameworks you use?': '<p>Smart contracts - Remix </p><p>Being able to copy address directly is really cool now. </p><p>Stopped using remix core because writing tests in truffle is actually quicker than clicking everywhere through the `remix IDE. </p><p>Solidity - cant do operations in bytes. Want to split bytecode into address and integer and there is no easy way to do that. Could write some assembly (difficult to understand) or some hacky workaround that uses a lot of gas. </p><p>Byte manipulation is really needed in Solidity. </p><p>Add a solidity linter to Remix (already exists in Atom at least, but would be nice for having a properly integrated environment). </p><p>We really need a light client to use a DApp on a smartphone. </p><p>Truffle to run tests </p><p>Relying on other random libraries sometimes breaks things. If you use a library for tests that is not being used by your contract. I.e. it is very difficult to customise tests in truffle and you have to know some (undocumented) tricks in order to get around some basic stuff. </p><p>Better testing is required, more extensible and adaptable. We dont need over-engineer things, but a better debugger and a properly integrated environment is necessary. </p><p>Truffle doesnt work with latest solc - keeping all the tools in sync and up to date is a tough task and it delays and blocks developers from using the latest tools if they have not yet been supported across the ecosystem. </p><p>No warnings for deprecation!! </p><p>Frontend - ethers.js to communicate due to instability of web3. React, redux and redux-saga. Architecture with an API that is used to share methods needed to use Kleros easily. </p><p>Ethers.js is not well-known and it would be better to standardise things and have a common library for everyone to use. </p><p>Main issue with web3 lies in callbacks. They dont use promises because the 1.0 version does not support them well.</p>',
'What are your biggest frustrations?': '<p>We REALLY need a very good web3 tool that is actually stable - the errors returned through the json-rpc are impossible to decode and find info on. Making this library more performant is a key issue.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': '<p>A tool to analyse security of smart contracts better, especially complex smart contract suites. Very excited to see formal verification, whenever that comes out. </p><p>Fuzz testing is super important!! </p><p>Great to use truffle boxes, but all of them are unstable and not well maintained. Would be great to see more effort put in there. </p><p>Trying to implement chain-view: a tool to share the workflow of the ethereum protocol with the clients. Mostly used to analyse transactions (i.e whether they are successfully included in a block) Can be very useful for client-side devs and i.t.o providing end users with transparency. </p><p>Not open source currently.</p>',
'Other domain specific questions?': '<p>Pre-interview review from Nico: </p><p>It would be great to have a language like python, C to build smart contract to avoid learning a new syntax even if the syntax solidity language is good like the viper project (https://github.com/ethereum/vyper). The developers lose time to learn it. </p><p>To have a js tool to communicate with the node it is very stable and useful. We have encountered many problems with the web3 library. The library https://github.com/ethereum/web3.js/ (0.14.0): </p><p>dependencies installation sometimes broke </p><p>use callback (promise is much better) </p><p>callback to know if a tx is mined break sometimes </p><p>So we choose to use ethjs.js instead of this tool. Apparently this has been fixed recently in version 1.0. But I havent tested it yet. </p><p>An easy tool to make a hash with a salt. Its very difficult (for me) to find a library/hash function with the same hash than ethereum even more when there is a salt (https://gist.github.com/f43d7807b69402060dd6e4c8db730afc.git) </p><p>A boilerplate to build a dapp like http://truffleframework.com/boxes/. The last time I tested this tool it was very unstable, so we prefer to build our own boilerplate .https://github.com/kleros/dapper. A very good tool like this can be very useful for the developers to easily build a dapp with all tools to communicate with the ethereum protocol. </p><p>A tool to sync the front-end state with the ethereum state like drizzle http://truffleframework.com/docs/drizzle/getting-started </p><p>I haven\'t tested this tool yet but I was told it was unstable. </p><p>Truffle doesnt support the last solidity compiler (0.4.22)</p>',
'What was the hardest part about learning to develop with Ethereum?': '<p>Building safe smart contracts takes a lot of experience and understanding of game theory, cryptography, complexity skills and an insight into the edge cases that can be used to exploit certain patterns and implementations. </p><p>There is no single point to learn about all these domains, so it can be really challenging to get exposure to all of the required fields, and eve to realise that these fields are important to writing good SCs.</p>',
'What are you most excited about in the short term?': '<p>Decentraland rocks!! </p><p>0x </p><p>Truebit </p><p>Proof of Stake in general will be very important going forward. In fact, everything that allows for scalability and lower tx fees with higher tps is absolutely critical. </p><p>IPFS is interesting too - right now they are hosting some part of the website/DApp themselves and that constitutes a central point of failure, so easy-to-use and maintain decentralized storage would be really, really great.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Github and Reddit are the most useful. </p><p>r/ethereum sometimes has posts with a lot of documentation and that is almost always a great place to start. </p><p>Trawling through GH issues looking for the comment that leads you in the right direction. </p><p>Readthedocs is also super useful - esp for Truffle and Solidity. </p><p>Can be very fragmented - there are a lot of sources and some are out of date etc. Not necessarily too bad to have a lot of sources as Google can generally lead you to the right place. </p><p>GitHub should be the hub for developer documentation particularly. </p><p>When I cant find a solution, just googling is always very helpful. Sounds cliched, but someone else has almost definitely had that problem before. This often leads to a gitter conversation and the dev channels there tend to be fairly responsible.</p>',
'Are there any other questions we should be asking?': null
},
'43': {
'Name': 'Dan Tsui',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>LLC that does consulting and builds projects </p><p>Their first crypto client was Metamask. </p><p>Other examples: build UI on top of the smart contracts; how to integrate with scaling solutions. </p><p>Working with state channels on wallet. Should be live on 1st or 2nd week of April </p><p>First: “productionizing” their library for micro payments. </p><p>Got into this space contributing to the EthereumJS ecosystem. </p><p>Within the team, I function as PM and do code reviews.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Theres the inner crew of devs; then theres other teams who are trying to build stuff, but who dont have the same access. Theres also language barriers etc. </p><p>We dont quite know the lay of the land: e.g. “should we integrate with Metamask or build our own things”? </p><p>Knowledge of tooling and documentation very fragmented / scattered across ecosystem. </p><p>How to incorporate layer 2 solutions? </p><p>Peoples roadmaps are defined based on their analysis of tech at the time of their ICO, even though new stuff is becoming possible nearly every day. Staying up to date with this is challenging. </p><p>When we were starting work on Ethereum stuff we needed to learn. In order to do that well, we needed to talk to different projects as this is ultimately the best way to learn and the Ethereum community can be very welcoming if you just find the right channels. </p><p>But how do people know what to use who arent in the community: e.g. Metamask vs Mist? </p><p>Dfinity asked them to go through all the Ethereum dev tools </p><p>They use truffle, ganache, Remix - all the usual stuff.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>GK Chan - jchan@kyokan.io </p><p>Matt Slipper - mslipper@kyokan.io - wrote UIs integrating with Metamask &amp; leading Spankchain wallet project</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'44': {
'Name': 'Jacky &amp; Matthew',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Matthew: </p><p>Cofounder of Kyokan, CTO </p><p>Client work </p><p>Plasma and Plasma Chain. </p><p>State channels work with Spankchain. </p><p>Infrastructural work + Solidity. </p><p>Jacky: </p><p>Cofounder of Kyokan </p><p>Building / integrating with Ethereum wallets </p><p>Solidity</p>',
'What are the tools/libraries/frameworks you use?': '<p>Matthew: </p><p>Working on plasma and writing it in Go. Focussed on interoperability between Geth and smart contracts. </p><p>My development style: </p><p>I really like Java. enterprise-y tools make me productive. </p><p>IDE could be really improved. </p><p>I use IntelliJs Solidity plugin to edit Solidity. </p><p>“Jump-to-def”; “jump-to-implementation”; syntax highlighting </p><p>Big difference in productivity. </p><p>E.g. when Im writing Go code, I can jump to the Geth definition. This is amazing. </p><p>Im switching between Solidity / Go, or Solidity / Javascript </p><p>Solidity Javascript bindings through Truffle are good. </p><p>Integrating libraries designed for cryptocurrencies with front-end apps is hard: </p><p>Bundle sizing: different behavior if youre running in the browser or in the backend. </p><p>E.g. if you compile a contract with truffle, you get a JSON file which has the bytecode and all this stuff beyond the ABI. </p><p>This is heavy and unused. </p><p>Crypto.js has unnecessary dependencies: </p><p>Eth.js includes an ASN.1 parser which parses digital certificates which isnt needed for any crypto.js uses. </p><p>Google Chrome places a size limit (3 MB) on service workers in Incognito mode. </p><p>Bundle sizing is important need to take out dependencies. </p><p>Standardize the interfaces for all these libraries. </p><p>E.g. a standardize library to read BIP39 seed words across different programming languages. </p><p>Is there a Javascript API to boot a testnet, deploy contracts, and run tests against it? </p><p>For running application tests </p><p>I want integration tests that run against Truffle easily </p><p>Having the ability to do this via Javascript is important </p><p>E.g. automate this: https://github.com/machinomy/machinomy/blob/master/run_integration_tests.sh </p><p>People dont know how to productionize a geth node: </p><p>On Ubuntu: you can apt-get install geth </p><p>Now, how do you secure it, monitor it, etc? </p><p>People say: “just use Infura” but then youre tied to Infura. </p><p>Some ideas: </p><p>Docker instances; Chef or Ansible scripts; that setup a Geth node which has a bunch of best practices around it. </p><p>As an example: </p><p>Your RPC port shouldnt be open to the external world, but should be accessible to the front-end. </p><p>You need a layer sitting between the geth node and the external world, and gives: 1) analytics, 2) authentication, and 3) audit logging. </p><p>The dashboard could configure geth on the fly. </p><p>How do you secure a geth node with an RPC port: </p><p>Need only certain keys to be allowed to interact with it </p><p>Jacky: </p><p>Integrating Metamask with Dapps </p><p>Building a new wallet for Spank; </p><p>Its a service worker </p><p>Three threads running at once: </p><p>Runs a bunch of background processes </p><p>The Wallet </p><p>The Dapp itself </p><p>The messaging between these three threads sucks. </p><p>Cross-window JSON RPC library. </p><p>Wallets are pushing the limits of what Chrome is capable of. </p><p>Theyve had to file two bugs with Chrome in the last month. </p><p>Runs into the service worker size limit. </p><p>Mostly Javascript and Web3 work </p><p>Lot of code repetition in loading state and confirming transactions </p><p>Web3 is kinda hard to use large ABIs </p><p>Biggest problem has been around event management. </p><p>Key management is not that complicated Web3 has a good handle on it. </p><p>The Web 3 interaction with the wallet: </p><p>Web3 provider talks to the blockchain </p><p>Spank and Metamask the provider is an instance of the ZeroClientProvider written by the Metamask team </p><p>The ZeroClient makes all calls when theres no key needed. When a key is needed, it calls into your codebase. </p><p>Biggest problem is around the communication of gas costs. </p><p>The UX around this. </p><p>Users pick really high or low gas costs. </p><p>There are better ways to estimate gas. </p><p>Would be nice: currency conversion utility tools. </p><p>Existing tools are pretty buggy. </p><p>ETH has many different units. </p><p>Units conversion. </p><p>Matthew: </p><p>I write all my own methods other than lowdash where I pull specific utils out. </p><p>React / Redux. </p><p>Need a way of shoving Web3 stuff into your Redux state. </p><p>Managing the lock state of your wallet </p><p>E.g. you need the lock-state of the wallet, because the UI changes. </p><p>They written a util that queries the wallet, gets its lock-state, and puts it into the Redux state. </p><p>Authentication: people have public/private keypair; use this data as login. </p><p>Having a canonical way to npm install and have authentication build off of Metamask. </p><p>Nice to haves: </p><p>Typescript typing for crypto libraries. </p><p>Postgres types to manage Ethereum stuff addresses, wei, </p><p>Have these methods: .toFinney</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>Plasma: the future is close will see this live in 3-6 months. </p><p>Generalized state channels: L4 and Spankchain. </p><p>Plasma Cash: </p><p>The idea of a coin that you sign over to different parties its kind of like a cheque. </p><p>Can replace other entrenches business </p><p>Can attach it to a stablecoin. </p><p>In-browser Ethereum light-client: Mascara. </p><p>Were in the internet before packet-switching. </p><p>After that, everything is open and possible. </p><p>Can integrate cryptocurrency with your everyday life.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'45': {
'Name': 'Andrey Petrov',
'How do you handle smart contract verification and security?': '<p>Write a lot of tests myself. Get other people to read it. Keep it as simple as I humanly can.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>https://thousandetherhomepage.com/</p>',
'What are the tools/libraries/frameworks you use?': '<p>Truffle - not his favourite, but best thing out there right now </p><p>Vim for everything </p><p>Etherscan a lot </p><p>Remix IDE - trying this out sometimes, but also my own editor </p><p>Truffle </p><p>Also my own runner, written in go.</p>',
'What are your biggest frustrations?': '<p>Dapps: web3js stuff sucks. In the doc, its in a weird halfway state where its deprecated but theres nothing superseding it. Its pretty broken in many ways. At least 4 solutions that are about 80% done. </p><p>(ethers.js, but it doesnt speak well to metamask. Fixed now 11/05/2018) </p><p>UX stuff? </p><p>CryptoKitties situation - lot of people want a basic way to swap a transaction with one with higher fees. Thats kind of an ethereum specific thing. </p><p>Scaling? </p><p>Lightmode thing with Geth - a lot of users use the lightmode. In terms of scaling user base, thats relevant. Eventually most users use lightmode, and right now its broken. [Related update: https://vipnode.org/] </p><p>Spinning up more nodes is useful! </p><p>(Campaign to show selfies with your nodes, every office should have a node or many, etc.) </p><p>Are you running into problems with any of the following: </p><p>Gas limit </p><p>Probably a truffle problem: it returns a lot of errors related to the gas limit, but they are not actually errors. Error messages are probably just not great. </p><p>Better errors on the gas limit would be useful to address underlying problem. </p><p>Off-chain computation </p><p>Been thinking about some game ideas, and a lot of them require off-chain computation.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': '<p>Things I want improved with truffle: it has a lot of moving pieces. Reliant on the nodejs ecosystem and all that. Would like to see a binary runner - want to be able to have a binary, give it some solidity, and it knows how to run it in a simulated environment. Really useful for deploying continuous integration and stuff.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>A lot of tooling that isnt there. Ecosystem is “bursty”: there was a big burst of dev for web3, but then it stopped, its not done, and its not advancing. Truffle seems to be same thing. Why? Well people build the stuff they need, and then they stop building. </p><p>Operational security of the thing. Easiest way to use it right now is to install metamask, which is not great. If you install ina browser with other extensions, its as secure as other extensions. Installing mist is not happening. Sure it says write down seed so its safe, but doesnt explain full meaning or ramifications of that. </p><p>Do better about default backup practices. There could be automatic backup processes. </p><p>Biggest risk is loss, not theft</p>',
'What are you most excited about in the short term?': '<p>What dev tools on near horizon that would change things? </p><p>Web 3 stuff is almost there but not quite </p><p>Need to look more into the ZK stuff which is cool, but needs more researchers on it. </p><p>Tons of room improvement for wallets </p><p>Mobile dapps are in the VERY early stage. Mobile wallets that can run dapps are just reaching market. </p><p>Status </p><p>Ethers wallet has it </p><p>Metamask for brave mobile </p><p>Cipher</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Max Veytsman</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'46': {
'Name': 'Liam Horne',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Co-founder of L4 and Counterfactual. </p><p>Two main things: </p><p>Leading the development of counterfactual: a generalised state channels framework and protocol. Its a simple, intuitive framework for developing DApps using state channels - so we do a lot of work on Solidity code and general work around EVM interactions. </p><p>Co-founders of ETHGlobal - so I spend a bunch of time talking to hackers and making sure that these events represent genuine progress and that people arent just stuck on bugs. The output to time ratio needs to be as high possible.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Truffle suite. </p><p>Highest level comment: nice for specific use cases, but our use case does not match this. Its built for writing a bunch of contracts, deploying them and interacting. </p><p>Our whole framework is based around off-chain interactions, for which Truffle is not well suited. </p><p>The whole Truffle networks thing is kind of annoying. If you want to ship a simple build that you put in your browser and run, it doesnt work locally. You need to set up your own test environment. </p><p>Would be great to have a tool that could put together a super minified version of your ganache DB so that we could test across the same data. </p><p>We did some of this, but its not well known and not the default across the ecosystem. </p><p>Use ethers.js a lot </p><p>ABI encoder v2 </p><p>Not supported by truffle. </p><p>Ganache </p><p>Can be very unreliable for a lot of important things. </p><p>E.g. bug in ecrecover on bytes (even if signed correctly) it will not return the correct address, It is just not implemented correctly, so we had to port over to Parity. </p><p>However, the parity dev client doesnt throw errors on revert, it just logs them, and there is no option to change this. </p><p>The fact that the behaviours are different between these two things is concerning and frustrating. </p><p>Parity and Geth </p><p>I dont understand why there isnt just one-click Ganache replacement. If I just went to parity.heroku.app with a big button to launch an instance, thatd be awesome. Seems like low hanging fruit that could really be quite easily worked on. </p><p>Getting around all the configuration details is such a headache. </p><p>I just want to launch testnets, and even do so locally in a way that actually works in practice. </p><p>Anything to do with solidity at all really. </p><p>Libraries and tools </p><p>Remix </p><p>Playing with rust for its ability to write once, run everywhere. </p><p>Tonne of JS tools to quickly iterate </p><p>Typescript - state channels need to run in the client, you want to be able to have code client side to decide what to sign and whether it is safe, and this is easiest in typescript. Would be better in WASM, but its not there yet.</p>',
'What are your biggest frustrations?': '<p>Better UI testing. Would be awesome to have am MetaMask mock - wanna launch Chrome Canary, Safari, Moz and ganache will auto inject into the page some provider that could be used to test the full flow. We have also started work on this. </p><p>We need more to more people working on ethers.js!! </p><p>It is the best library out there, especially for quick operations, and we need like 5 more people at least working on it, </p><p>Web3 is too opinionated about exact use cases, whereas ethers is much more generic and simple and can have a lot of tools built on top of it. </p><p>We have been hesitant to develop non JS stuff, and havent yet because there is no ether.js equivalent. If there were an ethers equivalent in Rust that would be awesome. </p><p>In terms of solidity: ABI encode and decode (not written well yet, but will be super useful) are really game changing! It should be 0.3 or 0.4 or something! </p><p>Really bad documentation, especially around nuances to do with memory or storage objects etc. </p><p>When things happen in solidity, what you can do with it is not explained well. </p><p>For instance, one thing you can do is now use returndatasize to get the output bytes from some call you make. The minimum amount of code you need is a few lines of assembly. </p><p>However, this is not well known or used. </p><p>Our whole system is based on off-chain contract, and the rules in there need to be enforced by on-chain contracts. So I need to be able to interpret arbitrary function calls based on arbitrary logic/user input. This is very hard… </p><p>We do conditional payments, and these ensure that a bunch of things are true, and then interpret the results of a bunch of functions and then take those outputs and pay people. All of these inputs, not contracts, and it gets complicated. </p><p>There is a specific error called unimplemented_error which comes up in a few cases. The only way to figure this out is to google it and there are 3 or 4 options to pick from, which seems sloppy. </p><p>Error messages could be much more specific about WHAT is unimplemented. </p><p>Would be great to see also in the docs WHY certain things are not yet implemented. </p><p>Theres some subtleties around exactly how libraries work in solidity. Will send through more details when editing. </p><p>Would be nice to have a debug mode for events, so that they will trigger regardless of whether or not there was an error so that we can use that as a console.og </p><p>Also, there should just be a console.log ;) </p><p>If you emit an event with a dynamic struct and pass it a dynamic struct, the whole thing doesnt make it back in the logs: it only shows the top of the event. It certainly doesnt show the whole thing. </p><p>Whenever you hit gasLimits, you should be able to find out easily where it stopped and what line it is stopping at. </p><p>Better documentation on the assembly command sand specific example usage of them would be really good. </p><p>Breakpoints with context - these are the variables and scope etc. I will sometimes play around with delegatecall and then I dont even know which context I am in anymore and this can block me for extended periods of time. </p><p>Theres a bunch of sneaky tactics: like keyless signatures. There is a way to generate a sig for an exact and specific kind of tx from an account whose nonce is 0, because then the create opcode gives back a deterministic address. </p><p>Please can we document this!? There should be a person on stuff who just plays around with this stuff and then documents it. </p><p>This is very serious stuff, if there were a keyless-sig library, so many other things would also be available. </p><p>Better google results for Ethereum! </p><p>More literature on how Ethereum can be used to do the things people think other blockchains are better at. </p><p>Highlight ethresear.ch and some post sthere, like one from Vitalik about businesses paying gas fees for their uses, which is EOS biggest argument. </p><p>Even worse, explaining plasma, where it should be feasible to have no fees at all.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': '<p>WASM is likely most useful for us medium term. </p><p>State channels are very light in terms of the actual contract code. But the off-chain contract code is a lot more complicated. It would be nice if all of the things were doing were easily runnable in the browser. </p><p>We have this concept of a module, which is some software that wraps a particular state channel application. We need code running in the client that determines whether or not it is safe to sign the next transaction, and where you store it, if you show it to the user at all etc. </p><p>We then have to implement a copy of what the contract does in JS and it would be way nicer if we just had a local environment to run some eWASM code because then we wouldnt need to worry about the node at all. We wanna have it work in any random browser and WASm enables that. </p><p>Plasma and state channels require stripped and straight forward teams to work on this stuff that can build out all the tools we need. </p><p>Truebit is exciting.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': '<p>Ethers.js. Really, it is super simple to use.</p>',
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>I just read the code, man. What is the latest commit by ChrisEth on solidity? That is the best source. </p><p>Otherwise, Richard Moore knows everything. Literally.</p>',
'Are there any other questions we should be asking?': '<p>It would be interesting to have a meta bounty for the most valuable stack overflow answers and that person gets a 1ETH reward. </p><p>If that became a really legit place that people in the community took seriously, that would be really great and of high value. </p><p>Getting a good mod on staff to manage this and then put it out!</p>'
},
'47': {
'Name': 'Richard Moore',
'How do you handle smart contract verification and security?': '<p>Extensive testing! </p><p>Using ethers.build etc. code audits are usually from Yuet. </p><p>Usually just have someone else look it over. </p><p>More careful with blockchain-things esp once my money is in there.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': null,
'What are the tools/libraries/frameworks you use?': '<p>I use all my own stuff, mainly </p><p>Ethers.js </p><p>ethers.cli </p><p>Ethers.build </p><p>Parity </p><p>Node.js</p>',
'What are your biggest frustrations?': '<p>Documentation is a huge problem </p><p>A lot of documentation is simply missing, or its not good </p><p>Its all outdated! It seems authoritative, but then I find its wrong. People dont always do a good job of this. Ethers is only non-solidity implementation of soliditys S3 that works correctly. </p><p>If you read the docs, its just wrong!!</p>',
'How do you handle testing?': '<p>Automated testing? How do the facilitate manual testing? </p><p>Ethers.build </p><p>Automated </p><p>Also facilitates manual testing </p><p>Rudimentary debugging</p>',
'What tools dont exist at the moment?': '<p>Events!! </p><p>Theres definitely missing features of what ethereum actually stores in its DB. </p><p>I would love if infura enabled the trace API, which is hugely expensive, thats probably why they havent, but for now there is no way to give it an address and find all the transaction (or even a transaction) from that address. </p><p>Would be great if you could just tell me the first tx hash that a given address ever made. Obviously this vastly increases cost of an ethereum node to run, but would be useful. </p><p>Events are just wildly unreliable. This is why ENS stores things on chain. Events dont work well enough to do what you need to do. If I need to look this up, I cant. </p><p>The main reason is if you indexed all that stuff all the time, it would constitute a huge load. So most people arent doing that. Scarce details of how they arent is the problem... </p><p>[Greg is working on something that will do this]</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Install and setup and configure and run and sync your own chain is ridiculous. </p><p>Libraries like web3 which have big problems. </p><p>Web3 feels weird given how javascript is used and behaves. </p><p>What would be the hardest part of teaching somebody to build a dapp? </p><p>Mainly just the idea of how blockchains work. People tend to misunderstand what the blockchain part can and should do. </p><p>Its very easy for a person to write a terrible contract. Even if you write a terrible MVP, its easy to release the non-terrible version later. But with this, if you make a bad mistake, its a huge problem - more like hardware, you cant always change it on the fly. </p><p>And the documentation sucks.</p>',
'What are you most excited about in the short term?': '<p>0x is cool. Rufflet is neat! I like the idea of having introspection tools in the system. </p><p>Also: https://www.withpragma.com/logging/0x06012c8cf97BEaD5deAe237070F9587f8E7A266d </p><p>Debuggers are super important and I want them! Martin Swende demoed one, but needs some other stuff… his thing focuses on monitoring the EVM code and state changes its performing, as opposed to solidity. I want to be able to step through my solidity code line by line and see the changes that it is making on the blockchain. </p><p>The sourcemap is not super reliable. Because once you compile, it might reorder operations, and certain ops span lines, it starts becoming non-obvious what the correct thing to point to is.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Yuet Loo</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'48': {
'Name': 'James Childs-Maidment',
'How do you handle smart contract verification and security?': '<p>No process, but would love to have it. </p><p>Apart from testing, would be cool to have tools that analyze what youve written and make sure youre not doing anything dumb. </p><p>Right now, using Remix is helpful for getting warnings and stuff. </p><p>Hasnt used Oyente</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Been building social apps on Ethereum. Leeroy. </p><p>Storing all posts and likes on-chain, syncing that with a centralized database and frontend. </p><p>I started with some little smart contract that saved a string to variable. </p><p>After that, just dove in on making Leroy over the next few months. </p><p>After getting a feel for solidity by playing with Remix. </p><p>Didnt really understand how expensive it would be to save everything on the blockchain. Solution was to store the hash of all the inputs. </p><p>From there, had to learn how to make things as cheap as possible. </p><p>Quite a bit of smart contract work on Leroy. Multiple versions of the contract along the way. </p><p>Because its as cheap as possible, Leroy doesnt even fire events.</p>',
'What are the tools/libraries/frameworks you use?': '<p>React / Redux app, with a firebase backend </p><p>Truffle. Just deployed using Remix, and uses it for playing with the contracts in general. </p><p>If not already mentioned, are there any libraries you rely on regularly? </p><p>Web3JS </p><p>In a toy project, used MetaMask just for signing transactions. Had a separate web3 using Infura for other stuff.</p>',
'What are your biggest frustrations?': '<p>The tools are pretty early. Constantly running into a ton of bugs. </p><p>On Leeroy, had to install packages and fix stuff from other projects that were broken so he could use them. </p><p>Yesterday was playing around with a new app, and was using Ganache, and it would just lock up and crash. Then you need to redeploy the local smart contracts, which takes about a minute to get up and running again. </p><p>A really stable local chain would be cool. </p><p>With solidity, it would be great if you could get a better view of what went wrong when a transaction fails.</p>',
'How do you handle testing?': '<p>Truffle for testing (JS unit tests). </p><p>Really enjoying writing async await tests with Truffle. </p><p>Automated testing? How do you facilitate manual testing? </p><p>Play with the contracts in Remix. Deploy the contracts to testrpc and then test manually using the UI.</p>',
'What tools dont exist at the moment?': '<p>When you use Web3 library with Metamask, its really crappy getting events coming through. </p><p>Maybe will get fixed when moving to websockets with 1.0</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Only started in June or so. </p><p>Just reading through github and reddit instead of an actual source for education. Having really good docs in one place is a big thing.</p>',
'What are you most excited about in the short term?': '<p>Aragon.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'49': {
'Name': 'Yondon Fu',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Previously: working on smart contracts. </p><p>Truffle, testrpc / ganache-cli. </p><p>Expanded our test suite so they could run on multiple clients: could point at testrpc, at geth or Parity on PoA mode. </p><p>Now: Golang for our node. </p><p>Integrating our smart contracts with their node that does video-processing. </p><p>Working with Geth. Theres packages for interacting with EVM.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Livepeer that runs as Daemon, unlock your wallet, give this an in-memory key. They have a DPoS protocol built-in. </p><p>Similar operational problems as someone running a validator node for Casper FFG </p><p>How does Daemon have access to private key, in non-manual confirmation from you? How do you do this securely? </p><p>Whats the proper key management flow. Not necessarily a bounty, but shared knowledge. </p><p>Need better documentation </p><p>Some of the new things you need to use are not documented yet. Writing documentation is a good way to introduce someone to internals of a project (they need to understand stuff to write the docs). </p><p>Example: heard this from Eric at Livepeer, theres a tool in Geth called Pupeth: uses Docker containers to set up an Ethereum private network, gives you dashboard - would be awesome. </p><p>libp2p (networking layer for IPFS) especially since its gaining a lot of adoption but the examples for getting started are still a little sparse</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Smart contracts: </p><p>Contract compilation time is slow. We use Truffle compilation, which I thinks uses Javascript-bindings for C++ compiler. </p><p>Sometimes the compilation takes longer than the tests. </p><p>Running C++ compiler (solc) without the Javascript binding is way faster. </p><p>Can Truffle use the Solidity compiler internally, without the JS binding? </p><p>Maybe this is an easy feature add[a]. </p><p>Ive played with DappHub. Its much faster. </p><p>It would also be helpful to specify a compiler version to use without using a completely different version of Truffle </p><p>If you make a change, Truffle tries to be smart about which contracts to recompile. Sometimes this doesnt work and you need to blow away /build dir and recompile. Not a great UX. </p><p>In truffle console: using JS promises are annoying can be verbose and hard to read. </p><p>Would be cool: having a transformation of that console, if it had async/await, or some kind of wrapper to make things seem synchronous. </p><p>If I see an error in a contract: </p><p>Debugging sucks. Right now: comment out code, recompile, deploy, run again. </p><p>Solidity is adding a “reason” string for the revert message. So you can have reasoning! </p><p>They have an internal Ethereum testnet running. </p><p>Writing the Go client: </p><p>Pain point: nonce management </p><p>Options: </p><p>Geth web3.sendTransaction: geth sets the nonce for you. </p><p>The other option is to pick the nonce yourself. </p><p>For our client, we do the nonce management ourselves: theres a method to get the Nonce, and includes transactions in “pending” state, but you dont know them if youre not a miner. </p><p>This is an issue if you submit concurrent transactions. </p><p>Parity has a custom method called nextNonce, which works properly </p><p>Parity vs. Geth different methods theres more room for cross-client feature sharing, adding things into the standard RPC interface.</p>',
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Guys at Aragon Jorge or Oliver. </p><p>Ethereum Natural Specification style basically a commenting style that can have auto-generated comments from it. Aragon is building a custom version of this. </p><p>Zeppelin. </p><p>0x </p><p>Been putting out good developer tooling. Really into Typescript, static typing.</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>Have we considered Grants, for longer-term things, vs. simply bounties? </p><p>E.g. Debugger would require longer-term maintenance, needs to develop in pace with Ethereum development. One-time bounty might not be enough. </p><p>Might be a fit for longer-term projects. Milestone-based? </p><p>Nicola Greco had some interesting ideas about incentivizing more open, collaborative academic research - are there learnings from thinking in this design space that can be applied to general open source?</p>'
},
'50': {
'Name': 'Eric',
'How do you handle smart contract verification and security?': '<p>Internal security audits. Taking time to do thorough code reviews. </p><p>Trail of Bits did a security audit </p><p>Launch has been great, its been a month and theyve learned a ton. Bigger and bigger community call, can test economic assumptions on the Mainnet.</p>',
'Other bounties?': '<p>Identity solution. ENS exists but like a great solution thats built on top of ENS doesnt exist yet. Some solution around there is interesting </p><p>Reputation system on addresses. Addresses are participating in all these protocols. The network effect you have, the behavior of the one address in one protocol can predict in others. TrustDavis is an interesting paper on this. </p><p>Truebit is something that a lot of projects hope will exist. They are collaborating with them closely. They already have a prototype thats working and are excited about this</p>',
'Who are you and what are you working on?': '<p>Been working on Livepeer for 2 years, before this was an entrepreneur. Was interested in Bitcoin in 2015 and saw Ethereum launch in the same summer as Steemit. Those two things got my attention. </p><p>One of the things we found in web2 is that video facilitates transactions. Companies make a lot of money by charging a big premium for this transaction. 30-80%. </p><p>Started to get more familiar with decentralization, wanted to build a video protocol that is cryptonative. Crypto payment by the packet. No payment channel so needed a decentralized video infrastructure.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Use web3js a lot, we use a lot of peer-to-peer networking in addition. First version of livepeer was a fork of Geth codebase and adding video streaming, since then we have a brand new code base. </p><p>Delegated proof-of-stake system for electing service providers in the network. All built in Solidity, use Truffle for this. </p><p>Use some Trail of Bits for security stuff </p><p>Use IPFS for storage </p><p>Truebit for decentralized computation verification </p><p>Collaborate with Swarm team for video distributions </p><p>The way our tech works is we depend on Ethereum for protocol but our own peer2peer network for delivering video. We create our own network while every node talks to Ethereum, can get complicated.</p>',
'What are your biggest frustrations?': '<p>When we first started was still pretty hard to write code in Solidity, Truffle was just launched. That was a big hurdle. We operate our own Ethereum test network which has its headaches. </p><p>There are quirks in the Ethereum network that are not documented. </p><p>The Ethereum network in general does not do event subscription, notifications dont work great here. Most popular tool is in Infura but their websockets are pretty flaky </p><p>We ask people to run Geth lightnodes, these have less overhead than full nodes but are still a bit of overhead. </p><p>We found a bug in the code and then did a smart contract upgrade process using a proxy contract pattern which saved us. Upgradeability doesnt work super well. Doing the upgrade, communicating with the community, etc. was a big undertaking.</p>',
'How do you handle testing?': '<p>Do a lot of unit testing. Try to cover as many cases as possible to make sure the code quality is high. There is not a lot of guarantee in terms of testing for security.</p>',
'What tools dont exist at the moment?': '<p>Better Debugger comes to mind. Monitoring systems and alerting systems. Metrics gathering systems. No one has figured a great solution for this. </p><p>Where do all the data live? Can use IPFS but you have run IPFS yourself and the solution doesnt perform well. One big research question is data availability problem. A lot of protocols work because they depend on punishment for bad behavior. But to prove the punishment requires data. For Casper thats fine, but or other protocols that doesnt work. If you rely on off-chain data can make this data unavailable for an attack vector. </p><p>Transaction Attestation Platform (TAP). Different interfaces on a smart contract. How can people trust that the smart contract underneath is the thing that theyre thinking about. Kind of anti-phishing. Give a reputation to a smart contract. Show this to a user in a standardized way. It is a decentralized platform that users can use to attest to the trustworthiness of smart contract functions that other users will have to invoke in order to interact with DApps. http://dappbench.com</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>The amount of technologies you have to be familiar with is much larger than other tech stacks. Security, new programming language, JavaScript to interact with the contracts, game theory, sheer amount of knowledge that you need to get started is quite high.</p>',
'What are you most excited about in the short term?': '<p>Really excited about Casper, gonna be cool to see. Proof of stake at scale. How it affects the economics in the ecosystem. </p><p>Some layer 2 solutions that become fully usable. Past theoretics. For POA Network, the explorer is currently not there. </p><p>Plasma is longer term. Cosmos is coming online, Ethermint afterwards. Loom network, etc.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>SuperMax Project, protocol explorer for protocols that are living on top of Ethereum. Build for Aragon, CryptoKitties, etc. </p><p>Connecting dApp developers to protocol developers. A lot of projects building on top of Ethereum that he knows need both. As of yet unnamed project but will connect.</p>',
'What are the best educational resources?': '<p>Tutorials on Ethereum home page. He always tell people to start working on a pet project and thats the best way to learn. Instead of going through a tutorial you should think about something cool and thats simple enough that you can build your own thing.</p>',
'Are there any other questions we should be asking?': null
},
'51': {
'Name': 'James Duffy',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Some type of tool that would take ETH Smart contracts, pack them up and automatically deploy them to mainnet. </p><p>Heroku style CLI deployment tool or in-browser version. </p><p>Making deployment easier for testing and production. </p><p>Solidity is really “bare bones” </p><p>Hard to manipulate strings -- not present in Solidity </p><p>When trying to give examples in CryptoZombies -- couldnt do much </p><p>Comparing strings -- no substring function </p><p>Would be nice to have more “Utils” </p><p>Started Solidity X </p><p>Superset of Solidity that compiles to Solidity (intelligent defaults and prevents security issues) </p><p>Think coffee-script for Solidity -- plan to continue development in the future</p>',
'Who are you and what are you working on?': '<p>Hybrid online marketing + developer </p><p>Invested in Bitcoin since 2013, huge fan of the philosophy of crypto. I forgot about it during the 3-year bear market, then interest resurged in 2017 when I discovered Ethereum </p><p>My co-founder Luke was working as lead developer at crypto company called Block Mason </p><p>I wanted to build new project because I was running into scalability issues on Ethereum. Matt was running into same issues -- things were too expensive and some really bad UI in general. </p><p>The project evolved a lot: the initial idea was called ETHDeploy. We were giving people a way to spin up EVM-based side chains on private test networks for demoing and user trials. </p><p>Digital Ocean style way to spin up ETH-based blockchains. </p><p>To get adoption, we needed to build up our own applications. When we started doing that, we realized it didnt make sense to build EVM stuff in Solidity and built in Go. </p><p>Need developers building on platform - so built CryptoZombies </p><p>First, we built ETHFiddle which is Fiddle for Solidity -- like JSFiddle (inbrowser IDE for Ethereum to share code. Like Remix, but you can quickly share code snippets.)</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Deployment is “tough” - initial problem we set out to solve </p><p>When first building DAPP, testnets are a mess: </p><p>Just dont work at all - people eating up all the transaction bandwidth or DDOS them. </p><p>Faucet to get ETH on testnet is hard to find and use at scale. </p><p>Setup local development with Truffle / Ganache, which is fine, but once you want to get it live to demo or do anything really useful, it is quite a headache. </p><p>Our CTO just deployed it to testnet, which was less of a headache. However, deployment to mainent itself is quite difficult </p><p>ETHDeploy: auto populate wallet with huge amount of Ether; test things without having multiple steps; blockchain clone. </p><p>Became less of a focus for us. Doing something with Loom had potentially a much bigger audience and more use cases. </p><p>Still need transaction costs on main-net down! </p><p>Our argument is that not everything involves high storage of value / sensitive data (doesnt need full decentralization), but we still want important parts on main-net (character data, owning items) </p><p>Delegate Call (first app): users earn karma and tokenized karma they can transfer to mainnet for contributing to site. </p><p>Could load cryptokitty into platform (ERC-20 + ERC721) </p><p>Storing hashes of large amount of data verifiable on side chain. Mostly using relay to transfer tokenized assets </p><p>Limited experience on mobile, which limits user adoption. Steep learning curve there </p><p>Metamask is most straightforward thing, but not sure how to improve.</p>',
'How do you handle testing?': '<p>Truffle / Ganache. When its time to test on a real network, sometimes just deployed to mainnet . </p><p>In-House guy out of NYC that does contract audits </p><p>Open Zeppelin stuff is awesome </p><p>Use own ETHFiddle to hack on code in the browser and share things with other people </p><p>Compiler output not good: just does a diff check. </p><p>Tried embedding Solidity Compiler, but errors werent descriptive enough</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Loom - tell us more about games on the blockchain </p><p>Lots of people working on games and some early successes inspired lots of people. </p><p>Games will be first real use case outside of financial payments </p><p>In-game assets that you physically own and can trade; real digital scarcity and users running nodes with the power of forking (nodes can reject changes to games) means an entirely new frontier of possibilities. Developers cant shut down the game! </p><p>Shared game worlds because data is open on blockchain </p><p>Think its going to be easy to gain user adoption with in-house game studio and building three games. </p><p>Loom is developing an SDK to the point where it can be packaged and used by public </p><p>Games and social apps -- anything could run on these sidechains </p><p>Need constant feedback of teams trying to use it, so we can iteratively improve it </p><p>Pluggable consensus mechanism. </p><p>DPOS that we built in-house (like Steemit type) social sites </p><p>We plan to support Casper / Tendermint. Not usable version thats public, the byzantine fault tolerant mechanism specifically. </p><p>Core developers are close 20. Cofounder has done projects at Bloomberg, Digital Ocean, spoke at 20 Go conferences over past couple of years. Friend out of India runs team of senior developers, have had a team there from the get-go. </p><p>Not being based in US means cost is much lower </p><p>A lot of: senior back-end developers that had worked with distributed systems </p><p>1 SDK building in-house; games to demonstrate platform, onboarding game companies (Unity) </p><p>Make it easy for normal devs to make the jump into building blockchain dapps! </p><p>Core developers at Loom are close 20. Cofounder has done projects at Bloomberg, Digital Ocean, spoke at 20 Go conferences over past couple of years. Friend out of India runs team of senior developers, have had a team there from the get-go. </p><p>Not being based in US means cost is much lower </p><p>A lot of: senior back-end developers that had worked with distributed systems </p><p>1 SDK building in-house; games to demonstrate platform, onboarding game companies (Unity) </p><p>Make it easy for normal devs to make the jump into building blockchain dapps!</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'52': {
'Name': 'Matthew Di Ferrante',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Audits </p><p>Some clients have their own testnets. Or some chain state that needs to be initialized before you can run the code. </p><p>Smart contract dev </p><p>Decentralized exchange project </p><p>Testing that is hard. You need to deploy on chain; theres a vault, ownership, hierarchy. How does the moving average work? You gotta run a 1000 trades and they have to be from the same account, etc etc </p><p>I wish these tools had a dev mode where you can deterministically generate accounts </p><p>Geth &amp; Truffle &amp; etc should have a 1000 accounts that always show up as the first 1000 accounts. </p><p>E.g. for testing signatures. </p><p>There should be a templated test environment; that you can use across environments, installations, etc. </p><p>I find himself editing this a lot. </p><p>People often give me tests which have addresses hard-coded in. I then have to set it up again. </p><p>Consistency: </p><p>Getting projects to sync up; or a tool to initialize the setup for different projects. </p><p>Can use ganache or testrpc upto a certain point, but then, it doesnt scale. </p><p>Something that takes one second to run in geth, takes 20-30s on ganache. </p><p>A tool that seeds the addresses, accounts environment imaging.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': null,
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>How long does it take to setup dev environment &amp; tests. </p><p>On my own computer: I dont use npm install global or npm at all Ive created my own vagrant script, which specifies where I install stuff. </p><p>It takes a long time 1, 2 hours to update part of the environment. </p><p>Its a huge barrier to entry </p><p>Also, a huge barrier to experimentation. </p><p>Making something where you can from idea to execution, would be great. </p><p>Remix doesnt work for complex interactions, or with something thats already onchain. </p><p>Things get truncated in Javascript. </p><p>I wrote my own Python stuff for handling bignum calculations and submitting to the contract. </p><p>We need better support for interaction with contracts that have non-trivial inputs: </p><p>E.g. if you need to some pre-processing. </p><p>Common patterns across projects Im auditing: </p><p>Theres limitations to the Solidity compiler simple fixes could help the rest of the ecosystem make less mistakes: </p><p>E.g. imports: </p><p>If you import an interface, then you have to link to a contract onchain. Or you can directly import a contract. </p><p>Having a pre-approved list of contracts theres no reason to be redeploying things on the chain. </p><p>Ethpm does this but worth adding support for this in the compiler itself? </p><p>People roll their own complex math: </p><p>Because Solidity doesnt have floating point, people come up with binomial approximations etc. </p><p>Talk through a complex audit and how the process works: </p><p>First: site-read the code. </p><p>Notice small details: e.g. theres an unbounded loop here. </p><p>Setup the environment </p><p>Actually execute the code. </p><p>Step through the code with a debugger: </p><p>I use EVMLab shows opcode per line with the state. </p><p>Notes: </p><p>I have a lot of hack-ish tools Ive built himself. Would be nice to standardize these. </p><p>For audits: I dont look at the offchain stuff. </p><p>How do I get testnet eth? </p><p>On Ropsten: I have a server. </p><p>Some clients have their own testnets; I forward through their machines </p><p>If I need a lot of testnet eth (eg. testing a reverse dutch auction): I might spin up my own dev net. </p><p>Moar? </p><p>Having a setup tool, like truffle init, which initializes keystore and an initial chain state where each of those addresses have a balance </p><p>Youd run this after npm install, truffle init in your workflow </p><p>Going from truffle init to a working ethereum setup takes too long</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'53': {
'Name': 'Jenna Zenk, Travis Jacobs',
'How do you handle smart contract verification and security?': '<p>Continuous integration with tests and Oyente integration </p><p>Use Oyente.js - Melonport has sponsored the development of. Knows certain set of issues that have occured in smart contracts. </p><p>Regular code audits (4). Before they go live next February, planning for 2 more audits. Audit from Nick Johnson and Martin Swende. Audit from Deja Vu. Last audit from bug bounty- Nick Munroz from Solidify. Also running a main net bug bounty. </p><p>Thinking about formal verification but costs associated with it is really high.</p>',
'Other bounties?': '<p>Javascript library and </p><p>Light client</p>',
'Who are you and what are you working on?': '<p>Decentralized asset management system. Smart contract that allows you to set up and manage digital assets. </p><p>Feature complete protocol going up to mainnet for short period of time for testing.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Smart contract: Dapp by Dapphub. We manage packages with git modules. Includes Solidity compiler. </p><p>Subpackages delivered as git submodules i.e. safemath. </p><p>Used truffle in the past. When you make a large project of truffle it becomes too complex. Not a fan of the migrations script. Record migrations on blockchain with an actual contract. Cant run specific migration scripts, must run sequence of them. Need to recompile every time you do migrations even if contract code hasnt changed. </p><p>Parity.js used for testing and deployment. Doesnt have much error handling beyond what weve requested. Uses parity specific JSON RPC calls- cant deploy to Geth or Ganache nodes. Looking to switch. </p><p>Didnt use metamask because idea was to have mobile compatibility- therefore didnt see the value of metamask and were less feature complete. Internally developed in-browser wallet with Ethers.js works on all devices </p><p>Ethers.js library- really great. Only used in front end stack. Great because its not dependent on Metamask. More tools needed like Ethers.js that are maintained well.</p>',
'What are your biggest frustrations?': '<p>Coverage tool with truffle worked okay, but nothing available for DApp. </p><p>Soliditys lack of error handling. </p><p>Web3.js is far from mature, Eth.js looks okay but not to many people using it. Ethers.js is good for wallet management but a bit monolithic. JS library that will emerge as a standard is the one that maintains it. More functional JS approach from someone who loves Javascript. Event watching, querying blocks.</p>',
'How do you handle testing?': '<p>Use Parity.js for deployment on test network </p><p>For testing- use Ava javascript framework</p>',
'What tools dont exist at the moment?': '<p>Really good .js library, better standard. Our front-end would love to help with ideation/funding. </p><p>We almost have to ask users to run full parity node to not affect our Node, force downtime. More community-available Nodes or otherwise light clients. Infura is completely owned and limitations such as querying limits and looking far back into history.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>Light clients </p><p>Graph protocol - create a data layer that caches the blockchain that sits between in SQl database. </p><p>IPFS, OrbitDB.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Stack Overflow is best for practical development issues</p>',
'Are there any other questions we should be asking?': null
},
'54': {
'Name': 'Aaron Kumavis',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Weve had good experience with bounties Gitcoin, </p><p>One issue: bounties denominated in ETH or tokens, which leaves them open to volatility and potentially unhappy contributors. </p><p>Gitcoin, has ERC20 support, so you can use DAI now, which should help significantly. </p><p>People sometimes do crappy jobs, then get angry that theyre bounty wasnt accepted. This is, in a general, a problem between intrinsic and extrinsic motivation which still needs to be solved. </p><p>Internally requirements change sometimes, leading us to not wanting to accept the solution even it abides by the initial spec, because wed need to do a refactor around it.</p>',
'Who are you and what are you working on?': '<p>Whymarrh: contracting in the space, working on Metamask UI, working at Kyokan. </p><p>Kumavis: co-founder of MetaMask. </p><p>wallet functionality; </p><p>not losing your private keys; </p><p>showing you what youre signing, and what the side-effects of that are; </p><p>choosing a good gas price </p><p>Using Ethereum.js, Eth.js. </p><p>One thing we dont do well conveying on-chain errors that happen during tx execution. </p><p>Want to be able to go deeper. </p><p>Source map tooling. Heres where it exactly went wrong. </p><p>Want: an API to get source maps for published contracts. </p><p>Source mapping tool already exists. </p><p>Give it the trace information. They can generate this themselves using the json rpc. </p><p>Find where it reverted. </p><p>Throw that into the source maps. </p><p>Thatll give you the original line it was on. </p><p>Could do more fancy analysis: find what values in the state are. </p><p>Not sure how useful this would be the average user.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Usability </p><p>Challenging because theres a large range of users. </p><p>E.g. Kenny at MakerDao whos now at RChain. Hiss job was to manage the multisig for their funds. Hes sent a 1000 transactions on Metamask, hes always signing, approving, etc. </p><p>E.g. other people have no idea whats going on, want to participate in an ICO. Any extra information you give them confuses them. </p><p>Toyed around with the idea of presenting two different ideas. Advanced mode. </p><p>We have a whole support team. </p><p>Some tickets are sophisticated bug reports. Some are “hey, you stole my money”. </p><p>Were trying to build general education resources. </p><p>Bounty: Ethereum for dummies. </p><p>In Metamask support </p><p>What is a private key, what is a seed phrase (most important!) </p><p>Tokens are initially straightforward. But looking at a block explorer, it says my tx was sent somewhere else. </p><p>Why do I need to pay ETH to send a token to someone? </p><p>Gas prices. </p><p>Metamask can share learnings from their support team. </p><p>Whymarrh is introduced in contributing few hours. </p><p>Thinks videos or walk-through could be the best medium for explaining complex things. </p><p>Kauri can have specific documentation for technical stuff. </p><p>Transaction confirmations </p><p>We need to explain what is happening to our users. The DApp could be lying about whats happening, which makes it extra complicated/interesting. </p><p>Metamask receives a tx from the DApp, but no more info. </p><p>How do you convert that into a message to the user? </p><p>“It looks like its talking to a token contract; or sending a random blob of data...” </p><p>Take that low-level data and have to convey to the user whats happening. </p><p>We have special cases e.g. a token transfer, this is an ERC721, this is a DAO proposal, etc. </p><p>Theres non-normal stuff e.g. whats it like for a sidechain? </p><p>Multi-network how would it work for non-Ethereum stuff? </p><p>E.g. secure scuttlebutt. </p><p>E.g. Filecoin, Dfinity, etc. </p><p>E.g. Plasma chains inside of Ethereum. </p><p>Standardization of transactions, blocks, signatures, etc. not bounty-able right now. Need to build an architecture around it. </p><p>Then, you need plugins, which could be a good fit bounties. </p><p>Scaling. We have 1m users... </p><p>A lot of the work for scaling has happened inside of Infura. </p><p>Part of it is just throwing money on the fire. </p><p>They developed a REST api for json rpc. So now they can put a CDN in front of it, and get caching. </p><p>But now, a standard provider cant point at the REST interface. </p><p>Seems like the big need is for standardization. </p><p>E.g. Makers ERC20 version doesnt match the standard. </p><p>Thats not because we dont have enough conversation, its that we dont have real governance. </p><p>Infura is an existential risk for Metamask, because its expensive and were a non-profit. </p><p>Weve been working for a while on their light-client. Were blocked by some libp2p internals.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'55': {
'Name': 'Dan Finlay',
'How do you handle smart contract verification and security?': '<p>Regularly TDD. Write a lot of tests. Truffle, dapphub etc. </p><p>eth-js or web3 to deploy contracts and write tests over to that. </p><p>Low-level js test. Thin wrapper around json-rpc, compile with solc, deploy straight to rpc. Used truffle v1 and they changed api, so truffle was behind. Switched to remix. </p><p>On metamask we use tests and QA. Automated tests and user tests. </p><p>Understanding the blockchain in the first place. </p><p>Whats happening under the hood and why I would care. </p><p>A big challenge people hit the first time is reading from blockchain versus proposing a change.</p>',
'Other bounties?': '<p>https://ethereum-magicians.org/t/strange-loop-an-ethereum-governance-framework-proposal/268/24 </p><p>Theres a road map that needs to be executed for this to work. If I had to guess, heres how it might unfold: </p><p>A client team with incentive to encourage a hard fork might implement “accepting on-chain hard fork proposals with client parameters” as a way to make it easier to develop the hard fork, in a community-focused way that gives users the power of choosing future forks in general, not merely supporting their own interests. </p><p>Once one client has implemented this, they should advertise their client as the client that gives the user the most control over the fork policy that their client uses, in hopes to either steal users to that client, or pressure other client developers to relinquish their own privileged decision making position by implementing support for the same. </p><p>There will probably be a friction period, either where some client devs dont want to support this feature (either out of conviction or seeing it as a waste of time, since they may not want or need any hard forks), and so it might come down to people who have the most at stake (for example, people hoping for a funds recovery) to fund the development of this general feature for all clients. </p><p>If core client developers arent interested in supporting user-chosen hard fork policies, and refuse to review/merge these PRs, that might be a good reason to fork those clients, with hopes to merge after the changed version is proven stable. </p><p>IMO, any client not favorable to a user configured fork choice rule is entrenching their own power, and informed users should flock away from those clients as other alternatives emerge.</p>',
'Who are you and what are you working on?': '<p>User interface platform apps - Apps that enable other apps. </p><p>A few gateway apps. </p><p>First layer of education making it easier for users to interact with other apps. </p><p>I started with the original “Hello, World” Greeter contract from ethereum.org. </p><p>I liked it so much I forked it. </p><p>Originally they had 3 tutorials: Greeter, Voting, and Crowd-funding - would be great to see that kept more up-to-date...</p>',
'What are the tools/libraries/frameworks you use?': '<p>React, gulp, javascript, browserify. </p><p>Mocha for testing, build live reloading. </p><p>web3 api and rpc api. </p><p>sinon mocks. </p><p>Create a UI for smart contracts, run testrpc, deploy contracts, and query it. </p><p>If not already mentioned, are there any libraries you rely on regularly? </p><p>web3, eth-js, provider engine deprecating for json rpc engine, react. </p><p>bip-39, web crypto libraries. </p><p>Currently developing eth-keyring-controller</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': '<p>Test network, mainchain, local test rpc, mocked user interface.</p>',
'What tools dont exist at the moment?': '<p>The ability to make really lightweight user interfaces that subscribe to blockchain state. </p><p>Would prefer that json-rpc return promises. </p><p>json-rpc is unperformant, wish it was easier to contribute to.</p>',
'Other domain specific questions?': '<p>EIP-719 would make a great bounty to make this. Contracts exposing a way to request a human readable. render approval screen. </p><p>Could make transaction process human readable. </p><p>Moonlay by Mist team[a] is interesting and deserves more attention. </p><p>Browser permissions. These require browser vendor cooperation. The only way to expose web3 is to require read/write access to all websites. But we actually only want to expose to a few participating websites. </p><p>Web3 api</p>',
'What was the hardest part about learning to develop with Ethereum?': '<p>Ultimately these things are not usable yet, because blockchain isn\'t scalable, and blockchain hasn\'t scaled. This is not a pleasant way to build applications. </p><p>Also, a lot of patterns aren\'t defined yet. </p><p>For example, in CryptoKitties when you lock a kitty, another user might retry kitty. </p><p>In general, conveying to the user [who is interacting with a smart contract] what\'s happening under the hood is frustrating. </p><p>There is a big chasm between what people are used to with current application and blockchain applications, i.e. things like gas. </p><p>Cryptokitties is great example of what developers are capable of creating on the blockchain. Established web design firm. What decisions did they make based on docs? </p><p>We need to address what constitutes a production grade app. </p><p>Scaling is eventually a part of that. Plasma chain interaction might look like in a web app.</p>',
'What are you most excited about in the short term?': '<p>Looking forward to helping people access funding for opportunity they didn\'t have before. </p><p>Non-profit to voluntary social infrastructure, small businesses that would have. </p><p>Social token launches. Make it more accessible to launch and sell coins for small businesses. </p><p>WeTrust, Bancor, Circles, Curve token issuance, Puddle, Ripples trust lines which is getting adopted by Raiden, Open Baazar Trusted, Keyva, Geo, Sherpal, Building Societies. </p><p>Also excited about remote keys stored as a service, i.e. some service to store consumer keys.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'56': {
'Name': 'Christopher Brown',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Full stack web dev, working in finance and some other industries. Started in Eth after reading WSJ after Frontiers release. </p><p>VM was interesting - run code in the blockchain is really interesting. </p><p>Modular.network - working on a hybrid solution with Blossom. </p><p>Several microservices in AWS that are coordinating with SCs on the blockchains - all that talk to a frontend dashboard </p><p>Token contracts </p><p>More extensive libraries now - we have an open source repository for ETH contracts. </p><p>Math </p><p>Token </p><p>Crowdsale </p><p>Array handlers </p><p>Linked lists handlers </p><p>Landed on Status repos first when looking at this stuff :) </p><p>Looking at zeppelins libraries and they didnt seem as organised as other strong OSS libraries. </p><p>All about documentation!! Seemed lacking and this is the focus at modular.network. </p><p>Not deployed libraries you can link to. </p><p>Modular deploys on all networks and you can link to them specifically using delegatecall. </p><p>Take ERC20 - no reason to have 10000 Full implementations out there, just need contracts to hold their own storage and implement the right interface. </p><p>Bridging tech is most important for foreseeable future due to efficiency concerns on chain. </p><p>ETHPM required for graceful handling of libraries and packages, easily, securely etc. Really need to focus on that. </p><p>Have some thoughts about using on chain tests for upgradeability.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Truffle for building, testing and compiling </p><p>Can be sketchy on deployments, though this has improved recently. Built our own deployment script to get around it though. </p><p>Test, compiling and running are cool, but none of them are linked very well. </p><p>Being the devs of both ganache and truffle -putting the scripts together that would run the whole suite would be awesome. </p><p>Needs easier integration with CI tools. </p><p>Test scripts from zeppelin (in the sol libraries that pulls up testrpc, gives it a bunch of accounts and then executes whatever you have written). </p><p>Dive into lower level Ethereum libraries a lot - ethjs-utils especially. </p><p>You have to understand what is going on and WHY youre doing it. This context is tough to get across and the libraries here are just not as well advertised, which is a pity. </p><p>Its a maturity thing: early on youre just trying to attract people and get them to get their hands dirty. As the community matures, you need more forward-facing, lower-level libraries that are well documented available is absolutely key. You can only do so much with vanilla web3.. </p><p>One of their new implementations is a new multisig wallet, picking up some stuff from ERC 191, added some things to address security concerns. </p><p>None of that stuff is in web3, so using ecsign method from utils in order to avoid going onchain all the time to get info that is available elsewhere. </p><p>More attention around lower level components is useful as we mature. </p><p>Ethereumjs-tx, ethereumjs-wallet, solidity-sha3, to get identical hashes </p><p>Little bit more control to JS devs. </p><p>Web3 1 looks good </p><p>Biggest mistake: made it default installer when web3 v1-beta came out and this is a crucial error!! </p><p>But scrypt is such a heavy package to deal with. We use that for local encryption/decryption now. Can it even be compiled into an Electron app for instance? </p><p>Necessary because everyone running full nodes is never gonna happen.</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': '<p>Just Truffle for tests </p><p>Mocha for unit and functional tests. Use mocha across the whole application base. </p><p>Have run Mythril on some mission critical contracts </p><p>Was a pretty good experience </p><p>Stay away from monolithic code bases, iterate and test as regularly as possible! </p><p>Applies especially to smart contracts </p><p>Use event logging to debug contracts if possible </p><p>Getting invalid opcodes as feedback when your code doesnt run is the single most frustrating thing in the world! </p><p>This has now improved a lot, which is awesome! Not just OOG errors in solidity anymore. </p><p>Finished contracts a few months ago and now dont really want to touch them too much. However, solc moves on a lot and there is a tension there (especially after audits) </p><p>SC dev is much more like traditional application dev, not web dev. Updates are months apart and very purposeful, bundle a bunch of things etc. </p><p>We like solidity, and most problems are related to VM not being as capable as people currently want. </p><p>Theres a language called Jelly with very purposeful functions that are then linked together to create compound functions. </p><p>Someone wanted trailing and leading 0s from contracts return data - seemed very easy to do in Jelly. Specifically, bytes are so valuable on the blockchain and we use more bytes than we need to. </p><p>Room for optimisation with bytecode there.</p>',
'What tools dont exist at the moment?': '<p>The community is doing a good job and a lot of the stuff we need is already being worked on by someone. </p><p>ETHDenver and the gas visualisation tool that came out of that. </p><p>Became apparent that there are places where you see red and you cant change that and these sorts of insights are useful - do I really, really need to put this piece of data on chain etc. </p><p>More visual tools that you could wrap around smart contract code (that doesnt get compiled). </p><p>Has there been any thought around wrapper code for SCs for developer-specific tools or libraries that give you the visuals you need to understand more of what is going in. </p><p>Having a logger that works well and you get outputs similar to solidity-coverage and doesnt only point out errors, but also information - showing scope and which state variable it has access to etc. </p><p>Think about in context of Parity issues we had: the fact they tried to structure a lib as a contract could have been picked up by something like this. </p><p>Or, in Ownable contracts, specifically printing out a report that says “The owner of this contract is the only one who can access this specific state, as opposed to other users” etc. Point out how to establish an owner (if not already set in initialisation function).</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Having a sequential getting started stuff on ethereum.org is totally, absolutely necessary. </p><p>List of tools and resources and even an appendix-like structure of what things like Distributed Applications even mean. </p><p>Defining use cases for those dont wanna be in blockchain is still really hard today. </p><p>Solidity readthedocs is very good though. Web3 v1 is much better documented too. </p><p>There is a disconnect between web3 v1 and latest geth: the way we were fetching tx receipts were not syncing correctly </p><p>v1 websockets are still kinda screwy and not handled as well as they need to be. </p><p>Ended up putting the service using the node in the same container and just ipc </p><p>Resources themselves, you really need to dig for. </p><p>Geth has resources that are very outdated and fragmented - please can we fix this! </p><p>Not having definitive resources and docs is a big problem in general. </p><p>Search github and Reddit to find random answers that I need.</p>',
'What are you most excited about in the short term?': '<p>Proof of Stake overlays will be really interesting! Bring on the FFG!! </p><p>Getting WASM out there will be really important (and finding a use case ;) )</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'57': {
'Name': 'Harry Denley',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Building a platform / website to educate people on how to stay safe. MyCrypto has some stuff. </p><p>I have a Twitter poll that described this idea. </p><p>Create a bounty around this.</p>',
'Who are you and what are you working on?': '<p>EAL: Ethereum Address Lookup to prevent phishing. </p><p>Back in June: chrome extension as a mini block explorer. Hover over any address, shows how many transactions it has etc. </p><p>Couple weeks later, dedicated himself to finding phishing sites and black-listing them with Metamask and his chrome extension. </p><p>Recently added service every midnight to do data gathering on each domain. </p><p>There is a group working on anti-phishing. We share information and data through an established channel. </p><p>We now have a bot to run ops on domains (whois data gathering, DNS records, SSL dumps, Shodan data on the server) </p><p>We have also deployed an archive bot on Twitter @EthereumBadList </p><p>My main effort: to protect users. </p><p>In the start of 2017, I got into Ethereum development. </p><p>Met team at Myetherwallet (now MyCrypto). Introduced me to other people like Griff.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>People too focused on making money and not trying to evolve the society moons and lambos rather than lasting change. </p><p>What Im passionate about right now: helping people who are not technologists to not lose their money. </p><p>Could make it harder for attackers to withdraw. </p><p>Talking to people from Changelly/etc re blacklisting addresses on exchanges.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>I have mostly used Web3.js. It has a great wiki. I havent had any real issues. </p><p>Then, I went to meetups where I heard of Truffle and Solidity. </p><p>Documentation on setting up Testrpc and writing Solidity was not that great. Had trouble with Truffle documentation. </p><p>Some dependencies for Truffle and the build they were using were missing. </p><p>Integrating Ethereum with browser hasnt been too troubling. </p><p>I look at Etherscan comments + MyCrypto support tickets comments. </p><p>Anti-phishing Etherscan blacklists bad addresses, through their moderation queue and etherscamdb.info reports. </p><p>Most people dont realize a Private Key should stay private </p><p>Airdrop sites require you to put in your private keys. </p><p>How to prevent phishing: </p><p>Metamask added domain blacklisting + my extension. </p><p>I plan to do analysis using PrestoDB, finding common outputs across Ethereum phishing addresses. E.g. If most addresses go through Shapeshift, then go through Monero, can then contact Shapeshift to add their blacklists. </p><p>Big data requires a beefy server to run it on. </p><p>Open-source for big data analysis of chains for fraud. I talked with Chainalysis (they do Bitcoin analysis) about the idea </p><p>I havent wanted to do this mainly because of cost &amp; security. Im looking into servers which could handle rate-limited requests. </p><p>Could put this towards the anti-phishing group. </p><p>Making the reports public would be simpler and already helpful </p><p>Allows me to run Mysql-style queries. </p><p>Lack of reliable faucet on testnets.</p>',
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Quiknode selling managed Ethereum nodes that are in sync. Bit like Infura. </p><p>Adam or Paxon.</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'58': {
'Name': 'Taylor Monahan',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Money is not their constraining resource. People, hiring, management are constraining. </p><p>Best thing for ecosystem right now is: educational, marketing, videos, tutorials, write-ups, explaining how things work. </p><p>E.g. when your mother hears about an ICO, and they google it, theres good resources available to educate them. </p><p>In the beginning, MEW was a stepping stone for people who already owned cryptocurrencies, before they started using geth or parity or etc. </p><p>Now, this is no longer the case, theres new people who dont know anything about cryptocurrencies at all.. </p><p>Biggest phishing attacks theyre seeing are airdrop sites. “Free money??” Typing your private key is not a good idea. </p><p>How does a project responsible onboard people onto Ethereum? </p><p>How does the experience look as dApps become more of a thing? How do people use this? </p><p>In a dApp, the wallet functionality should be completely abstracted away. The user shouldnt even know that there is a wallet. </p><p>If I had extra money, I would give 100% of it to educational resources, people designing infographics, videos, etc.</p>',
'Who are you and what are you working on?': '<p>Chaos. 2017 in one word. </p><p>Started off as a fun side project cofounder is Kosla they were both working part-time. </p><p>Then it exploded the Ethereum price chart is a perfect representation of MEW growth. Kosla stopped being involved after it got chaotic, because it was no longer just a fun side project. </p><p>Ecosystem started going crazy she started leaning in. </p><p>Team growth hired 2 devs in April/May. Hired Jordan in June. Hired a person / week in the summer. Hiring a ton of support people. Got a director of security. Trying to hire Harry in full-time. Team of ~ 20. </p><p>Growing a remote crypto team. How to incentivize them &amp; keep them happy. Raises dont work in this space.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': null,
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Silos Slack silos arent healthy. </p><p>Mentioned “community of communities” </p><p>Skype “exchange work-group” public infrastructure and the nodes w/ the geth team and the nodes. </p><p>Skype “anti-phishing group” setup on a whim when they saw phishing stuff come about. </p><p>3 days ago Ethereum blue team found MyEtherWallet clone </p><p>Even if shes sleeping people are looking out for the community </p><p>Did team retreat in Columbia / met with design firm in Chicago / they have partners in SF (week / month regularly) </p><p>Harry Denley was the first to respond to Swarm.city multisig hack. </p><p>Was reactionary putting out fires. </p><p>PROBLEMS: Security </p><p>Internal security processes. </p><p>At two people you can trust each other; access is limited. At team of 20 its different; have to revamp internal policies; reminding people of things. </p><p>Found 2 Slack admins not have 2fa on. </p><p>We are bigger target; we get password resets. </p><p>Someone stole her number in October but they were prepared for it. They handled everything really well. </p><p>DNS and internal security on infrastructure. </p><p>Hired ex-director of security for Coinbase &amp; Facebook. Works on board of Hackerrank. </p><p>How we hired: people who use MEW want to keep Ethereum &amp; MEW safe. We connected on security. We had a call that afternoon. </p><p>He does amazing security incident response &amp; red-teaming. </p><p>FEW DIFFERENT SECURITY CONCERNS: </p><p>How we serve their code: a commit is pushed to a specific branch; that is served to github.io; then AWS pulls that code, caches the hell out of it, and that serves MEW.com. </p><p>All keys are rotated, and ssh private keys are kept very secret. </p><p>multi-stage pipeline (Github + AWS); both have multi-factor security, need Ubikey, etc. </p><p>Its kind of a staging pipeline. </p><p>Prevents bad commits or bad UI changes from getting into the website. </p><p>How do you QA things, how do you test things? </p><p>We wait 24 hours from creating a release and getting it on a live domain. </p><p>We have a series of tests check that everything compiled correctly, check that all links have a rel=no-opener on them, .. </p><p>DNS </p><p>After EtherDelta and ClassicEtherWallet. </p><p>We have a custom thing: three services to monitor the site. </p><p>We serve through a CDN </p><p>Diff the code diffs the new website with the previous version of them. </p><p>Gets the hash of the Javascript and CSS with previous versions. </p><p>Blockchain security </p><p>Ensuring the user makes good decisions how do you alert or notify a user when is doing something wrong e.g. notifies you when an Ethereum address is not formatted correctly? </p><p>How do you build this: check the balance? </p><p>Have microservices that have micro-databases of the blockchain. </p><p>Caching token balances. </p><p>On MEW: pulls everything from Parity or Geth directly. </p><p>Can run their infra through Cloud Formation </p><p>Geth falls out of sync. </p><p>CryptoKitties destroyed their infrastructure. </p><p>Intel chip thing then took them 120% CPU usage, took them offline. </p><p>Fixes for Spectre and Meltdown. </p><p>PROBLEM: phishing &amp; supporting after the fact. </p><p>PROBLEM: infrastructure: </p><p>Keeping nodes Parity &amp; Geth up all the time. </p><p>Additional issue: Blockchain naturally re-writes itself if youre on a microfork. If youre also distributing this across your own database, then you need to write code to also rewrite this. Etherscan just gave up and booted up from the blockchain from scratch. </p><p>This is what Infura is trying to do. They are in the same situation as MEW and Etherscan. They are under Consensys so have more financial freedom. </p><p>Shapeshift sysadmin stole money. If they had the problem, then this is a big problem. </p><p>What is the cost of security in this space? How much a malicious people could stand to gain… </p><p>With a debit card, its not the same there is risk of getting caught, the original person gets the money back etc. </p><p>Traditional security systems wont work for this. </p><p>When I worked at AT&amp;T, I asked people how they trained people to not steal simcard numbers. The real cost is not cost of buying a phone. </p><p>UNEXPECTED PROBLEM: building remote team culture </p><p>I work well remotely; but building culture while remote is really important. </p><p>In-person hangouts all devs will be at EthDenver. </p><p>Make them talk about personal stuff on calls. </p><p>Big question is to: how to make remote team work. </p><p>Danielle leads the dev team. </p><p>Over the summer, they did a hire fast fire fast mentality. Sink or swim type of game. People need to be able to orient themselves. </p><p>People in the beginning need to be able to make sense of the chaos. </p><p>Random people contributing on Slack or Github. </p><p>For support, hire top Reddit commenters. </p><p>Give people 30 days and see how it goes. </p><p>Ethereum Blue: anonymous team, with a token. Promoted themselves as Metamask Blue. Scam. </p><p>Teams that are dealing with public crypto token world: </p><p>Swarmcity. Super resilient team. First fight against Arcadecity. Then theyy got their funds stolen out of their multisig. </p><p>0x. Did an amazing job about education around ICO. Each blog post had a full section on how to protect yourself + custom tools. </p><p>Griff </p><p>Griff + Hudson Jameson from EF are the people to call. They know everyone and who to get involved. Like a connective tissue. Response to Parity hack. </p><p>Griff had learned a lot from the DAO hack. </p><p>Hudson was at Cornell with entire EF security just happened to all be in the same room.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'59': {
'Name': 'Nate Murray',
'How do you handle smart contract verification and security?': '<p>Wish i knew better how to do audits. Would love to know list of auditors. However, even if I could get in touch with auditors it sounds expensive. </p><p>Use solc linter when developing.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>I started by creating my own token using the tutorial on Ethereum.org. </p><p>I also did some of the other tutorials on the Ethereum.org page. </p><p>Rich user-facing Dapps using a modern JS web tech stack. </p><p>Solidity for writing smart contracts and web3 for the connection to the blockchain. </p><p>Next thing I\'m working on: solidity, truffle, javascript, ipfs.</p>',
'What are the tools/libraries/frameworks you use?': '<p>I use python for numeric analytics (not really around dapps). </p><p>For desktop apps I\'ll use Electron. </p><p>For contract development I use solidity, and web3.js for a connection to the blockchain. </p><p>Zeppelin\'s libraries for solidity. </p><p>0x has excellent repo for js.</p>',
'What are your biggest frustrations?': '<p>Everything seems super easy getting started, especially once you understand how the blockchain works. </p><p>Then you learn about security vulnerabilities like re-entrancy, other well known hacks, etc. Developers don\'t think about that when doing web dev. </p><p>Newline\'s third class is \'Hack smart contracts\', and it covers DAO hack. The goal is to teach folks about security.</p>',
'How do you handle testing?': '<p>At first, getting contract working use Remix or testing framework built into truffle. </p><p>I don\'t use Ganache. </p><p>I really like connecting my contracts a real instance, and I like using console to connect to node. </p><p>I do it in layers. First start developing against testrpc because its faster. Then use geth.</p>',
'What tools dont exist at the moment?': '<p>Logging within solidity is hard, you can emit an event. </p><p>Tools around gas are hard, its so opaque. </p><p>Remix and gas is maddening, different gas limits, might have contract call that works in one env that doesn\'t work in another. </p><p>Formal verification; we need something better than solidity. Bamboo seems cool. </p><p>interested in the successor to serpent - vyper.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Tutorials are out of date. </p><p>API totally changed in web3 beta. </p><p>Understanding the Ethereum blockchain &amp; program execution model. </p><p>What it means to \'call\' and get (for free) or \'send\' and updating the blockchain for a fee. What it means for you transaction to be mined. This is covered in newline. </p><p>If high performance computing today is extremely parallel, then blockchain computing is embarrassingly serial.</p>',
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Interesting smart contract platforms coming out. </p><p>LISK dapps in eos web assembly.</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'60': {
'Name': 'Benjamin Bollen &amp; Paruyr Gevorgyan',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>We are building a developer kit that builds a bridge from Web2 to Web3, nice interface so that people dont need to have understand blockchain to use it.. Need to get users on the technology. </p><p>We have to be very pragmatic. 3 core regions to be make technology accessible by millions: </p><p>Management for users and development </p><p>Define a token for an application, how would you use it for your company? </p><p>Being pragmatic about scaling, a Layer 2 Solution. Not really sidechains, all value is only defined as value of ERC20. </p><p>Circumvent boundary of the bridge with a business solution. </p><p>We put quite a lot of effort into this, they had 2 main concerns. Auxiliary systems, have to be natively compatible with many chains. And want to be token compatible first as opposed to be block first. </p><p>Had a bad experience with Ethereum Permission Client, had some incompatibilities on ABI level so had to do their own tooling.</p>',
'What are the tools/libraries/frameworks you use?': '<p>From an IDE perspective: Tried to use Remix, but not so easy to set up locally. No finalized IDE. Its powerful but not easy to set up, very complicated to set up and not so stable. </p><p>Web3.js Intense users, but dont like how they handle callbacks. New documentation is not yet complete. Want more examples on web3.js. Better documentation. </p><p>OpenOSTBase- a bunch of wrappers around the websockets around web3, make these more reliable and redundant. In production, things tend to break but this helps with that. Happy to contribute back :) </p><p>Web3.js is a first level API. First layer access to the technology, but want to have a more user friendly second layer that caters to the community needs. More user friendly, without having to do the same thing several times. We want a second level API, a helper or utility level API. </p><p>What tools dont exist at the moment? </p><p>Havent super explored Ganache but is interested in more things done via command line. Any type of automation that can be done from the command line is cool and greatly helps with efficiency. </p><p>Biggest thing we are missing is an IDE suited for the ecosystem. Something that could do a gas function on Remix done on runtime, you could see security things happening on runtime. Integrating Remix with a different IDE, its currently statically bound. </p><p>Clear explanation in Documentation. </p><p>General level: a big proponent of multiple chain universes. In OST users only really interact with Ethereum mainnet, only have tooling directed towards one chain. </p><p>Solidity perspective, have a diagram based solution to see all the connections. Solidity codebase diagram module would be very compelling. </p><p>How do you handle smart contract verification and security? </p><p>Guiding principles: observe standards and dont invent funny ways of doing things. Trying to reduce code to smaller components and go from there. Had 3 security auditors. Cure53 reviewed contracts and all traditional architecture. Zeppelin did audit for smart contracts. </p><p>Now working on the hardcore protocol. TrailOfBits builds a lot of interesting tools examining the bytecode. This is not an easy task. Trying to take very small steps one at a time and then go from there is the philosophy. </p><p>They are excited about ewasm. They respect work done with Solidity, but bytecode is the biggest thing. They have compiled with same Solidity on Mac and Linux for same thing and got different bytecode, this is a big concern. </p><p>Compiler, assembly tools, and debug tools are all major points of interest. Could be interesting if Solidity compiles to wasm, then you have portability. </p><p>What was the hardest part about learning to develop with Ethereum? </p><p>To set up the first private network was somewhat difficult. Didnt use Truffle, just Geth. Geth is very powerful but is missing good documentation and had to Google. </p><p>Solidity is good but needs better docs and better exampling. Very happy with CryptoZombies tutorials, want to see more things like this to help intro new users into the space. </p><p>Hardest thing when you deploy something is deploying a smart contract that intends to have value but not having a way to walk it back. In the last weeks running up until their deployment, did 8 dry tests with a self-destruct button. Ran this 8 times on Ropstein testnest, and then mainnet. Very interested in smart tooling to help in this process! </p><p>More tooling for testing of deployment. Testing where deployment happened properly to avoid situations like Parity Wallet. Had Monex with EthPM like tool. Scripting the deployment. Testing the deployment, could be a part of an automation toolset. Like fastlane for ios and android deployment. </p><p>What are you most excited about in the short term? </p><p>Getting OST to version 1.0 :) But beyond that most excited about ewasm. Also excited about Whisper and Swarm.</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': '<p>Using Truffle. Have a setup where for local dev purposes are tested on one chain. At a later layer they are tested on a testnet. </p><p>One cool thing we would be interested in: very close adaption between local environment and staging. Having a seamless way of transitioning from local to go to staging on Ropstein/other testnet, flip a an environment variable and go from local to staging.</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'61': {
'Name': 'Fredrik Harrysson',
'How do you handle smart contract verification and security?': '<p>Internal audits. </p><p>We are introducing a checklist system for deployments. </p><p>Pre-, during, and post-deployment </p><p>Doing external audits on everything now. Even auditing Rust code right now. </p><p>External audits are great, but the average developer cannot afford that </p><p>***Teams have grown super fast without having time to document company knowledge so that all engineers know it*** (documentation includes process as well as code)</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Been a core dev on Parity for a few months. </p><p>Making the Ethereum client itself nice to use by developers. </p><p>Also building a solidity parser and linter </p><p>Building some JS libraries for developers to actually write dapps </p><p>Talk about the enterprise company dapp -- how did we scope, what tools, etc </p><p>All at a proof-of-concept stage. Probably 10 years before they can actually make it work in their business. </p><p>I set up the docker containers for the nodes, did the documentation, and built the React App</p>',
'What are the tools/libraries/frameworks you use?': '<p>Everything, even in dev environment is containerized </p><p>IPFS, React, Parity, ParityJS </p><p>Have some internal tools that generate javascript ABIs from the smart contract spec </p><p>Have an internal CLI for deployment </p><p>Deploys the contracts and then initializes some values </p><p>If you change your contract in development, re-running this tool takes a super long time, which is frustrating </p><p>If not already mentioned, are there any libraries you rely on regularly? </p><p>Main library they use for all dapp development is ParityJS, and their new library called Bonds/007 (React integrations) </p><p>Parity Ethereum node has pub/sub now</p>',
'What are your biggest frustrations?': '<p>Lack of documentation is a big thing. The deploy/test/repeat cycle is unclear and kind of annoying. Its a problem of the whole stack, not just certain libraries. </p><p>E.g. On top you have the React app, with hot reloading. Super easy. </p><p>One level below you have the middleware library. Auto-generated from the ABI, and theres some other knowledge you need. E.g. Someone clicks and approve button, which changes a contract variable and updates the UI for the owner. The business logic is both in the contract and in the JS middleware, which is hard to deal with. </p><p>Layer below that is Node. </p><p>IPFS client server, so the client can upload a file. </p><p>Hash is stored on chain. </p><p>File is stored on IPFS. </p><p>Layer below that is the contract. Any changes in the contract bubble up, need to recompile the ABI, need to recompile the middleware from the ABI, need to recompile the React app because the underlying dependencies have changed. </p><p>Something that changes the level of abstraction for managing files would be great.</p>',
'How do you handle testing?': '<p>Use truffle internally for testing some contracts </p><p>Also write own own testing tools using Rust because we dont like javascript</p>',
'What tools dont exist at the moment?': '<p>Setting initial values after deploying a contract is important </p><p>Being able to roll back transactions would be really nice for dapps</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>How do you codify the differences between a traditional app and a blockchain app. E.g. Waiting for transaction confirmations. How do you codify it to make a good UX?</p>'
},
'62': {
'Name': 'Nicolay Wolf',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Research for cost of running WASM on different architectures and machines. </p><p>Scientific proofs on how this correlation works. </p><p>Or also computational analysis? </p><p>This will be used to assign costs to Opcodes, and also know exactly why. </p><p>Parity is using eWASMs results for this currently.</p>',
'Who are you and what are you working on?': '<p>Not developing lots of dApps. </p><p>Foundational work for WASM: </p><p>WASM interpreter </p><p>Runtime environment which allows to run wasm within any network. </p><p>Forking Kovan allowing wasm contracts to run </p><p>Running wasm on private chains </p><p>WASM interpreter: </p><p>Main problem: </p><p>Making the Rust interpreter deterministic. </p><p>WASM is not strictly deterministic need to narrow down to deterministic opcodes. </p><p>Need to ban several opcodes, e.g. floating points. Simple solution: just parse WASM and fail if theres any floating point opcodes. </p><p>Other option: to canonicalize the NaN constant you need to bring all these flags under one definition. </p><p>One idea: you could check after each floating point opcode to see if its NaN and use canonical. </p><p>BUT this is not worth the effort, because no blockchains apps will have floating point anyway. </p><p>Other sources of determinism: deterministic stack for execution </p><p>WASM doesnt enforce size of the stack </p><p>When you get to JIT compilation of WASM, this compiles into using a register-machine specific to the hardware architecture; this process is actually deterministic. </p><p>But its non-deterministic when you go to run it. </p><p>E.g. when a function uses a lot of stack e.g. a recursive function that calls itself and itself it can fail when it hits the stack limit of the operating system. </p><p>This can fail at different times for different machines. So, its non-deterministic. </p><p>Were transforming existing WASM into this modified WASM that takes care of these issues. </p><p>Any WASM implementation that takes untrusted code from the network needs to have this stuff done. </p><p>eWASM collaboration will be helpful </p><p>Mozilla has a Rust-WebAssembly group. </p><p>Gas metering not challenging but needs to be done </p><p>We have tools which transform WASM from free-form to gas-metered form. </p><p>Includes how much opcodes cost. </p><p>eWASM has this also were taking a more scientific approach to this. </p><p>Parity simply uses the eWASM table. </p><p>Dont need to be super precise, just need to protect against malicious users. </p><p>Memory also costs gas. </p><p>Simple way is to charge for memory linearly. </p><p>The original idea is to charge for extra memory quadratically more given how much memory was allocated before but you dont need to do this anymore, because theres new ways to allocate memory. </p><p>Gas costs are embedded into the bytecode. </p><p>Proving the correctness of implementation </p><p>Fuzz testing against various interpreters spec implementation; </p><p>Fuzz test: allow the interpreter to run code; it should fail or do the same thing at exactly the same spots as other interpreters or existing codebases. </p><p>The interpreter should not panic in any case otherwise, malicious actor could crash certain nodes </p><p>They use cargo-fuzz for rust </p><p>There are also fuzzing tools for WebAssembly: which can generate randomized wasm modules can take this; put it into your implementation and the reference implementation; and see that they do the same thing.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': null,
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>What is the difference between eWASM and parity-wasm? </p><p>Parity works closely with WASM </p><p>Parity uses the same endianness as EVM. But eWASM uses little-endian / WASM uses little-endian. </p><p>How does eWASM callcode, because it depends on hardware architecture? </p><p>Parity forbids some useless constructions, e.g. “internal memory” </p><p>Any WASM module can include private memory; according to wasm-spec its not accessible at runtime; Parity forbids this. </p><p>Projects working on WASM: </p><p>Parity, eWASM, Dfinity, Bitfury </p><p>Bitfury has Exonum solution for enterprise blockchains with WASM runtime. </p><p>Higher-level languages: Rust or anything else that compiles into WASM. </p><p>Theyll move away from Solidity. good to have for backward compatibility (so someone making solidity-wasm compiler would be good) but not necessary. </p><p>Standardizing WASM implementations: </p><p>Can do renames to match eWASM or something like that. </p><p>Interoperability amongst WASM implementations: </p><p>Will have a simple tool that can compile eWASM to parity-wasm to etc etc. </p><p>WASM vs. EVM: </p><p>WASM doesnt force you to use the 256-bit machine. </p><p>E.g. if your computations fit 32-bit, you dont have to deal with this inefficiency. </p><p>WASM has strong teams behind it. </p><p>Theyve made a bet on WASM; so there will be resources behind it. </p><p>Bugs will get fixed by the wider community. </p><p>WASM can be targeted by mature languages: c++, Rust, Haskell is coming, etc </p><p>Resources: </p><p>Whos working on Parity-wasm: </p><p>Nicolay &amp; Sergey. </p><p>Nicolay is moving to part-time on this stuff since theres lots of other work to do. </p><p>There will be another meeting about Ethereum sharding &amp; wasm. </p><p>Thailand, end of March. </p><p>Our libraries: </p><p>Parity-wasm: serialization &amp; deserialization library for changing / transforming the wasm module. </p><p>Wasmi: the actual wasm interpreter </p><p>https://pepyakin.github.io/wasmi/wasmi/index.html </p><p>https://github.com/pepyakin/wasmi </p><p>Whats left to do with parity-wasm: </p><p>Need good libraries Rust-specific to interact with blockchain storage </p><p>Solidity gives you this out-of-the-box but we need to build it for Rust</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'63': {
'Name': 'Peter Czaban',
'How do you handle smart contract verification and security?': '<p>First contracts were usually for prototypes. </p><p>I would write contract, write tests, then integration tests. </p><p>Then would go through a review process. </p><p>Sometimes would go to an external audit. </p><p>This only happened for a few projects.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>I started out building some trading algorithm. </p><p>During the early foundation days, there were workshops in London, and during one of those workshops I was writing a dapp using Mist. </p><p>Then, later, I deployed a token contract for fun, and then basically started straight away with client development. </p><p>Been working on the core Parity client on the consensus algorithms. Consensus contracts in solidity. Proof of stake.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Truffle, solidity syntax highlighter for VIM, Jupiter notebook for testing stuff </p><p>If not already mentioned, are there any libraries you rely on regularly? </p><p>EtherJS </p><p>In Rust similar libraries like @crypto and @key</p>',
'What are your biggest frustrations?': '<p>Definitely the language and tooling. Testing frameworks. </p><p>Truffle can be weird and does some asynchronous things that cause tests to randomly fail. </p><p>Linking contracts together is still kind of bad. </p><p>Are you running into problems with any of the following: </p><p>Off-chain computation: Yeah, this can be somewhat difficult. I have seen others not being able to use it, so it clearly needs to be easier. </p><p>Could detect patterns in a contract and recommend that something could be done off-chain. </p><p>Sometimes you want to have privacy. Solidity and compiler could figure out for you how to make particular mappings anonymous. </p><p>State Channels: Played around with a simple one but no serious problems or anything.</p>',
'How do you handle testing?': '<p>Mostly truffle for testing. Also have some of my own custom tooling that works on RPC.</p>',
'What tools dont exist at the moment?': '<p>Being able to run things in exactly the same environment as the deployment environment (for me, it was necessary to have a custom client that I ran code against) </p><p>Parity / Truffle sometimes behave in different ways </p><p>Built a custom thing that had partial functionality to give a more consistent testing environment </p><p>Being able to track versioning of contracts from dev to deployment. Requires a lot of back and forth. </p><p>Pain points working with the language. I want a better type system!</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>For building the client, it was high-level architecture, but that was resolved just by having lots of conversations with people. </p><p>Would be useful to have more documentation around here. </p><p>For building with Ethereum, it was Javascript and Truffle, because I already had good understanding of Ethereum at that point.</p>',
'What are you most excited about in the short term?': '<p>From experimental projects, I am interested in prediction markets and how they will work and how good the price discovery is. </p><p>A very good application is something that doesnt require too much throughput. Something around supply chains could be really interesting. Many parties, dont necessarily trust each other.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>Parity guys that work on the UI.</p>'
},
'64': {
'Name': 'Phil Castonguay',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Used to work for 0x, now I work as a SC dev and researcher independently. </p><p>I was the developer relations manager at 0x. </p><p>I am now focussing on state channels, signature-based improvements in general smart contracts, blockchain storage (utilising merkle trees and improving best practices). </p><p>Working with a gaming project that utilises state channels, unrelated to Raiden. </p><p>A lot of things that could be done off-chain by simply using different signatures: for crowdsales instead of using on-chain whitelist, you send a signed message for every participant and then they need to pass that message along with sending their Ether. Used by Polymath to get around the gas costs (could cost up to $15 000 just to whitelist everyone). </p><p>Working with chronologic on Ethereum Alarm Clock and other secondary markets, e.g. conditional execution where I want to make sure if x happens somewhere on chain, then do y. </p><p>Right now smart contracts dont listen to each other and require 3rd parties to watch the chain and inform them.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Using Truffle, Ganache, testrpc </p><p>Most of the tests are not run in parallel, under-utilising my compute resources, cant be adapted easily or extended. </p><p>Remix for quick prototyping </p><p>Actually quite enjoy using the debugger - I find it fairly easy to use. Would be great to play with single function testing locally so that you dont have to run a full suite to test one or two things. </p><p>Typescript (mostly for testing) </p><p>Mostly following 0x standards - transcribing from typescript to js that make it really easy to define statically-typed tests. </p><p>Mocha, chai</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': '<p>I struggle with fuzzing: its very useful for when different people are working on the same standards - so we could easily run fuzzing between entirely different teams and see if the way they implement all the functions behave the same way and make sure the different implementations of the same standard are the same. Better standardisation is key. </p><p>Writes unit tests myself and try for 100% coverage. </p><p>I uses Mythril and am looking forward to formal verification. </p><p>Standards checking!! Here is a standard, put your contract next to it and check that it conforms to the standard implementation and then reuse a lot of the unit tests etc. that come with that standard.</p>',
'What tools dont exist at the moment?': '<p>Nothing exists for state channels regarding how you pass messages and other p2p tools that allow different agents to communicate easily with each other. </p><p>Not easy to document this. </p><p>No easy way to test how peers are interacting with each other and you want to run simulations in state channels. </p><p>Scheduled transactions: we need a queue to avoid race transactions, can help lower gas costs. But we need off-chain system for nodes to communicate in order to implement that. </p><p>Easy to use and easy to test frameworks for this stuff is going to be super important. </p><p>Would be awesome to have some kind of simulation tool for multi-agent networks of this kind (even relevant for whisper and other parts of the Ethereum network, like zeppelin doing token mechanics simulations and analysis, especially around bad agents). More of a research tool than developer specific. </p><p>Simulator for the cross-client, cross-account signature schemes and management - right now the only way to test these schemes are to actually plug in a ledger and then test. Would be great to be able to test this from one place! </p><p>Couldnt make this work in Truffle, passing in byte code and passing. But then, using mycrypto or Remix, it failed because the encoding, libraries and dependencies are different!! </p><p>Very confusing how bytecode arrays are passed in different tools and how you can convert from one type to the other, how we could concatenate a range of arguments in a single contract and then vice versa. Figuring out how that works (argument encoding) is really difficult to get right.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Coming from a non web-dev background and more from data analytics meant that everything related to async was difficult to grasp. Its unintuitive. </p><p>Solidity dev is not particularly difficult, but the best practices are extremely important and it is only really by experience that you learn the best and safest patterns. You need to know most edge cases and most potential attacks before you can write contracts that can actually be used. </p><p>Reading about past exploits really helps. Ethernauts is really great. </p><p>Each opcode and how much gas it costs - there are tables online, but not updated and it takes some time to search properly the Yellow Paper. In fact, anything related to code optimisation could be really cool to see. </p><p>Educational content focussed on code optimisation. Has not seen as much of it as he has of security and both are equally important. I.e. “Try to rewrite this contract in under 5000 gas” kind of thing. Who can achieve this, this and this with the least amount of gas. </p><p>Now implemented: https://g.solidity.cc/</p>',
'What are you most excited about in the short term?': '<p>95% of the projects are not ready for the mainstream. Mass adoption necessarily requires state channels or plasma, or secondary consensus layer like a sidechain - so that is where we really need the most development as soon as possible. </p><p>Loom network etc. is also really exciting. </p><p>Sharding comes later, and is really exciting, but the stuff above needs to happen first.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>Mostly about tools and enhancing developers lives. Finding information and answers is also really important, so ask more about the docs if you can.</p>'
},
'65': {
'Name': 'Federico &amp; Jaynti',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Trying to work on Plasma white paper is unspecified; it is not clear yet. </p><p>Started Dagger project to get events for our UI or backend. </p><p>Use cases: </p><p>If you want to send an email or notification to users. </p><p>If your multisig wallet has incoming or outgoing transaction. </p><p>UI for the front-end; a multisig wallet: sent a tx and see it real-time. Make UI/UX better in Ethereum.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Websocket isnt there. Its not customized. Interface is not that good in geth or parity. </p><p>I used to have my own servers running my own laptop as a node very painful, switched to Infura. </p><p>Crawling Infura. </p><p>Infura is unreliable sometimes they miss the blockhash. </p><p>Why not run my own node? </p><p>Too costly to run Digital Ocean. </p><p>Web3.js nobody can use it well; very flaky. Talked to Fabian about it and offered help. </p><p>People are using, but not contributing. </p><p>UI/UX: </p><p>Everything takes time; 15 seconds; 1 minute for confirmation. People are impatient. </p><p>Wait for notifications using Dagger. </p><p>How to improve: </p><p>PoS will improve this finality. Still too long for users. </p><p>Provide a notification to users; or email if its about security. If youre buying cryptokitties, can send a follow-up email. </p><p>EthAlarm used by Decentraland </p><p>Status building decentralized notification system. </p><p>Fede has been contributing to Solidity compiler itself for over a year now: </p><p>Mostly making the experience of working with Solidity more pleasant. Life is too short. </p><p>Solidity is quite understaffed only two people who are committing, who can merge PRs. </p><p>Fund more developers? </p><p>Ive contributed, but would love to get paid for it[a][b]. </p><p>Not many people have the availability to take part-time or full-time work at EF (Solidity, Truffle, etc etc). But are available for several hours a week to contribute. </p><p>Promote the people contributing -> funding. </p><p>EF has Dev Grants. Mostly geared towards bigger projects. E.g. porting Ethereum to mobile devices and wearables. </p><p>Also Scalability grants. </p><p>Ongoing funding to ongoing contributor would be interesting. </p><p>Better communications -> what different teams are building right now. e.g. with Plasma; theres different people around the world pushing forward different implementations. </p><p>Weekly core developers meeting where one can participate. But how to scale that? Need different structure. Theres multiple different teams. Theres also the Gitter channels. Theres ethereum.research forums; thats helped communications in research and fundamental infra problems. </p><p>Theres an issue of time; the valuable people dont have the time to work on these things. </p><p>Someone watching all sources and compiles them into one place: so more people know what to work on. Proof of Work newsletter (WeekInEthereum?). </p><p>The fragility of Solidity tools lack of proper tooling; e.g. comparing language ecosystem between Java and Solidity: </p><p>Linters, refactoring code, working with modules, ... </p><p>Debugging </p><p>This improved recently: </p><p>Latest truffle version includes an embedded debugger. </p><p>Daphubb working on new EVM with debugger built in. </p><p>Gas issues: we sent multiple wrong calls to wrong deployed functions wasted lot of money </p><p>It doesnt tell you why your gas is so high it doesnt say that you have a weird opcode </p><p>People dont understand what is gasPrice and gasLimit properly. </p><p>Allow people to set one value and set gasPrice and gasLimit interactively in the backend.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>Patricio Paladino from Zeppelin.</p>'
},
'66': {
'Name': 'Alex Leishman',
'How do you handle smart contract verification and security?': '<p>We refer companies to trail of bits/ other. </p><p>Formal verification handled by specialized firms. Important contracts will/should be audited by people.</p>',
'Other bounties?': '<p>Large players funding bug bounties for public smart contracts. </p><p>Multisig is a pain in Ethereum. Multiparty signature with a single key from an account.</p>',
'Who are you and what are you working on?': '<p>I am an engineer on the Polychain team, but come from the Bitcoin world. Used to work at a brokerage. Went back to grad school. Decent amount of experience in Bitcoin and Ethereum stuff over the years. I also have a cryptography background. </p><p>Doing a lot of lightning stuff right now, payment channels. Spending a lot of time investing companies in the space, doing due diligence. </p><p>Been deeper into the bitcoin world, a bit of an outsider in Ethereum. </p><p>I built a blockchain analytics tool called blockseer for bitcoin and Ethereum </p><p>Taught Bitcoin/Ethereum class at Stanford in 2015 </p><p>Am really proud of the exchange and brokerage that I built in Taiwan.</p>',
'What are the tools/libraries/frameworks you use?': '<p>I dont do much eth-dev right now.</p>',
'What are your biggest frustrations?': '<p>Expenses when running contracts</p>',
'How do you handle testing?': '<p>CI pipeline needed. </p><p>Testing and security audits are one and the same since youre deploying it once. </p><p>Few contracts are heavily audited, and ecosystem is built around those smart contracts.</p>',
'What tools dont exist at the moment?': '<p>Native chain improvements </p><p>Casper </p><p>Generalized staking system where you can sell your stake via a new token via smart contracts. Bond for staking. </p><p>Programming tool chains for web assembly. Being able to take advantage of multiple languages like C++ and Rust and have it compiled down to WA. </p><p>LLVM - any LL language could compile to web assembly.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>How to apply Ethereum tech and what makes sense.</p>',
'What are you most excited about in the short term?': '<p>Lightning - cheap, fast micropayments even though its not out of beta. </p><p>Ethereum bindings for lightning network? </p><p>Cross-chain stuff in general.</p>',
'Was anything easier than expected?': '<p>Wallets UX has improved.</p>',
'Who are the other people you think we should talk to?': '<p>Trail of Bits</p>',
'What are the best educational resources?': '<p>Andreas books </p><p>Ethereum wiki on Github</p>',
'Are there any other questions we should be asking?': null
},
'67': {
'Name': 'John Palmer',
'How do you handle smart contract verification and security?': '<p>Linting </p><p>Code review on my own and with other people. Check best practices from Consensys</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Web applications that interact with smart contracts, usually through MetaMask or Infura. </p><p>We built www.hashheroes.com as our first dive into Ethereum. </p><p>We built www.withpragma.com to make Ethereum development easier. </p><p>We built www.onhexel.com to make it easier for anyone to experiment with tokens and try new ideas.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Web3.js </p><p>0x.js </p><p>Truffle </p><p>Testrpc </p><p>Infura </p><p>Remix Solidity </p><p>Etherscan</p>',
'What are your biggest frustrations?': '<p>The smoothest user experience happens with MetaMask, but MetaMask has tons of bugs. Regularly need to disable/re-enable MetaMask. Causes a lot of headaches because there is a lot unexpected behavior.</p>',
'How do you handle testing?': '<p>First of all, I write unit tests in javascript and run those locally. </p><p>Interact with smart contract through remix solidity or Pragma. </p><p>Test my app in my own UI. Check etherscan to make sure that happened.</p>',
'What tools dont exist at the moment?': '<p>Its not possible to bundle two different transactions together and pay with them at the same time with MetaMask. </p><p>I wish errors in contracts were surfaced better. Generally, it is hard to know when things go wrong in contracts[a]. </p><p>Gas limit </p><p>Wish I could do more within the fallback function. I know its limited purposefully, but I would like a secure way to execute code in it.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Biggest pain point was learning Solidity. Not knowing how everything executed. </p><p>Not as easy to write something and test it right away, longer feedback loop. </p><p>Solidity documentation was out of date. </p><p>What would be the hardest part of teaching somebody to build a dapp? </p><p>Explaining the difference between wallets and contracts, and explaining to them the concept of Gas and how that dictates what they can store in their contract. Explaining how computation works on the network.</p>',
'What are you most excited about in the short term?': '<p>Would be really excited to have a mobile metamask. Wallet Connect seems promising on that front. </p><p>Seeing Dapps do live token swaps using 0x (functionally exchanging coins in an application). For example, being able to swap tokens in a game.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>Antonio Juliano </p><p>Nick Johnson</p>'
},
'68': {
'Name': 'Marcus Molchany',
'How do you handle smart contract verification and security?': '<p>Warning messages from Remix or solc. </p><p>Reading through Consensys best practices and making sure I use them in my contracts. </p><p>Asking for code review in subreddits.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Made a few standalone contracts for fun. </p><p>More full-fledged projects are web frontend with blockchain backend. </p><p>Web apps use Metamask to interact with blockchain. Infura as provider if MetaMask not installed. </p><p>We built www.hashheroes.com as our first dive into Ethereum</p>',
'What are the tools/libraries/frameworks you use?': '<p>Ethereum: Remix solidity, testrpc, truffle, web3 JS, Infura, Etherscan </p><p>Web: React / redux, create-react-app</p>',
'What are your biggest frustrations?': '<p>In general project setup for the first time is difficult. </p><p>Didnt know if I needed geth or testrpc. </p><p>Didnt know if I needed to download the entire blockchain. </p><p>Also had problems with the documentation for solidity.</p>',
'How do you handle testing?': '<p>For contracts, I use Remix Solidity with the Javascript VM. For unit tests, I write JS unit tests using truffle. Tried to write unit tests in solidity but it was difficult. Testrpc behaves strangely sometimes. </p><p>When developing a contract, I will write extra events just to make sure the right thing happened, and then will delete the events when contract is in production. </p><p>Automated testing? </p><p>Included above. Automated is unit tests with truffle. Manual is event logging, usually in Remix.</p>',
'What tools dont exist at the moment?': '<p>I really want a richer debugger. The one in remix is too hard to figure out[a].</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Slight paradigm shift about waiting for code to be run while transactions are mined. </p><p>Understanding how state was preserved in a contract. </p><p>Finding good teaching resources on Youtube and elsewhere. </p><p>What would be the hardest part of teaching somebody to build a dapp? </p><p>The paradigm itself. </p><p>The idea that when your code runs, its running when a block is mined. </p><p>Calls to your contract dont execute instantly like in a normal web app. </p><p>Combination of needing to use different test nets while testing.</p>',
'What are you most excited about in the short term?': '<p>More 0x relays!</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>Fabio Berger from the 0x team</p>'
},
'69': {
'Name': 'Piper Merriam',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>The Hive tests </p><p>Framework that black-box tests EVM implementation. </p><p>Has had multiple conversations with cdetrio on Github. </p><p>Bounty: needs clear documentation: “for your EVM to be included in the Hive tests, you need this stuff.” </p><p>Maybe its not super high impact and not crisply defined </p><p>Bounty: need a formal spec for the Json RPC api. </p><p>Have integrations tests in Web 3. Subtle differences across nodes, which make things confusing. </p><p>Somebody needs to shepherd the ERC spec through most of the work is done. Dan Finlay already hammered out most of the work. </p><p>Someone needs to write the schema for all Json RPC endpoints. </p><p>This is super well defined.</p>',
'Who are you and what are you working on?': '<p>Trinity: new Python-based Ethereum node. </p><p>Py-EVM: python implementation of EVM in python. </p><p>Sharding &amp; Casper research team are building on this. </p><p>Web3.py: python equivalent of web3.js </p><p>V4 is coming along nicely and is fairly solid right now. </p><p>Under the above there are a myriad of base libraries that Im the developer i.e. side-effects of the work. </p><p>Package management </p><p>Similar to Populus but actually the underlying core package-management structure. The solution is ready, it just needs to be built. </p><p>It is project that I had to cut off, but wants to pick up again immediately came to mind for bounties.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': null,
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Package management: </p><p>First piece: the spec </p><p>ERC whatever that defines the spec this is v1. </p><p>https://github.com/ethpm/ethpm-spec </p><p>There is very minor adoption of this. </p><p>There is a v2 of this spec couple of tweaks to fix stuff that was wrong in the first one. This is mostly written up, needs PRs to be written and merged. </p><p>Second piece: the implementation. </p><p>There is an early Python implementation </p><p>https://github.com/pipermerriam/py-ethpm </p><p>but you need this in every language. </p><p>Needs various abstractions, for how to get deployed contracts returns language-specific object to you. </p><p>Third piece: a standard an ERC for package registries. </p><p>https://github.com/ethpm/ethpm-spec/issues/75 </p><p>Standard methods for looking up what versions of the package exist, what is the hash / IPFS / HTTP URI. </p><p>Fourth piece: implementation of the registry as a smart contract. </p><p>Theres an already implementation of this in the EthPM github. Needs to be simplified. </p><p>https://github.com/ethpm/escape/blob/master/contracts/PackageIndex.sol </p><p>Having this in Zeppelin or Dapphub. </p><p>The fifth piece: can have tooling + ENS nicencess to automatically deploy to registry for you. </p><p>Web3.js and Web3.py can implement methods to talk to packages can find the packages, pull them, use the right abstractions. </p><p>e.g. you load up the Gnosis package, pull the latest version, pull it out of your web3.py, and query for your contract balance. </p><p>Theoretical API: `web3.packaging.registry(packages.gnosis.eth).loadPackage(gnt>=1.2.3).contracts.gnt` </p><p>You get a really secure way of accessing contracts </p><p>Each company can create their own registry. </p><p>What do you need? </p><p>Two moderately skilled Python devs who know about Ethereum. </p><p>Two can keep each other in check its healthier. </p><p>Could have MVP for this in Web3.py in 2-3 months. For the full thing. Could have an alpha release. </p><p>What does wider adoption look like? </p><p>Every etherscan contract can be wrapped up in a package. </p><p>At this point Etherscan becomes a package registry. </p><p>Verifying package source on Etherscan becomes trivial you upload a package to Etherscan. </p><p>No more need for janky copy-pasting source code. </p><p>Wallet interfaces: </p><p>MyEtherWallet instead of having address or ABI, you can upload the package or let you browse the registry and pick a package to interact with it. </p><p>Mist Ethereum wallet “track this contract” can show you a thing on the top that says youre not using the latest version of this package. You get a security bonus to notice if youre using an old package. </p><p>Development framework use-case for packaging! </p><p>Is the one thats most talked about, but is probably the last one that will happen. It requires complex integration between compiler and on-chain assets that might be stateful. </p><p>The base libraries however are needed as a stepping stone to build these features on top of. </p><p>NOTE: </p><p>Piper can lead defining this as a bounty and setting the milestones. </p><p>$50k/$60k feels like enough to attract attention. Can potentially get ETH foundation to fund part of the bounty. </p><p>Web3.py </p><p>Been using Gitcoin pretty heavily has been highly effective. Any task that they can define well, they can get done through Gitcoin reliably. </p><p>Trinity Python Ethereum node </p><p>Some use-cases will be greatly improved by third-party libraries </p><p>There is a solid abstraction around the database. </p><p>Generating a SQL backed chain db would hugely help research. </p><p>Take an existing chain db and migrate it into a SQL db. Or just sync the chain into SQL. </p><p>Maybe you only move the transaction and block data into the SQL db. </p><p>Another use-case for Trinity: </p><p>Spin it up on Heroku its an ephemeral environment for that to be a viable way to run your own Ethereum node. </p><p>Issue: how long does it take to initialize. In its lightest light-client mode, should be ready in sub-1 minute timeline. </p><p>Trinity and PyEVM have the most resources available out of the things theyre working on.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'70': {
'Name': 'Richard Ma &amp; Don Ho',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>IDEs: </p><p>Remix is probably the best one. No support for quick-fixes (like you have in IDEs). </p><p>Better support for projects. </p><p>Manage dependencies. </p><p>Code coverage tools, to see how good your tests are. Integration would be good. </p><p>Existing tool: run this as a separate command &amp; get results in a web ui. </p><p>Solidity-coverage. </p><p>Has some static analysis tools more would be better. </p><p>Notes: </p><p>Web UI is weird. We dont use it, because of lack of project support. </p><p>We use sublime text / IntelliJ. </p><p>Better syntax coloring like Remix would be good. </p><p>Bounty for solidity support in Vim and/or Sublime. </p><p>Debugging </p><p>Half the time is always spent debugging. </p><p>Debugging with truffle &amp; node-js is horrible. </p><p>Have to debug the JS and contract parts separately. </p><p>Different environments. </p><p>We do iterative development; somewhat test-driven; Were aiming for very good coverage. </p><p>What Im envisioning: putting a breakpoint into the smart contract or Javascript. Ideally, one breakpoint can step through all code. </p><p>Testrpc </p><p>Usable blockchain explorer for testrpc to explore local data. </p><p>Would be great for learning as well. </p><p>Streamlining code export for Etherscan verification during contract deployment </p><p>Typically, you have to flatten all your imported contracts, its a pain in the ass. </p><p>Would be good to have a place to do this. Assures that the version is consistent. </p><p>Sometimes you need update your contract </p><p>Tools to evolve your old contract into your new one. Only deploy the additions. </p><p>We had this issue in their ICO: we wanted to change the end-date for the ICO. </p><p>Theres a valuable data in the old contract. </p><p>Could run into problems with consistency. </p><p>More than “library driven development”, would be good to have tools that generate this for you. </p><p>My vision: refactorings like in Eclipse; pick refactorings (e.g. can split the class, etc). This would tie into the IDE. </p><p>Developer education programs </p><p>Lesson plans. Get each company to do one session </p><p>We went to a meetup for people who like to learn Ethereum. It was way oversubscribed. </p><p>Could be good for recruiting / onboarding. </p><p>Were putting together a “minimum security standard” after interviewing all auditing teams. </p><p>Existing auditing tools for Solidity are poor. </p><p>Read our Solidity analyzer: https://github.com/quantstamp/solidity-analyzer</p>',
'Who are you and what are you working on?': '<p>Focused on the security aspect of Ethereum. 3 main challenges for going mainstream: </p><p>1) security, 2) scalability, 3) usability. </p><p>Too many projects; audit talent is in low supply; </p><p>System to allow anyone to get a high-quality audit for teams. </p><p>Components: </p><p>Payment smart contract: deals w upgrades; governance </p><p>Verification node: software to verify smart contracts </p><p>Software library: formal verification, static analysis checks</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': null,
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Running the client: </p><p>Language support across different clients is problematic. Weve been focused on the software verification libraries for now.</p>',
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>NuCypher. </p><p>Keep network.</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'71': {
'Name': 'Jay Rush',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>The tracing API across the two clients is different and seems ad-hoc. </p><p>A common format for the tracing RPC calls, so tools such as QuickBlocks which rely on the traces would be easier to build. </p><p>I use Parity. I cant switch to Geth because they dont share the same interface for the traces.</p>',
'Who are you and what are you working on?': '<p>QuickBlocks works with the Ethereum blockchain from the data side. How does one get usable, fast data out of the blockchain (as opposed to putting into the blockchain with a smart contract for example). Our work is fully decentralized (gets all of its data directly and only from the node); We take a bottom-up approach. We run for particular accounts or groups of account, not necessarily chain-wide. We retrieve and store only what the end user asks for.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Biggest concern: The idea of decentralization is being lost </p><p>People are developing applications that are highly centralized, because its practical. Many projects promise they will one day decentralize, but Im concerned that this will get increasingly more difficult as the technical debt grows. Many projects are deeply relient on highly centralized infrastructure (Infura, EtherScan). </p><p>Concern: The law of unintended consequences: </p><p>Identification Systems </p><p>Ease of use is very enticing </p><p>Blockchain based identity is easily applicable for government use </p><p>But...what happens when a “bad-actor” government or an oppressive regime requires citizens to all have unforgeable identity. How will innocent people who are legitimately against the regime hide themselves? </p><p>I wrote about this here. </p><p>Reputation Systems </p><p>If we move to a world where everyone has an immutable reputation--by definition half of the population will always have a worse reputation than the other half. Due to the nature of feedback loops, this feels like a bad idea. </p><p>Concern: The data is too difficult to use </p><p>Per Account Lists of Transactions: </p><p>Accounting for both incoming and outgoing external transactions is easy. Just scan to and from fields looking for a given address. </p><p>Accounting for outgoing message calls (Etherscan calls these internal transactions) is also pretty easy. The smart contract itself initiated the message call -- send an event. </p><p>Accounting for incoming internal transactions is very difficult. One must look at every message call generated by the entire system to fully account for all incoming internal transactions (witness air drops). I wrote about this here. </p><p>Bloom filters: </p><p>Every transaction receipt has a logsBloom field. These are rolled up into the block level. Blocks also have a logsBloom field. </p><p>As the number of transactions per block increases (as it has done), the block-level bloom filters are getting more and more saturated. As they become more saturated, they will tend to report more false positives. </p><p>At the receipt level, the logsBloom are probably under-utilized (that is, they could hold more information without a large increase in false positive rate). </p><p>These two factors tend to make the logsBloom field both less effective than it could be and at the same time require more storage than they need to. </p><p>I wrote about this here. </p><p>Furthermore, the bloom filters exclude certain addresses that, if they were included, would allow us to implement an RPC entry point called eth_listAddressesInBlock(bn). This would be a compromise between a full index of addresses per block and re-scanning every trace for addresses if one wanted to build a list of transactions per address (which one would want to do if one wanted to audit a smart contract for example). </p><p>What QuickBlocks does: Do not store either the block level nore the receipt level blooms from the raw data. Instead, at each block, build an enhanced bloom filter which (1) includes every address involved in the block including those used as data for internal transactions (ERC20 transfers and air drops), fill the bloom filters to a predetermined level (configurable, defaults to 200 bits), and when one bloom fills up, create another one at the same block. Result: significantly less storage devoted to blooms, consistent level of false positives resulting in less overall searching, ability to quickly answer is this address used anywhere in this block with perfect fidelity. </p><p>Inefficiencies </p><p>Sept-Oct 2016 DDos transactions make requesting traces astronomically slow. I wrote about this here and here. Suggestion: easier way to identify (and skip over) dDos transactions. </p><p>When you use eth_getTransactionByHash, the RPC does not return the transaction receipt. In order to get the receipt, you must later call eth_getTransactionReceipt. You need the receipt to understand if the transaction was ended in failure. Twice as many calls to RPC than needed. Suggestion: staple the receipt to the transaction with an optional parameter to eth_getTransaction. </p><p>Transaction Error Codes prior to Byzantium Fork: </p><p>After the Byzantium Fork, getting the error status of a transaction is easy. If the status field of the receipt is zero, then the transaction ended in error [There may be some edge cases here, we are reviewing this claim]. </p><p>Prior to Byzantium, one had to search every transaction trace looking for a trace that contains the word error. </p><p>If one is doing historical analysis prior to the Byzantium fork, or trying to gather lists of transactions per account, one has to look at every trace. </p><p>Core developers seem more focused on whats happening at the front of the chain (understandably); rather than getting the data out of the chain. Even though getting the data out is as important. </p><p>Suggestion: It would be useful to include a status field in pre-byzantium receipts at the option of the caller of the RPC. </p><p>The need for ABI definitions </p><p>Get Solidity to make the ABI available, because it makes analysis simpler. </p><p>Get people to understand the importance of providing ABIs.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>QuickBlocks is Ethereum-centric; works on Ethereum derived chains. Not Bitcoin. </p><p>Every 15 seconds, QuickBlocks polls for data from the node, it then </p><p>Optimizes the data for quick, later retrieval </p><p>Optionally, stores the data efficiently </p><p>Next time user asks for a block, retrieval is faster (its a cache). </p><p>How QuickBlocks started: </p><p>I wanted my own transactions for my 40 different Ethereum accounts. </p><p>Accounting for movement of funds between all accounts. </p><p>Initially was pulling data from Etherscan. But why do this through a website? </p><p>Designed to run on a laptop which forces us to stay decentralized </p><p>Applications: </p><p>When you develop smart contracts, you get event data from web3. But this only give you generated events. In-error transactions are not seen because they do not generate events </p><p>Can analyze tokens. </p><p>Can do smart contract monitoring / early warning system </p><p>Should write monitoring code which watches blockchain if it notices something weird, your contract can react. If the DAO had had events in it. </p><p>Was involved in the DAO. Stunning how little information was available. It took many hours for anyone to notice the hack because no-one was actively watching </p><p>I did some analysis of DAO hack. The actual hack is very obvious in the data on the very first block. </p><p>Would appreciate intros and connections to other projects. </p><p>The code is ready to go. Will be fully open sourced and properly licensed soon. </p><p>QuickBlocks won 2nd place at NYC Consensus 2017 hackathon. </p><p>Thomas Rush founded the Philadelphia Ethereum group. </p><p>We welcome speakers from around the world -- please contact me if interested </p><p>A bounty I would pay for </p><p>Kumavis was talking about blockchain data on IPFS or Swarm or another content-addressable distributed storages. </p><p>Could build a blockchain that is a chain of IPFS hashes. </p><p>A marketplace of block data could grow. </p><p>Infura could pull the block data from Infura. </p><p>I dont care about the hexadecimal raw blockchain data I only want the transaction data fully-parsed stored on IPFS. </p><p>From an email follow-up (possible bounty I might pay for): </p><p>For a particular range of blocks (preferably in the millions), and using a given list of Ethereum account addresses (one of which will be an ERC20 token, addresses to be specified in the bounty), provide a definitive list of all internal message calls and external transactions along with, at the end of each block, a reconciliation of each address ether balances. Additionally, at the end of each day in the block range, provide a list of token holders along with each token holder\'s token balances. The source of the data must be provided. Using 3rd party websites (such as Etherscan) is permitted, but the source of the data must be disclosed. Preference is data provided directly from a local Ethereum node. </p><p>The given list of address will be interrelated and taken from a prominent ERC20 token system. One of the addresses will be an regular, external account. Another will be an ERC 20 token smart contract. A third will be a multi-sig wallet. The deliverable will be JSON data showing all internal and external transactions for each address. The delivered data must parse the transactions to the smart contracts (that is, the transactions input data field must be converted from the hexadecimal to “the language of the smart contract”. The deliverable will be a collection of JSON files formatted using a jsonlinter with specific settings which would allow for diffing results with other methods. Performance metrics will be provided as well. The results must be made open source so as to provide the smart contract auditing community with a gold standard of community vetted results to be used for testing/verifying new or existing off-chain auditing tools/software.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'72': {
'Name': 'Yann Levreau',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Hard to make links between tools. </p><p>If you want to make a DAPP (truffle and remix, metamask for front-end), how can you aggregate all tools or write documentation? </p><p>Swarm integration for Remix? </p><p>Currently if you “import”, it imports from the Swarm gateway - its a basic integration, and can be improved to be really cool. </p><p>Frustrated developing on Swarm. Building Swarm integration, but not usable in production. </p><p>Was trying to fix a bug in Remix - but related to how they import Swarm file -- had trouble fixing bug because emix used Swarm gateway which was offline. </p><p>Swarm not in production environment yet -- looking forward to this. </p><p>Web3 library </p><p>In Web3 have send transaction method - no wrapper around it or other functions that people can use, and use more safely. Would like to see web3 safe send transaction (locate transaction in EVM to check if transaction passed. If its fine, transaction is sent, and if not there is a warning). </p><p>“Wrapper around Send Transaction Function” </p><p>Possible to develop transaction which fails. If you want to develop a transaction, you first have to send/execute it (but dont want to lose money). Execute transaction locally, wait for trace and then debug it. Think this is what Truffle is using. </p><p>Contracts with specific values: in code, write maximums to revert transactions - can this be added in front-end (ie. limiting contracts values so when transaction is sent there is a check beforehand so you can be sure you dont make mistakes). </p><p>Would require changes in solidity to provide this functionality to web3</p>',
'Who are you and what are you working on?': '<p>Working on dev tools for the Foundation for the last 2 years. </p><p>Working on Remix for the last 1.5 years. </p><p>Working alone for the last bit. </p><p>Over the last 6 months, there are more developers. Team is 4-5 people now. </p><p>Iuri Matias: dev of Embark hes on the Remix team. </p><p>Main scopes of work: </p><p>Improving the UX. </p><p>Theres a Remix chat where some people were saying they were using it to deploy mainnet, and I was shocked, since this was not the intended use-case initially. </p><p>UX for people to use Remix and deploy contracts, and not make mistakes. </p><p>Adding static analysis </p><p>There is a new tab-based layout. </p><p>There are several modules. </p><p>Splitting Remix into different modules </p><p>Can now write contracts, debug, deploy, do static analysis this used to be all in one app. Now its modular, so you can use these pieces in different apps. E.g. can use static analysis in VSCode. </p><p>He was in touch with Roan Blanco, developer of VSCode he started to integrate the debugging part of Remix as a plugin. Might do the same for static analysis. </p><p>Road is adding the static analysis.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Focussed on Remix and improving the UX: </p><p>Remix is an entry point for users </p><p>But its hard to use for beginners. </p><p>Its hard to use if you dont know blockchain or the tech behind it. </p><p>Theres documentation and videos on youtube still hard to use. </p><p>Idea: do UX user interviews </p><p>take a beginner developer or new user, and let them use Remix (or other tools), check out what the main flows are, what are their main questions, </p><p>They have two people who come from front-end dev. When they started 6 months ago, they didnt know blockchains, so their feedback was helpful. </p><p>There are three kinds of blockchain users </p><p>1) front-end dev: wants to use the blockchain to build UI, but doesnt care about contracts. </p><p>2) contract developer </p><p>3) administrator: not writing code, but still needs to call contracts or send transactions to them. </p><p>Remix is not focused on front-end devs right now. Theyre not targeting these people. They target contract developers or admins who “use” contracts. </p><p>Is there a tutorial, or a beginner contract that it initializes: </p><p>Yes. There is a “ballot” contract but its kinda opaque and hard to understand. </p><p>Docs: remix.readthedocs.io </p><p>Has a quick start page. </p><p>Need to improve: onboarding for “administrator” users (above). So they can use Remix without making errors. </p><p>Two bounties </p><p>User testing for various blockchain-user personas (above). </p><p>Making tutorials or videos for beginners using Remix. </p><p>Building the static analysis tab: </p><p>Need to add more modules. </p><p>There will be a way to add plugins in Remix </p><p>Lets say you are an external contributor, youll be able to add code, but the code wont be in the Remix github, but in its repo and its added as a plugin. </p><p>E.g. Solium integration. </p><p>We are architecting the plugin API with the Solium team. </p><p>Another example: Oyente were integrating it as a plugin. </p><p>Potential bounty in the future: </p><p>Writing good documentation around this. Were all super busy devs, and need people to help with documentation. </p><p>Last week someone created an Electron app for Remix self-driven contributor; would be nice if they can post Github issues and have people contribute and get rewarded.</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'73': {
'Name': 'Gustavo Guimarães',
'How do you handle smart contract verification and security?': '<p>Here in Berlin I have worked with solidity,berlin and they are amazing. Do really comprehensive audits. </p><p>Have also used formal verification tools: most often Mythril, sometimes Oyente. </p><p>I am also aware that the invariance checks etc. are also created by humans, so might not be entirely comprehensive. </p><p>3 levels of checks: write code, write tests for the code, pass to another engineer to check, then formal verification tools, lastly do the audit.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Blockchain engineer, working in the space since 2016. Mostly as a freelancer, helping companies solve business problems using blockchains. </p><p>Middle of this year, started Samsara Protocol. Started with idea of selling real estate on chain, and decided to use a raffle based system to do this. </p><p>Abstract idea from property to raffling all kinds of assets. </p><p>Smart contract developer in general.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Use Truffle heavily. </p><p>Still a long way away from good debugging tools. </p><p>Using Remix out of habit, especially to check and step through opcodes. </p><p>Remix to dig deeper into what is going on with my solidity code. Especially the debugger there to dive into the EVM. </p><p>Have got used to the debugger here, but it is still so obscure when something throws an exception and difficult to find out why. </p><p>I have developed some intuition for this, but its really, really difficult for people just beginning. </p><p>No break points! </p><p>Use open zeppelin as reference for smart contracts - have worked on some educational projects with the Zeppelin team. </p><p>No issues with this. Havent looked into zeppelin_os yet. </p><p>But the idea is quite interesting - upgradeability and on chain libraries are cool. </p><p>Truffle-flattener library - make all your modules into one file. Use this to deploy, rather than doing it file by file. </p><p>React for frontend stuff. </p><p>Web3 to hook it all together. </p><p>Websockets (wss) are tough to work with. Having difficulty connecting to them through the infura nodes. </p><p>Overall, really happy with the new version - it solves a lot of problems, particularly around signing transactions safely.</p>',
'What are your biggest frustrations?': '<p>Syncing my node to the chain has become really difficult. I used to do this a lot last year, but now I use Infura because the node is so heavy/hard to maintain and it is just easier to do it this way. </p><p>Not at all good for fast development cycles. </p><p>I have learned to embrace how slow testing can be because everything is async there. </p><p>For the raffle system I need to draw a random number, and right now this is kind of impossible in the EVM. The holy grail would be to produce a really random number at compilation time that cannot be tampered with by miners etc. </p><p>Right now I am just using an oracle to do this.</p>',
'How do you handle testing?': '<p>I test in JS - unit tests mostly. </p><p>On average the ratio is 15:1 testing to smart contract lines of code and this can cause things to be quite slow, but its still good practice and seems necessary for immutable contracts. </p><p>Overall, quite happy with what comes out of the box with Truffle. </p><p>Have only added await async calls to make things easier to read. Have some Mocha extensions added for the same reason. </p><p>Prefer readable code, rather than fast code, especially when it comes to testing.</p>',
'What tools dont exist at the moment?': '<p>Would be nice to have a tool that could get bytecode and re-engineer it into solidity code. </p><p>Sometimes I want to check if a function or some functionality and, if the contract has been deployed but not verified, its not really possible. </p><p>Open source block explorer.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>Really excited about the research around scaling Ethereum. I am myself working on side project to do state channels. </p><p>There was an awesome lecture at EDCON, and was super inspired by David to try it out myself. </p><p>Not necessarily in the next 3 months, but there are so many ideas out there that it is bound to be exciting for anyone getting exposed to it.</p>',
'Was anything easier than expected?': '<p>I was pleasantly surprised the first time I connected to a node using Infura, to the point that I decided then and there to not use my own node.</p>',
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>What I love about Ethereum is that most of the code is out there in th open - so I go and read it. </p><p>I often go to the Aragon repos and check out what they are doing and how they do it. </p><p>Already mentioned the open zeppelin library. </p><p>This is how I learn - just keep up-to-date with the best teams and the latest features the Solidity team is rolling out. </p><p>The solidity readthedocs is pretty good. </p><p>I have written some blog posts myself about how to do things in the Ethereum ecosystem. I sometimes go back to these and they are often very helpful.</p>',
'Are there any other questions we should be asking?': null
},
'74': {
'Name': 'Scott Wright',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Just simple stuff - proofs of concept. </p><p>Working through course material </p><p>Building a token and a very minor escrow app </p><p>Timed auction.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Remix </p><p>Geth obviously </p><p>SolC for compiling </p><p>Yarn is (apparently) standard now for js </p><p>If not already mentioned, are there any libraries you rely on regularly? </p><p>Web3</p>',
'What are your biggest frustrations?': '<p>Hasnt happened across too much yet! Been working in solidity and I find it pretty easy. But how scoping works is confusing. </p><p>There was a situation where I was trying to refer back to something and it was doing something weird and I had to dig and find out that behaviour of memory depends on what SORT of memory its being stored to. </p><p>So, if you get a lot of JS developers, you need to explain how scoping works in JS and how solidity is different in that sense. </p><p>How much of those memory problems are a thing with solidity, or the EVM? </p><p>A linter would be very useful!</p>',
'How do you handle testing?': '<p>Automated testing? </p><p>Theres an IDE that Ive used - Remix. Provides an interaction with Geth, create test accounts, and then I use that UI to launch a test application on testnet, play with it, see if it works… </p><p>I WANT an automated test suite, but nothing out there right now.</p>',
'What tools dont exist at the moment?': '<p>Automated testing - I want a testing suite, a whole tool that is entirely focussed TDD. The work really corresponds to that. Clientless work with many test iterations. </p><p>A lot of uncertainty around how gas works. </p><p>What is it exactly, how does it get used, how do you optimize for it? </p><p>The basic idea is fine, but the details when youre building stuff are very hard to find out </p><p>What are the best design patterns for dealing with it, the strategies? </p><p>Also, you come up against issues when theres a withdrawal attack vector, where you try to send ether to them, and theres some sort of callback function and etc. </p><p>Theres a design pattern that works around that, but my level of knowledge is just that someone TOLD me that, but what other things do I need to be aware of? How can I find out more? These are open questions for me right now. </p><p>Would love a list of things where I can go through check marks and say “OK, Ive followed x and y” and Ive watched out for the following 23 possible issues / attacks.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Would have been that initial setup of the development environment, and beginning to build a mental model of whats going on. Just the setup. </p><p>First thing is a soft thing - understanding the difference between a distributed application vs a centralized server application. Ive taught people some basic blockchain concepts - it doesnt always make sense to people right away. </p><p>The action of calling methods externally on a contract - I kind of understand how that works, and then wait a cycle. Theres a bunch of haziness around how calling methods works though. </p><p>And then the exact amount/ability that a method has to change a contract - how much can it do? What are patterns where I could manipulate and kill the contract? </p><p>Awesome thing - I love working with apps where theres no account or login, it just works.</p>',
'What are you most excited about in the short term?': '<p>Vyper! </p><p>Have big hopes for truffle - has a lot of the build suite things that I need. </p><p>Another thing thats missing right now is a better IDE, solidity based coding environment right there, so my workflow is that in terminal etc.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'75': {
'Name': 'Felix Feng',
'How do you handle smart contract verification and security?': '<p>Contracted security auditing firm before launching to mainnet and did it internally. </p><p>Introduced to firm through investors </p><p>Zeppelin and Consensys security etc. are super backlogged and can be highly expensive. </p><p>Tried automated tests for quantstamp but their compiler solidity version (4.2.3) wasnt supported.</p>',
'Other bounties?': '<p>Debugger </p><p>More free automated formal verification </p><p>List i.e. Aggregated “Awesome Ethereum” for security (blog posts, tools, etc.)</p>',
'Who are you and what are you working on?': '<p>Founder of Set Protocol, wrote all the smart contract code/unit tests </p><p>Aims to build collateralized baskets of tokens. Bundle the world. In a tokenized world where tokens lie behind everything, we need to create abstractions that remove mental overload, improve transaction efficiency, and handle large amounts of tokens in general. </p><p>Just released token sets dapp for bundling/unbundling token sets. First use case- investment vehicle/product. Javascript library similar to 0x for interfacing with their smart contract code.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Internal javascript library in Typescript for UI interfacing with their protocol (bundle/unbundle) </p><p>Uses 0x ABI gen for automatically generating typed objects </p><p>Truffle for testing/ compiling </p><p>TruffleHD wallet provider repo </p><p>Infura for deploying code to Ropsten testnet, hitting services all the time. Easier to deploy to testnet. </p><p>For deploying to mainnet, they use Remix.</p>',
'What are your biggest frustrations?': '<p>Truffle migrate on main net </p><p>Weird configuration where generated code doesnt match source code. </p><p>Returns error on Etherscan that the code doesnt match. </p><p>Has to do with Truffle compiler... </p><p>Therefore I have to concatenate code myself and deploy using remix. </p><p>Revert/invalid opcodes dont tell you much, logging is pretty much ineffective, code must be recompiled every time.</p>',
'How do you handle testing?': '<p>Started with truffle tests </p><p>Then converted tests to typescript for type safety (avoids host of potential errors, useful for building FE library as well) and used 0x ABI gen </p><p>Aim for 100% test coverage (~95%)</p>',
'What tools dont exist at the moment?': '<p>Debugger. Especially as contracts start linking to each other, stack trace gets more important. </p><p>Open source block explorer for any chain. </p><p>Lot more typescript tooling. 0x started the movement and built tooling around it. </p><p>People are building their own deployers/compilers. More standardization need here.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Truffle needs to be easier for beginners. Tough for first-time hackathoners... </p><p>Going into source code. Things are early and not handed to you on a platter.</p>',
'What are you most excited about in the short term?': '<p>Ethereum proof of stake </p><p>0x open source tools. </p><p>Metamask replacement by Toshi- needs to be more tools than just metamask. </p><p>Zeppelin OS. Upgradeable proxy contracts infrastructure. </p><p>Token curated registries, oracle problem, bringing data from off the blockchain to on the blockchain. Token rebalancing from winners to losers could use TCRs.</p>',
'Was anything easier than expected?': '<p>MVP versions of product are easy. Handling all the vulnerabilities/optimizations/edge cases take 90% of the time.</p>',
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Consensys Academy </p><p>Truffle/Solidity documentation and source code. </p><p>Stack overflow</p>',
'Are there any other questions we should be asking?': null
},
'76': {
'Name': 'Simon Jentzsch',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>CTO of SlockIt. </p><p>Daily standups like any other startup, making sure all our tools work correctly </p><p>Part of day consists of update on new tools, libraries and their respective stability. Assessing trade-offs is difficult and time-consuming work. </p><p>Consulting work, experience with real customers </p><p>Connecting IOT devices to the blockchain </p><p>Energy Web foundation, smart meters </p><p>Smart contracts for data incoming from IOT </p><p>Determine what type of hardware they should use </p><p>Building universal sharing network (USN) in-house. </p><p>Connect IOT devices, access control, rental and sharing settings </p><p>Launched MVP on Testnet and inviting beta users. Planning on deploying to Mainnet. </p><p>Public repo containing architecture and contracts </p><p>All smart contracts will be publicly available after security audit </p><p>Use Kovan since its compatible with most clients. Also on Rinkeby. </p><p>Using Parity for tests, but interoperability between clients is lacking badly. </p><p>Gives and recieves audit </p><p>First, internal security audit </p><p>Then, number of experts from different teams.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Start with Truffle - mainly for testing and setting up environment </p><p>Doesnt produce/support typescript </p><p>Extended version we produced and use for </p><p>Typesafe contracts based on solidity contracts </p><p>Throws errors on incorrect smart contract types </p><p>Usually write tests with Travis CI, for all three browsers (GETH, TestRPC, Parity) </p><p>Use Remix for debugging </p><p>Wish we had a more stable and easier to use debugger!! </p><p>Test RPC vs Ganache </p><p>Many tiny differences (output syntax, JSON RPC error messages, etc.) between clients makes testing very hard between clients </p><p>RPC Specs need to be tightened up so that we can communicate with them from whichever framework, write tests easily and actually understand the error messages that come back. </p><p>Not specific enough, too much room for divergence </p><p>Web3 library is trying to limit this</p>',
'What are your biggest frustrations?': '<p>IDE integration </p><p>There are tools and plugins for different IDES. Being able to use Solidity just like any other language would be really nice </p><p>Do just the basic stuff right. </p><p>Checkers/linters exist but theyre all over the place. Integrated into IDE, not via CLI, would be helpful. </p><p>Package manager for existing libraries needed that could manage packages and bundle them in a secure way </p><p>Manage standards better </p><p>Not just syntax highlighting, but code-assist/completion and deep syntactical and structural understanding. </p><p>Web3 Libraries </p><p>Latest updates broke all our tests, so reverted to fixed versions</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': '<p>Scalability is long-hoped for and looked forward to ;) </p><p>Mainnet as main authority,. For different devices, different chains. </p><p>Current work around could be to use bridges (parity) </p><p>Micropayment, multiply party, state channel Solutions like Raiden up and coming, but not ready yet </p><p>Contracts that pay only for your devices from a certain account </p><p>They currently use libraries and packages to avoid security issues</p>',
'Other domain specific questions?': '<p>IOT security challenges? </p><p>Use blockchain to enhance security by using smart contracts for access-control </p><p>Devices are dumb, smart contracts grant access </p><p>Downside if how to get a stable connection which is secure and able to run on low hardware specs </p><p>Clients that are able to run on small IOT devices is a big challenge. </p><p>Were developing light client IOT device, Incubed - not just light client but IoT client for microprocessors etc. Can do verification without even syncing with headers. </p><p>Devices that need to sync just a few times a day, in unstable WIFI env. </p><p>Network of full clients running on servers. Incube randomly choose nodes out of the networks. Send JSON RPC request, answered with signed block hash/header. </p><p>If you send wrong block hash, then they lose their deposit. </p><p>How do you store a private key on IOT device? </p><p>IOT device pvt keys generated from unique aspects of that specific hardware so that each device can easily generate its own key without transporting it anywhere </p><p>Paying for gas from each device is a big challenge. </p><p>Trying to integrate with uPort and others for app key management</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Having people around, trying new things, debugging existing ones. Most important is talking to and working with people who know more than you do - there is no substitute for that it seems.</p>',
'Are there any other questions we should be asking?': null
},
'77': {
'Name': 'Fernando G',
'How do you handle smart contract verification and security?': '<p>I always try to keep myself on top of existing known vulnerabilities and the new ones. I have a repository with proof of concepts of most of them, and I run unit tests demonstrating the bug and the fix, in that way I have a practical view of the known security bugs. Then I try to audit my contracts using the knowledge I acquired and the tools available, mythril formal verification, mythril analysis, manticore, porosity</p>',
'Other bounties?': '<p>I think anything related to ease the whole lifecycle of developing Smart Contracts is a good candidate. A good IDE (or plugins for existing matures IDEs), with integrations to common services and tools like embedded 1 click debugger, 1 click deployment with builtin interaction with on chain contracts would be a game changer. </p><p>And like I said, a good project that can make average users to use Smart Contracts without the need of handling the private key, secure it, go to an exchange and verify their identities to get ether, then use complicated processes to do a simple thing would help a lot to gain adoption, which is very important (even if the network and technology is not completely ready at the moment for that)</p>',
'Who are you and what are you working on?': '<p>I am a developer, working in London for the last 4 years, I love coding in general, but also security. I am joining ConsenSys next week and I am working in several side-personal projects, including the solidity-graph-debugger</p>',
'What are the tools/libraries/frameworks you use?': '<p>Well, it depends, when I build tools related to Ethereum, I tend to use the Java ecosystem (Java8, Maven/Gradle, Spring if it is a web application, etc). </p><p>When I am writing Smart Contracts, I use truffle for building and testing, intellij with Solidity plugin as IDE, Ganache, Mythril for formal verification, etc.</p>',
'What are your biggest frustrations?': '<p>Maybe it is my fault, but I would like to see more tooling around other languages (especially Java, that is the one I am more comfortable with), but I know some people who are working on it at the moment, like Conor and his team from blk.io, they are doing a great Job. </p><p>I am not a huge fan of JavaScript, and most of the modules are more maintained in JS (which does not mean better code!), so sometimes I have to adapt and use them. Anyway that\'s not a huge deal, I am not that extreme and I am fine with using any tool that can help me to achieve whatever I have to do</p>',
'How do you handle testing?': '<p>For unit testing I use truffle, I write JavaScript tests, it works great. I use Mythril if I am auditing my contracts, I identify some really important invariant and I write a little script to formally verify it, and Mythril is great for that. Manticore can also do that, but didn\'t have the time to test their scripting APIs (something I have pending)</p>',
'What tools dont exist at the moment?': '<p>Good question, there is a lot of ecosystem that has to be created. The most obvious thing, would be a graphical debugger that is what I am building, but also dependency management tools, good IDEs (intellij solidity plugin is cool, but like everything right now, it\'s a bit green), better documentation tools, clients for pretty much everything, an easier way to interact with contracts for the average non technical user...</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>Scalability improvements. I want sharding and PoS (if you can call that short term, maybe I am an optimistic person)</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Hmm not sure if you spoke to Bernhard Mueller, seems a pretty interesting person to talk to. </p><p>Security people in general. Also Conor Svensson, interesting to see what he is trying to do regarding with tooling in general and adoption of different ecosystems</p>',
'What are the best educational resources?': '<p>I would say no books, because they get outdated 1 week after the release, read the official documentation and start straight away to test things by themselves. Fight and fight more, then read again the documentation to grasp things that were missed the first time, then keep practising and do that in a loop until things start to make sense. Then I would try something like Cryptozombies, to learn a practical point of view, and solve Capture The Flag challendes, like OpenZeppelin Ethernaut or capturetheether. With those you will learn basic (and complex) security issues which are absolutely essential to be able to deploy anything in the mainnet</p>',
'Are there any other questions we should be asking?': null
},
'78': {
'Name': 'Dandelion',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>SourcCred - bounties and reputation for open source work. </p><p>Earn ethereum cred - reputation in the eth ecosystem for different projects </p><p>Fair distro of tokens based on who developed the project </p><p>Analyse history and collect social feedback to refine the process </p><p>Currently a “regular” web front-end and back-end with plans to move the backend to blockchain in near future after proof-of-concept, doesnt want to host a centralized server </p><p>I am also currently trying to correctly map Github identities to Ethereum addresses. Was thinking about developing an ad hoc key-based style proof, post a specific gist so that you prove you hold the account. </p><p>IPFS &amp; filecoin separate business layer (fs and file retrieval) from incentive layer. Same thing with SourceCred. We want tokens to flow according to a software infrastructure graph. </p><p>Tokens flow according to software dep graph </p><p>Need a fair transparent way for who determines credit for a project. How can we create tools for determining who earns credit in a fair way? Using algo and data collection. Been in Node ecosystem to parse data out of Github. Try to implement Pagerank on files, pull requests, function level, etc. Using TensorFlow for cred. </p><p>Connect GH ids to eth addresses eventually</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Highly adversarial environment makes it hard to feel safe. Wants to develop SourceCred outside of blockchain as much as possible before moving to Ethereum as late as possible. A misstep in the Ethereum ecosystem could have disastrous effects for project. </p><p>It would be really great to see better documentation and more static typing in the ecosystem.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': '<p>At core abstractions layer. If SourceCred depends on Foo library. Every time I mint SouceCred tokens, I want to give SourceGrain token to not only contributors to SourceCred but also the Foo library. But in Blockchain it is very difficult to Iterate over all of the objects.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>CryptoZombies really improved my intuition.</p>',
'Are there any other questions we should be asking?': null
},
'79': {
'Name': 'David Wolever',
'How do you handle smart contract verification and security?': '<p>Front end: nothing really </p><p>Dapp: went through intense reviews. </p><p>3-5 people on a call and would go line by line through the code </p><p>Also hired a couple external audits </p><p>Even after all that, found one bug right before launch (a few days before)</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Been working with Spankchain team. Combination of state channels and smart contracts. </p><p>Also worked on smart contract for ICO auction.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Vim editor, truffle. Metamask. </p><p>Switching over to onenet, using something called Vinos. Under the radar. </p><p>Vinos going to support state channels natively. Will be a little bit less terrible than Metamask. </p><p>Trouble with metamask. </p><p>Interface not well documented. </p><p>Doesnt have promises. </p><p>Had awful error reporting. </p><p>Dont know when someone closes metamask transaction. Had to write logic that says if theyve clicked the button 3 times and we havent heard back, give them a tooltip. No documentation for that kind of thing. </p><p>Vinos will be iframed, not chrome extension.</p>',
'What are your biggest frustrations?': '<p>Gas limit: No problems with this really. </p><p>Metamask was giving absurd gas prices because another service was getting it wrong. </p><p>State Channels: Have had a pretty good experience there. Biggest time sync is blockchain to database synchronization. David wrote something for using state channels with SQL. Insert transactions from a block, insert signed messages, and get balance for account. </p><p>Biggest frustration is getting block messages into the database. </p><p>Wrote a tool called Chainsaw that does this. No mechanism for a reorg.</p>',
'How do you handle testing?': '<p>First, use Truffle for unit testing. </p><p>Series of scripts for blockchain scraping. Call Truffle to send transactions to testrpc. Script connects to testrpc to make sure the state has been correctly changed. </p><p>Manual testing by running multiple test auctions. Just actually going through the process 40 or 50 times over the course of a week. Started on testrpc and then did it on a testnet with more test users. Even tested on the mainnet a few days before the real auction. </p><p>Tests on the mainnet actually revealed new problems that werent revealed on testnet </p><p>Because there were hundreds of logs per block on the mainnet, it was too many </p><p>Had to go through and make performance better on mainnet</p>',
'What tools dont exist at the moment?': '<p>Need a tool like metamask supporting state channels (Vinos will fix this) </p><p>So hard to get insights into whats going on in solidity. </p><p>Debuggers are really hard to use. </p><p>Debugging tests is a matter of just guessing why assertions failed. </p><p>Solidity interpreter would be awesome without having to compile each time, would make development much faster.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>No real breakdown of how everything works together </p><p>Web3 talks to a geth node which has the blockchain state. What does the contract do? How do you deploy it? </p><p>General how stuff works.</p>',
'What are you most excited about in the short term?': '<p>Ours. Spankchain.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>Why are people building dapps instead of just building them with a normal database or something? </p><p>What is your motivation for choosing a blockchain based project, instead of just a Postgres database?</p>'
},
'80': {
'Name': 'James Young',
'How do you handle smart contract verification and security?': '<p>We had multiple audits at multiple periods of time. Had to just to make sure that to have a semblance of security, had a bug bounty. Left a subtle bug to make sure audit was legit.</p>',
'Other bounties?': '<p>Getting mainstream users onboarded. Informed by practical problems, just getting ETH. Cold start problems. Ways of getting around this, using Gas Relay. What would be interesting iswhere dApps, applications have pre-funded. EIP-186 where you can have the dApp pay for gas. </p><p>Its going to delve more into identity based solutions. Thats what really needs to be worked on, that first-time UX down so a mainstream user can use this. We need to figure out the UI/UX. One click Amazon shopping is the standard. We have to solve the problem. </p><p>This breaks down into two things, part of it is a multisig wallet solution. Its very scary and you have 0 Eth and youre interested in Ethereum, dont lose your private key! This is like Internet cash, but Im used to forgetting my password. Fund recovery for a new user. Once you have value, you can learn about private key, about mnemonic. Funding something that makes multisig easy to use. </p><p>The cold start problem, not having them to pay the initial gas costs when they dont have value. If you can solve those two things, mainstream adoption. </p><p>I think having a dedicated layer 2 talks specifically could be interesting. Layer 2 solutions are the solutions that scale. Get more Layer 2 solution widespread. And then a lot more collaboration between projects. Projects that need Layer 2 solutions could invest into a fund that is a common platform so not everyone does their own solution. To keep it very practical, want to incentivize everyone to share the knowledge. Could start a DAO to automate this, could get some funding via token inflation. They are working on this DAO on the side but there is still some aftermath for the DAO,. Providing this structure to have people come together on projects as opposed to one project.</p>',
'Who are you and what are you working on?': '<p>Work primarily with Spankchain, doing state channel research/implementation. Also worked on Adtoken, first production release of TCR. </p><p>I can preface this by saying this was all informed initially by experience with online ads. In online advertising, I had to deal with scalability and scale. Helping run a video advertising exchange on the supply side, on a slow day did 4-5 billion events a day. In online advertising, had to start at scale. </p><p>Before online advertising was in gaming, needed to be 100% in uptime. Game used AWS/EC2 at the time. </p><p>Looked at Ethereum, had scaling problems. Looked at all these initial options early on. In Adtoken, for the TCR did the groundwork for serving ads. Had concept of verifiability. </p><p>Knew about the concept about state channels, was waiting for them. Ethereum community does a great job at being able to explain things and have docs, but lack of production projects. </p><p>Opportunity with Spank chain to hit the ground running and implement into production, learn by doing. Alternative approach with state channels and dove right in. So much invaluable info you learn when you have contact with reality. </p><p>Coming tools for layer 2 tooling. Need to have these standards, but dont quite exist yet. This is all informed by practical implementation. </p><p>Also work on a DAO that helps multiple projects that need state channels.</p>',
'What are the tools/libraries/frameworks you use?': '<p>We use Truffle, and Ganache on the web3 blockchain side of things. On traditional web2, use node, Kubernetes, Docker (traditional scaling pipeline). </p><p>Etherscan to verify transactions </p><p>Its a lot of looking at Github issues. Have to support multisig contracts. </p><p>On the front-end React/Redux. </p><p>Rely heavily on Infura, Metamask. Have their own state channel wallet, users fund SpankWallet with Metamask and then they open these other state channel with card.</p>',
'What are your biggest frustrations?': '<p>When Im doing unit tests in Truffle, not knowing where the revert came from. Have been talking to the Mattis network, they focus on plasma. If the contract throws or reverts, it will tell you the line number. </p><p>Writing the smart contracts is 20% of it, testing is more like 80%. Being able to have better clarity and visibility on the tests would be great. </p><p>My biggest fear or anxiety would be knowing if there are any bugs are in the smart contracts. Trail Of Bits has been working on a Fuzzer, having tools like that is would easy a lot of frustration.</p>',
'How do you handle testing?': '<p>I test and retest. Wrote the auction contract in Spankchain, the only payment channel auction ever. The contract itself was 150-170 lines (including comments). Had to document well and had 3 audits, but tests were over 2200 lines long. </p><p>This became a distraction. Had to create a testing DSL. Had to test for success and for failure. Had to test for strange modifier behavior. Had to lock myself in a room for a few weeks and think of every possible scenario and test for itself.</p>',
'What tools dont exist at the moment?': '<p>I wish and a hope there is bachelors in blockchain. In blockchain, you have to know legal, economics, game theory, some coding, etc. Heres the best curriculum so you can understand for yourself, is this mechanism design good. Some cryptography. Need to be able to give people the fundamentals. Need a broader view, not just technical. </p><p>This is why its so fascinating, you can go down so many rabbitholes. Its intimidating, if you had a set course curriculum with the basics. Here it is, its starting to happen. Cryptoeconomic primitives. Teach people beyond the code. Allow people to draw their own conclusions.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Knowing what Gitter channels, Slack channels, places to go. And Online identities. Knowing who to trust. Being in the Consensys Slack channel, thats so great as theres lots of sharing of knowledge there.</p>',
'What are you most excited about in the short term?': '<p>Actually having micropayments be a thing and scalability be a thing. Everyone talks about Floppening, where Ethereum overcomes Bitcoin. But that floppening fo me is if that txs offchain are more than the onchain transactions. That is what is really exciting. Now we wont have a limit, we busted through that limit. Hope to happen this year.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>I would actually talk to operators that have successful startups. There is interest there. Learning how to run and operate a businesses. This is what is also really needed in the space. There are analogies to the beginnings of the Internet. How DNS became DNS. This would inform, this history you dont really hear about. How did social games become mainstream? Was FB leveraging off of Myspace? What were those key learnings there? Ethereum as a technology, getting a healthy mix of people that have been there and drawing analogies and lessons at a higher level can be extremely useful </p><p>List of successful operators that have done 2-3 exits in companies before. The space can move very fast. Needs to be rounded out by successful operators and implementers. Instead of writing papers, lets implement it. You get the real life pain points. </p><p>State channels dont matter if you are still like, “How do you begin?” Can be more open about failure, be more honest about this. Harder to learn from success than to learn from failure, good to have a safe environment to learn from failure.</p>',
'What are the best educational resources?': '<p>Depending on the background, a lot of it is hard because the docs get stale so quickly. Hard pointing them to the right version of things. When people ask, they just train themselves. They build their own blockchain developers, he teaches Solidity classes. </p><p>Dont point people to any one example, his tactic is to give them a couple of books like Radical Markets and 5,000 Years of Debt. If they are willing to read that he is willing to spend his time with them.</p>',
'Are there any other questions we should be asking?': '<p>Human behavioral things, what holds your feet to the fire? What is that motivates you? What keeps you on track? What are you doing now and how do you hold onto this track? Its sometimes better to have these constraints, so when you dont have these things what makes you sure that youre on the right track? </p><p>See a lot of projects waiting to see, but have to implement. Have to have the real-world conversation instead of academics. Need to get this feedback and keep going. People wanted to play Farmville just because it was up, this is what informs him now. For Spankchain just gotta launch, then you know what you really need to solve. </p><p>So ask why are you doing what you are doing!</p>'
},
'81': {
'Name': 'Doug Hoyte',
'How do you handle smart contract verification and security?': '<p>Trying to keep everything as simple as possible, reduce attack surface, minimise dependencies, the usual. We have a pretty comprehensive test-suite, and perform white-box invariant tests after every interaction.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Doug Hoyte, working on sportcrypt.com, a sports betting exchange. I\'ve also consulted on a few other ethereum projects.</p>',
'What are the tools/libraries/frameworks you use?': '<p>web3.js, ethereumjs-util, solc, testrpc, parity --dev, metamask </p><p>Overall it\'s pretty easy to get started, which is nice. For dislikes see next question.</p>',
'What are your biggest frustrations?': '<p>Docs are usually out-of-date, plain wrong, or both. </p><p>All libraries, docs, interfaces, etc have ossified around the web3 API, which is basically a wrapper around a trusted RPC interface to a node, so it may as well be a client to a centralised system </p><p>Very difficult to provide good UX with ethereum \'nonce\' system: having multiple transactions in flight at once doesn\'t work the way people expect them to (\'nonce\' is a misnomer anyway -- only way to cancel a transaction or resend with a higher gas price is to reuse a nonce, something you should never do with cryptographic nonces) </p><p>Everything is built with polling in mind, even when a push notification system would be superior. Need to poll infura constantly since you can\'t subscribe to events. Inefficient (wasted bandwidth/CPU) and bad UI (users aren\'t notified as soon as possible when something happens) </p><p>Off-chain signature APIs are inconsistent across implementations, in multiple different ways </p><p>When signing data in metamask, users see a bunch of gibberish unicode characters. Proposed solution was to make a \'good enough\' schema instead of, for example, re-using the solidity ABI </p><p>Things not directly related to consensus don\'t seem to be well designed: The \'sandwich\' model of complexity (where you assume someone else will come and do the hard-work of integration so you don\'t have to) hasn\'t worked great so far </p><p>Metamask silently pushes down updates to users without their consent, occasionally breaking things (and of course they could steal all your eth if they ever wanted to). They also have a built-in censorship infrastructure now (supposedly only to use against phishing sites, but potential is there for anything) </p><p>Testnets like rinkeby make you sign up with your facebook account or something to get coins </p><p> Solidity compiler misses some trivial optimisations, has odd limitations like max number of local variables, and handles memory vs. storage qualification in subtle ways</p>',
'How do you handle testing?': '<p>Custom test harness, could never figure out how to get truffle to do what I needed</p>',
'What tools dont exist at the moment?': '<p>Hmmm, a good light client implementation so everyone doesn\'t centralise around infura/etherscan, although that ship has probably already sailed</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Working around web3/metamask bugs</p>',
'What are you most excited about in the short term?': '<p>Building out our product, watching adoption grow. In terms of ethereum itself I think there is a lot of legacy stuff and bureaucracy that will impede improvement, so I\'m not holding out much hope there. Time will tell of course.</p>',
'Was anything easier than expected?': '<p>Solidity is supposed to be completely awful so it came as a surprise to me that it was actually fairly reasonable</p>',
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Not sure. Solidity docs are OK if you are technical</p>',
'Are there any other questions we should be asking?': null
},
'82': {
'Name': 'Ricardo Guillerme Schmidt',
'How do you handle smart contract verification and security?': '<p>No major process. “This function should do one thing. Only that. If it can be used to do anything else, thats a problem.” </p><p>I saw that the Parity library didnt have the owner set. But I think other developers should write the code so that this is impossible.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Development of smart contracts for Status. </p><p>Can also do some web3 integration with javascript, but I have not really dug deeply into that. </p><p>I want to work on DAOs that have delegation proxies so that you can trust an expert to vote for you. </p><p>Oraclize but too expensive. </p><p>TrueBit but not available. </p><p>Zokrates or some other solution also a possibility.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Microsoft VS code, Git, Remix for manual tests, Truffle, Parity.chain for testing, Mist &amp; Parity on Ropsten for development </p><p>I gave up on Ganache - too much variability between that and live environments. </p><p>If not already mentioned, are there any libraries you rely on regularly? </p><p>Not really, mostly backend.</p>',
'What are your biggest frustrations?': '<p>Being unable to returns strings nicely. Regularly blocks me. </p><p>My project GitPivot connects git to the blockchain and generates tokens for commits. Needs to store git usernames, but cant. So instead has to store a hash. </p><p>But that means he has to ask the user for their username each time so he can check the hash, which is a bad user experience. </p><p>Scaling!! Scaling is actually the biggest problem. If Ethereum nodes cant handle the state it will all become useless. </p><p>Are you running into problems with any of the following: </p><p>Gas limit: </p><p>Yes. Not for deploying, but when users are adding to big arrays it can get complicated. </p><p>Off-chain computation </p><p>Yes, same problem with arrays, with on-chain computation. Sokrates? Not sure if zkSnarks will be able to solve this. </p><p>State Channels </p><p>Havent used them before.</p>',
'How do you handle testing?': '<p>Automated testing? </p><p>First develop the smart contract. </p><p>Manual test with Remix is the first step. </p><p>Ethercamp IDE was really good, but now its too old. </p><p>The new tool for Eclipse might be good but its only on Windows. </p><p>When it looks like its working, write some truffle javascript unit tests. </p><p>Usually spotting bugs happens in manual tests and truffle unit tests are just for making sure its good. </p><p>Remix debugger is very useful, but its missing some features.</p>',
'What tools dont exist at the moment?': '<p>Would be very good if VScode had the same thing that remix had - i.e. an actually Integrated IDE. </p><p>Would use only remix, but its horrible to use with multiple folders and things like that. Remix is only good at small projects but wants it for big projects. Connecting with RemixD can often mess up all your files. </p><p>Solidity cant return arrays or variable length values. Knows there is some solution with assembly but its too ugly.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Not sure, not actually difficult. If you understand decentralization, its easy. If you dont, then theres no reason to try it. </p><p>Immutability makes you more cautious when going to production. </p><p>What would be the hardest part of teaching somebody to build a dapp? </p><p>Depends on the user. If the user is good in JS, it would be understand the fundamentals of the smart contracts. </p><p>Explaining fees &amp; immutability. </p><p>Biggest problem is they dont see the whole picture, just get 1 part of blockchain technology.</p>',
'What are you most excited about in the short term?': '<p>Excited about Golem. I really want to use it because I have a powerful GPU at home that is not mining. I want to do something useful, not just use my GPU for mining. </p><p>Love Ethereum for proof of stake, that was my main interest in it at the beginning.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Jordi Baylina, James from Status, Luis Cuende from Aragon.</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'83': {
'Name': 'Richard Ramos',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Smart contract developer at Status, also working a lot on Embark. </p><p>Background: I came out of TransUnion and the financial industry. </p><p>I write smart contracts mostly related to SNT use cases: Tribute to Talk; smart contracts to control spam; a set of contracts related to identity and recovery and to allow users to register their Status ENS domain.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Embark, obviously! </p><p>Not just a framework for web applications - it lets you create properly decentralised applications. </p><p>You can build an app and then forget about the process of uploading to distributed file stores and setting up a lot of the infrastructure. </p><p>Embark uses web3js-1.0, which is useful because there are a lot improvement encapsulated in that library. I like the style of coding you have to use - promisfying everything, every communication with EVM is done asynchronously. </p><p>VS Code locally and Remix to test contracts. </p><p>Working between them and copy-pasting between can be a real hack though. So, I start on Remix and once I am sure it is working and stable enough, I move it into VS code. </p><p>Sometimes I also use Truffle because I like the debugger they have. </p><p>A lot of tools from the JS ecosystem: node-js, React, webpack.</p>',
'What are your biggest frustrations?': '<p>Working with MetaMask and your local node/test environment is often unstable and connecting it locally can lead to strange issues that are very difficult to debug, as your contracts work fine in tests, but then fail arbitrarily in the browser. </p><p>Not having breakpoints in Solidity is hard. It would be awesome to able to see more clearly the flow of the code and follow things through the stack with some suggestions/explanations. </p><p>Last week, when deploying some contracts through Embark, it just read my contracts as interfaces and so didnt compile them. </p><p>Not an Embark error - it comes from solc, because there was an error about the “stack being too deep” which happens when you have more than 16 local variables (which is not well documented anywhere that I know about). </p><p>The error behaviour in general is weird and difficult to follow. Better documentation around this area in particular is very much needed. </p><p>Seriously though, most of my frustrations are related to debugging.</p>',
'How do you handle testing?': '<p>Mostly through unit testing in Embark. I created a new feature for it (not yet released yet) that lets you create a small scaffold for the unit tests you need for any given contract. </p><p>After executing that functionality I can then populate the code for each individual test, and this saves a lot of time. </p><p>Not really using verification tools right now. </p><p>Handle code coverage with solcoverage.</p>',
'What tools dont exist at the moment?': '<p>If I want to build things that are secure AND cheap to use, this is really difficult because we dont have an existing scaling solution.</p>',
'Other domain specific questions?': '<p>Lets talk about Embark further. What do you see as the most important tools youre building? </p><p>Easy storage/uploading to Swarm and IPFS. Swarm in particular as IPFS support has been there for a long time. </p><p>Swarm has unique support for DApps and we are building some examples that use state channels and other interesting scaling solutions being developed. </p><p>These sort of example projects (well beyond SimpleStorage) allow us to put ourselves in our users shoes and understand what can really be done and where the pain points most often are. </p><p>Embark is planning to integrate the Remix debugger as well. </p><p>Tracking how the value associated with variable changes in the course of running specific transactions etc. is a very important feature for us. </p><p>Embark also has Whisper support, which can still be improved a lot. </p><p>Right now, we try to simplify the experience of using Whisper, but it therefore lacks some flexibility. </p><p>I am not able to specify a private key that links to a public symmetric key. E.g. when working on the gas relay node (a node-js service that subscribes to a whisper symmetric key) and we have to do it manually using the web3js library because the whisper functionality provided by Embark specifies the keys automatically and it is not currently possible to change them. </p><p>What is the gas relay node you mentioned? </p><p>It lets you perform transactions without actually holding Ether. It works by sending a signed message (through Whisper, or p2p, whatever). The signed msg is parsed by nodejs service and it will use the ETH that service has to create that transaction for you and will deduct the amount of required tokens from the account that sent the signed messaged. </p><p>It is ready to be demoed internally, but we need some additional input. </p><p>This solution needs to be included in the app, the desktop app, and perhaps even in the mailserver nodes, so requires a lot of feedback from our different teams.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>Status!!! </p><p>Plasma cash is really interesting and I follow it closely. Omise Go is an impressive team.</p>',
'Was anything easier than expected?': '<p>Learning solidity and writing your fist smart contract is actually very easy. </p><p>Its the edge cases and optimisations that are hard ;) </p><p>There are some good best practices that you can follow pretty easily and all the big hacks have been well documented, so researching why they happened is easy and will teach you a lot about writing better and more secure code.</p>',
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Subreddit for ethdev and stack overflow, as always. </p><p>Cryptozombies is cool. </p><p>I learnt SO MUCh about smart contracts from ethernauts. </p><p>I like reading HackerNoon on Medium - theres some interesting stuff there.</p>',
'Are there any other questions we should be asking?': null
},
'84': {
'Name': 'Bob Summerwill',
'How do you handle smart contract verification and security?': '<p>As good as that gets right now, there are various guides to best practices. Consensys has a really good one. Leaning on Zeppelin, Consensys Diligence, zklabs. Fairly small amount of people that have expertise, real dearth of people. </p><p>Consensys Diligence was super swamped for requests right at the start. Pay someone to stop working on their project.</p>',
'Other bounties?': '<p>Work for GUIs, development tools for GUIs. Can we get to a level where Visual Studio/Visual Studio Code/ Atom? Interactive debuggers is absolutely #1. Single stepping through it. </p><p>On Truffle, you can do with smart contract debugging. Because you dont have external inputs, youre not reading from inputs, no keyboard. The path is completely deterministic. Scrubbing backwards is quite simple, rewind is entirely possible. That kind of tooling could work. </p><p>Back in the day, there was Mix. Was a sort of debugger, but their own IDE really. But how much maintenance was this? But this is where Remix came in. With Truffle its all low-level, command liney stuff. Need to add value for normal developers.</p>',
'Who are you and what are you working on?': '<p>Been involved with the Ethereum community since 2015. Worked for Foundation, and then for Consensys, then at Sweetbridge. Bootstrapping current efforts.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Most of his work has been on the platform work itself or on the community side. Truffle and Remix are the leading things. Embark and Populus, a little bit. Metamask, very important. Mist not so much, it really needs a bullet in the head. Was a good idea 4 years ago. No one wants a desktop browser. </p><p>Mist was meant to have a dapp store and everything, and was meant to configure it. Brave killed it. MyCrypto and Metamask were really underestimated at the start. </p><p>Infura is absolutely essential, thats just fabulous. </p><p>Looking forward to in-browser client. Parity bridge that pushes block data into IPFS, JavaScript for IPFS. In-browser client, lightest of light client. Dont reconstruct the whole thing locally. Primarily Metamask driving this. Ride on top of libp2p instead of devp2p.</p>',
'What are your biggest frustrations?': '<p>Where we are at now is a transition between amateur and pro. Needed for a long time but starting to see now. Weve got so far in research and development stuff and volunteer time. But we really need to get professionals in. Software engineering side, community, and business side. And a million other things. UX is a chasm between where we need for mainstream clients. Unusably terrible for end users! </p><p>Same on the development side. Were not even in 1993 in the web, were in 1986 and a core dump could happen at any time. Swinging samurai swords around, do not give these swords to normal people! </p><p>Even on the developer side, layers and layers of shit. Far get to where we need normal development. As weve seen through hacks and flaws. Cant write backbone of the banking industry. </p><p>Formal verification is not done for normal software. To get to mainstream, we need to be composing pieces more. If youre an iPhone developer, think of all of the tooling you have available. Everyone is building their own bricks still in the space. </p><p>But this has happened before, we want this to be as simple as writing a web app. IDE single stepping. Automated builds and quality checks. We need to be it as simple.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': '<p>Interactive debugging. Truffle and Remix have started to have little bits for that. What you really need is a nice GUI debugger. VSCode or Sublime, you need step-in debugging. Visual Studio would be ideal, step in and step out. </p><p>Profiling, gas counting. Doesnt exist. Anything with performance or gas counting, metrics and analysis stuff. </p><p>On FIFA, what was so incredibly involved was doing instrumented builds and then delta. Seeing memory use go up by this amount, objective before and after measurements. Having this instrumented data to go in. Automated builds is like “Whoa, what the fuck happened to the gas count there?” Some change was made. Costs are a huge consideration for smart contracts. </p><p>Standard libraries and frameworks. Need to not have people writing low level stuff, it should be common and its hard and easy to fuck up. People shouldnt be writing this. The primary innovation for mature languages are the standard libraries, dont write a string class or math class.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Where are the tools? Theres nothing, going back 30 years ago.</p>',
'What are you most excited about in the short term?': '<p>I am excited about preaching about the end of tribalism which seems to be working a bit. Dont have to argue about blokchchain being a thing any more. But how can we ship? But need to get a version where people can build real things. </p><p>Supply and demand are starting to marry up. Central banks have done their proof of concepts, great for stock markets. Getting to answers for scalability, privacy, and useability. Were at the state where we interview people on what do we need? For the last few years, if you solved scaling then maybe wed be interested. We need money! Now we have it. Weve got people pairing this together to get stuff done. </p><p>On the enterprise side, loads of blockchain jobs. If you like the area you can get in and have that stability. Becoming another part of technology. Success is when blockchain becomes boring. Then weve won.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Some universities starting to teach, Consensys Academy, have to cross-train. </p><p>Get involved in a local meet-up, its all about the people. Find people near you that are already involved. Nothing else is mature enough. Hardly any books, just got Mastering Ethereum coming out at some point. This will be legitimately useful at some point. </p><p>IC3 are doing a bunch of stuff. An increasing number of people in the community are starting to do more technical blogs. Demonstrating legitimacy by demonstrating value. </p><p>Ric Burton has been fantastic recently, great blog posts.</p>',
'Are there any other questions we should be asking?': null
},
'85': {
'Name': 'Yaniv Tal and Brandon Ramirez',
'How do you handle smart contract verification and security?': '<p>Instead of statically linking contracts, you find the library that already has what you want and you call functions on this blockchain. This is pragmatic from the gas standpoint but raises security questions on the dependency. </p><p>So far still statically including everything, would like to do more including things dynamically. But not comfortable with existing solutions. </p><p>But stuff we include statically we have to audit ourselves. </p><p>Havent deployed anything on Mainnet for The Graph, but are talking to firms that specialize in auditing. Want to do a full rigorous auditing. </p><p>Do a little bit of social proof, use things widely used by the community. </p><p>For dependencies, still just in development so have been pretty loose with it. Have been using OpenZeppelin, widely used 3rd party libraries.</p>',
'Other bounties?': '<p>We need to ask, what are the barriers to dapps going to mainstream? Scalability, and how to make transactions fast and cheaper. </p><p>Useability around things like wallets, like Metamask, is also a problem. As people have to approve things, its not a good UX. Not designed for microtransactions or to handle cases where a bunch of transactions only go to 5 dollars worth of ETH. This would be tooling. Plugins that would support payment channels (like Next) and state channels with the recent L4 paper. This needs to be integrated into the UI/UX. Set the budget, authenticate in an easy way (finger print), and in a secure way to have it do a payment channel and eventually state channels. </p><p>LastPass or OnePass, weird to me that they havent moved into this space yet. Status could solve this on mobile. 99% of mainstream people wont use Metamask. </p><p>For Open Source Block Explorer, the big problem is around collaboration. Problem is how to solve the problem around the nodes and to incentivize this.</p>',
'Who are you and what are you working on?': '<p>Yaniv and Brandon from The Graph, query protocol for getting data off blockchains and storage networks </p><p>Focused on research and protocol design </p><p>The issue is that Ethereum nodes do not maintain a lot of indexes, if youre using the JSON RPC you cant run queries on smart contract state. A lot of time, people need to transform the data. The way theyre storing data onchain is not how to they want to pull that data out </p><p>The Graph is a Layer 2 protocol that sits on top of Ethereum that builds those indexes that makes all that data available via GraphQL. </p><p>GraphQL has become really popular in the web and mobile community, substantial improvement over REST APIs. Gives you flexibility so you can make changes to UI so you dont have to make changes to the back-end. Having this query language on Ethereum is great. </p><p>GraphQL is a natural fit for blockchain. If you dont have a centralized infrastructure in the mix, GraphQL can make a lot of sense for this.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Been using Truffle for Solidity. Remix on occasion. Etherscan on occasion. Looking at already polished contracts. </p><p>Use Parity and Geth, use Parity a lot as a Rust shop. </p><p>All over the place with IDE, Atom, Visual Studio Code. Atom not good for writing a lot of Solidity code, only one guy is maintaining the linter for Solidity for Atom. </p><p>Havent been doing so much dapp development recently. Are looking into ZeppelinOS contracts, started using Aragon for contract codes. </p><p>Struggled with Aragon at ETHBA hackathon, they made a lot of changes before the Hackathon that threw them off a lot. Overall like APM, spins up IPFS node, like the upgradeability. </p><p>APM (Aragon Package Manager) is not just for Aragon contracts, is statically linked to contracts on the blockchain.</p>',
'What are your biggest frustrations?': '<p>Artificial limitations in Solidity, number of parameters in a function call, or variable length for things that you are returning. In 2018, really? I think this is the Solidity Compiler, dont think this is the limitation in the EVM. The stack limit is the other thing, you cant write good code that is abstracted well, you have to write stuff around the compiler. </p><p>Getting data out of blockchain is hard. Our project is trying to solve this for the community. </p><p>For Ethereum, lots of parts of the engine are getting swapped out. Move to Vyper, will this be the preferred language? Area has a lot of churn. With move to eWasm, will there be a move away from EVM? Need clear guidance on how things are going to be upgraded. For eWasm, have a development environment for this so people can experiment on this. Giving people a way to experiment and to run on things. </p><p>Solidity events are just sugar on top of low-level logging capabilities that EVM provides. Solidity events are just a convention that is built on top, but unclear how this breaks abstractions on top of the EVM that isnt part of the EVM itself. But this might not be able to be represented across different languages as they move to them. How much will break when people move off Solidity?</p>',
'How do you handle testing?': '<p>Write a lot of tests, try to make them as comprehensive as we can. </p><p>Think we use Truffle for writing the tests, all in JavaScript. Home rolled their own utilities. Dont have anything for test coverage. </p><p>For end-to-end testing, would be nice for good tooling for this. Kind of pain in the ass to test other systems that interact with the blockchain.</p>',
'What tools dont exist at the moment?': '<p>Pretty common for people to develop contracts locally but dont really know what gas costs are, and then they deploy to testnet and Mainnet and are surprised. Compile time tool for estimating gas. Embark 3.1 has a Profiler :) </p><p>I know people are working on different types of debuggers, thats a big one. It works well in Remix, but if someone integrated this in Atom that would be pretty great.</p>',
'Other domain specific questions?': '<p>How have you found working on Aragon, esp. APM? </p><p>Overall, I like the direction of APM, with a registry that also spins up the IPFS node with artifacts auto-deployed on it. </p><p>The devil is in the details and it can be quite complex, but its a promising direction.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>Plasma stuff. Obviously early days, but we want to see Plasma stuff ship. </p><p>State channel stuff is still interesting. Obviously sharding and eWasm. All scaling stuff. </p><p>We like Vyper, which is a more functional, formally proven language.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>CryptoZombies, used to send people to Zasterin which had some good courses. But not sure if this was updated in a while </p><p>Looked at a bunch of Truffle tutorials. </p><p>Big picture stuff, podcasts like Unenumerated. Preethi has some really nice high-level Medium posts.</p>',
'Are there any other questions we should be asking?': null
},
'86': {
'Name': 'Sina Habibian',
'How do you handle smart contract verification and security?': '<p>A bunch of upfront discussions and security analysis. </p><p>Then writing tests. </p><p>Security audit, bug bounties </p><p>Then, we will run a beta on the mainnet</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>I started in January or February of this year, and used a tutorial on Medium for creating a voting system. </p><p>Interesting because the tutorial was already out of date by that point. </p><p>Working on TrueBit. A few smart contracts: </p><p>TrueBit core incentive layer: tasks workers who do computation off-chain </p><p>Web-assembly interpreter in solidity </p><p>Building a bridge between dogecoin and Ethereum </p><p>Havent really started on any front-end stuff for these things. </p><p>Interactive Coin Offering protocol that TrueBit did</p>',
'What are the tools/libraries/frameworks you use?': '<p>Vim with solidity syntax highlighter, truffle and travis for tests </p><p>Running into problems with truffle on the current project </p><p>Zeppelins libraries for safe math and tokens. Using some JS state machine libraries for the client.</p>',
'What are your biggest frustrations?': '<p>Super slow cycle due to testing. </p><p>Are you running into problems with any of the following: </p><p>Gas limit: Yes, for local testing enforcing gas limit. </p><p>Off-chain computation: Yeah.</p>',
'How do you handle testing?': '<p>Truffle and Javascript unit tests </p><p>First person to build the contract didnt use truffle, so built his own complete testing system. </p><p>Built own testsuite because truffle wasnt configurable enough for my needs: it was running into issues as the complexity of the smart contracts grow </p><p>Deploy things to testnet. Though its true that there is a limited amount of benefit from deploying to testnet. It that doesnt really test stuff like vulnerable attack vectors or incentive misalignments </p><p>Better to do real testing on the mainnet under a public Beta, using real ETH</p>',
'What tools dont exist at the moment?': '<p>Testing is so important in this space, but testing is so painful and so slow. </p><p>No good debugger!! </p><p>Slow testing and debugging slow down your whole cycle.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Wrapping my head around potential attacks and edge cases in smart contracts. </p><p>What would be the hardest part of teaching a software engineer to build a dapp? </p><p>Incentives and economics angle is the hardest part to teach people, but likely the most important.</p>',
'What are you most excited about in the short term?': '<p>TrueBit because it gives you the ability to run any piece of code and get the result back no matter how long it takes </p><p>ArtDAO </p><p>Smart contracts are self owning but dont have any intelligence. </p><p>AIs are evolving and learning, but they dont have any resources. </p><p>AI creates 5 pieces of art and puts them up for auction. Sees the prices. </p><p>Keeps making better and better art, and the goal is to maximize how much money it has</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>Dan Finlay</p>'
},
'87': {
'Name': 'Truffle Team',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Set of tools: linters &amp; coverage tools </p><p>Critical, have mostly been worked on volunteer basis. </p><p>Needs ongoing support; needs to adapt to changes in the stack (Solidity, Web3, …) </p><p>Should be platform agnostic, should not assume that people are using Truffle, should work with dapphub. </p><p>Leonid Logvinov wrote a 0x code coverage tool. </p><p>bounty: making a next-gen coverage tool, that can be consumed by any platform or into your tooling. </p><p>Code coverage is absolutely critical from a security point of view. </p><p>The existing system is fragile, and only has two devs working on it part-time (?) </p><p>People to talk to: Christopher Gewecke, Alex Rea (works on Solidity coverage), Leonid Logvinov (0x coverage tool) </p><p>Chris wrote the code coverage tool before joining Consensys, its a volunteer project. </p><p>There are also more sophisticated audit tools: Mythril by Consensys (Bernard Mueler), Oyente maintained by MelonPort is another one. </p><p>Tracing / gas-profiling? </p><p>We would like to add this kind of stuff to ganache. </p><p>Remco Bloemen working on gas-profiling. </p><p>Bounty: support for hardware wallets in Metamask </p><p>Web3 has their provider engine. </p><p>Better key management support on the web3 level. </p><p>Metamask also wants to have Ledger support.</p>',
'Who are you and what are you working on?': null,
'What are the tools/libraries/frameworks you use?': '<p>Chris: </p><p>The closer you are the foundation of the stack, the less pain you feel. </p><p>We probably cause the pain. </p><p>Theres a disparity between demand for infrastructure, and supply of engineers working on it. </p><p>I love web3 &amp; Solidity good open-source projects, fantastic engineers. </p><p>What I do day-to-day: development of Truffle. </p><p>Nick: </p><p>Disparity between engineers using the tools &amp; engineers using them. </p><p>The demand for mature projects has stepped up </p><p>These tools, Truffle included, are struggling to handle mature projects, mature teams, mature practices. Its great when people are building proofs of concept though. </p><p>The requirements are coming in pretty fast </p><p>What I do day-to-day: Truffle debugger; development of Truffle</p>',
'What are your biggest frustrations?': '<p>Its downstream on Etheruem and Web 3js; upstream from developers </p><p>Needs to act reactively with what comes down the pipe from web3 </p><p>Needs to act proactively to help developers </p><p>Solidity develops faster than we can go through their process &amp; do their QA. </p><p>Need to bump the version but solidity sometimes introduces breaking changes 4.11, 4.12 e.g. visibility modifiers; but hasnt happened in a while. </p><p>A range of projects: sophisticated projects (Aragon) but also people who dont know how to use npm. </p><p>Weve been conservative about how we upgrade </p><p>Were making solidity stricter and stricter; but we dont know what kind of crazy stuff people have written. </p><p>Solution: try to make the tool configurable; based on plugins; users can make it into their own thing. </p><p>Making the compiler configurable.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Integration between truffle &amp; ganache? </p><p>Wed like their tools to provide a cohesive set of tools. </p><p>Takes time to build and just figure out what the requirements are.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Currently we use Gitter. Every Truffle member spends time in there. </p><p>But we dont think Gitter is the right tool for Truffles entire community support </p><p>Need to see what messages were missed. </p><p>People find bugs or issues that just dont get serviced, we fall through the cracks </p><p>Need a better way to announce to our community </p><p>We have a mailing list </p><p>We can message on Gitter but people miss the messages </p><p>Theres some first-class moderators on there. </p><p>Detailed answers are so helpful and seem to come through often in places other than our docs, which is hard to manage. </p><p>Stackoverflow is a great resource look at questions on stackexchange to find what things are creating the most problems for users where the anger is.</p>',
'Are there any other questions we should be asking?': null
},
'88': {
'Name': 'Preethi Kasireddy',
'How do you handle smart contract verification and security?': '<p>In the past, OpenZeppelin. Dont think well use them again because they are a bit pricey.</p>',
'Other bounties?': '<p>Testing and debugging! </p><p>Key management stuff.</p>',
'Who are you and what are you working on?': '<p>Im the founder and CEO of Trustory, an app thats built on the blockchain. App for users to create stories, and stories get validated using a cryptoeconomic game. Stories are claims that people are making! </p><p>Before that, I was doing independent development and was an engineer at Coinbase for a while.</p>',
'What are the tools/libraries/frameworks you use?': '<p>With Ethereum, for Trustory, we will write smart contracts in Solidity but maybe also make extensive use of Go. </p><p>Tendermint Consensus engine to build our sidechain with. </p><p>Other Cryptolibs TBD.</p>',
'What are your biggest frustrations?': '<p>Not enough standard libs. Creating a dApp, the stack is not well-defined. The ecosystem is very early with a lot of breaking changes and versioning problems. </p><p>Scalability, privacy. People are still figuring it out. Very few people are working on sidechains. </p><p>Not great documentation.</p>',
'How do you handle testing?': '<p>For JS, Mocha/Chai. In the past, used py-ethereum. For now, TBD.</p>',
'What tools dont exist at the moment?': '<p>Debugging. We dont use Truffle, and if youre not using Truffle, its kind of impossible to debug your contracts. Truffle is not the future, it feels very restrictive. If youre not using Truffle its difficult. </p><p>Testing. Surprised that there is no native tester for Solidity yet. Good examples to test using pyethereum or some other library. </p><p>Key management and key generation, for people that are not security experts. Right now, some people are using BIP39, some people are using other stuff. Its a mess. We need to decide what the standard is and make the examples around it.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Everything. Nothing follows a standard. </p><p>Biggest thing was debugging and testing. You dont have a proper debugger, life is hard. Deployed the contract every time, had to fix it every time, very manual.</p>',
'What are you most excited about in the short term?': '<p>For my app to launch! </p><p>Excited for Casper, for Proof-of-Stake</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Head of Tendermint, Zaki . </p><p>Antonio Juliano CEO of dydx (have previously spoken to Brendan Chou). </p><p>Nadav of Dharma (interview #19)</p>',
'What are the best educational resources?': '<p>Read the Ethereum source code, read the Solidity documentation. </p><p>I learned by reading source code. Read Ethereum for depth, and then read Solidity docs. Looked at as many contracts as Solidity contracts as possible. </p><p>Top projects: 0x contracts, Gnosis contracts, Augur contracts. Looked through top projects. </p><p>Some people look at Consensys tutorials, but I personally dont like them because they lock you into their ecosystem.</p>',
'Are there any other questions we should be asking?': null
},
'89': {
'Name': 'Alexey Akhunov',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Unification of testnets[a]. </p><p>Rinkeby &amp; Kovan are still incompatible. </p><p>I wanted to write this myself, write Kovan implementation in Geth? </p><p>I hate that everything in the smart-contract ecosystem is written in Javascript e.g. Truffle. People then use truffle bindings in production. </p><p>Native go tooling. Native go contracts. </p><p>I tried to do javascript auditing. And it is virtually impossible without safety of types. Theres a lot of dependencies; its really hard to check everything. </p><p>Specific: where the web-server is written, not in JS, but in a compiled language: should bind directly to the smart contracts, instead of going through JS bindings. Use go-bindings.</p>',
'Who are you and what are you working on?': '<p>Been in Ethereum since the beginning. Was following the PoC. Mined few blocks on his home computer. </p><p>Initially ran geth, then parity, then geth again. </p><p>Geth said it would be more like a library. </p><p>6 months ago, moved to doing Ethereum dev full time. </p><p>Did security audits gets tedious smart contract are usually short. But comes with more stuff server-side, etc </p><p>Now: playing with the go-ethereum code, trying to optimize it. </p><p>People talk about sharding, Casper, etc will fix everything; but that wont solve everything without optimizing everything.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Geth. </p><p>Can pass in --cpu-profile </p><p>Uses basic stuff that comes with Go: PProf. </p><p>Go has in-built tool to open this file. </p><p>Can generate dominator tree -> whole graph of traces vs times. Shows which nodes are dominating. </p><p>My workflow: </p><p>Change code. </p><p>Run geth with --cpu-prof </p><p>Generate graph from .prof file. </p><p>Run on cloud overnight.</p>',
'What are your biggest frustrations?': '<p>Yesterday spent 3 hours!!! fixing compiler errors. The codebase is large. </p><p>Added an extra flag to switch db to another from LevelDB. Compiling errors in fast-sync and light-client. </p><p>Codebase has a lot of baggage: Geth has Whisper, Swarm, and light-client. </p><p>Do geth developers want to separate these out? </p><p>Potential concurrencies &amp; SSD improvements.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Optimizing Geth: </p><p>It all started with a rough kinda experiment in November network became congested </p><p>Started doing profiling in Go. Learned to do it then. </p><p>Saw that geth was mostly talking with LevelDB database. </p><p>The process: </p><p>1) look at the profile </p><p>2) ask questions why is it slow? </p><p>3) then look at code, edit, experiment to improve. </p><p>The system is complex hundreds of goroutines running at the same time. </p><p>Trying to optimize the state management. State is constantly growing. Things will have to be written on disk; fetching it again will be slow. Can have cache, but what if its outside of the cache. </p><p>Problem 1) speed of processing. </p><p>Problem 2) if youre running a full node </p><p>Fast-sync: download all the headers + download enough state objects from other peers to only verify randomly selected blocks. </p><p>Then, after this, you become a full sync node. </p><p>Whole state from beginning is ~ 600GB. </p><p>It needs to be compressed. </p><p>How do you test your optimizations: </p><p>Peter from Geth told him: you can export the blocks, run through your node without being connected to network, and process. </p><p>Jameson Lopp: </p><p>His criteria for a blockchain: how quickly it syncs. </p><p>Idea for bounties: </p><p>Shared resource: have block data sliced up into pieces (e.g. first 100k blocks, second 100k blocks etc.), give it a Github branch, spin up the image, it does a git pull, launches an instance of the client without p2p mode, imports this part of the blockchain, does comparison across different parts (e.g. when there was a spam attack in ~2.4m block) </p><p>My goal: to go through spam blocks really quickly. Every sync should be very fast. </p><p>People complaining (e.g. exchanges) that they cant keep up with the blockchain e.g. Etherscan falling behind. The clients are becoming inefficient. Instability problems. “When quantitative changes become qualitative” breaking points are hit. </p><p>Go-ethereum developers are also working on this I do the same but I like not having the responsibility and just hacking around. </p><p>Collaborations between different clients: Parity &amp; Geth </p><p>Parity had a great breakthrough how to tune parameters of database can sync on HDD. Im hoping that collaborations will grow. State management across clients is important.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Nick Johnson </p><p>Peter from Geth. </p><p>Quickblocks founder Jay Rush quick access to blockchain data. Working on the problem of quick state download.</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'90': {
'Name': 'Simon de la Rouviere',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>Autonomous artist blueprint has existed for more than a year. Someone just needs to copy-paste and build it: https://medium.com/@simondlr/lets-summon-an-autonomous-artist-a-bot-that-creates-owns-and-sells-its-own-art-ada1afad086a </p><p>A lot of curation market stuff: usage, governance and management of the community. </p><p>There are different interesting ideas around this. Dmitry from Ocean proposed a model where a bounty is funded collectively, then it graduates to an NFT after a certain threshold. Will go back to him for more details on this. </p><p>The usage of curved bonding for network effects on bounties: lets say Status wants to issue a bounty. The buy Status bounty tokens on a curved bond, backed by SNT or Eth. This is valuable because, over time, if Status only uses Status bounty tokens for their bounties, you slowly build up a network effect around that token. Can either sell out or hold the tokens if you believe more people will fund more bounties in the futures. This allows people to speculate on the work being done in Status - it is a really a super-powered donation though. </p><p>Its kind of like network effects for investment or VC.</p>',
'Who are you and what are you working on?': '<p>I have been in blockchain since 2013 working in BTC. I have always looked at this stuff as a tool to enable creators, so I built an app that let people sell digital goods for BTC. </p><p>Started building on Ethereum when it was announced in 2014, and then more actively late 2014, working in the stack. </p><p>Currently most time on: Ujo music - decentralized licensing platform for musicians. </p><p>30% of time on Curation Markets - monetize new networks of value and coordinate toward shared goals.</p>',
'What are the tools/libraries/frameworks you use?': '<p>I am the smart contract lead at Ujo, so spend most of my time writing Solidity and tests. </p><p>Writing tests in Truffle and to deploy contracts. </p><p>Generates helpful build file with info about deployment that can then be ported into any frontend app through a simple JSON file that can have multiple networks and contracts specified in it. </p><p>Sometimes use Remix, mainly for catching syntax errors more quickly (than Atom at least, my other IDE). Works well for quick interaction (using MetaMask) with smart contracts. </p><p>Just truffles contract libraries to interact with frontend </p><p>Use Oraclize for on-chain price oracle for Ujo stores. </p><p>Strings library built by Nick Johnson that helps us parse strings in the registry more easily. </p><p>Wrote our own ERC-721 implementation as well. </p><p>After CK came out, there was no fully standardised implementation. The community was still iterating over the standard, OZ also wrote one. There were some stylistic changes that Consensys wanted over the OZ work, so we still needed our own implementation. </p><p>Also just helps with my own understanding to write this stuff myself. </p><p>Curation market specific tools? </p><p>Trent from Ocean Protocol is pioneering the engineering approach to analysing token systems using well known tools from his trade that I dont understand as well as he does. </p><p>We use a lot of different curves for curved bonding markets, and there are some curves that are more easily visualized and assessed. </p><p>xkcd graphs makes some interesting and easy to understand stuff.</p>',
'What are your biggest frustrations?': '<p>For me, its always been harder to evaluate this, because I come from building on BTC, which is orders better than the dev experience there. </p><p>Its always been “good enough” for me, even though it is improving rapidly all the time. </p><p>Issues with Infura detailed above cost me quite a bit in failed deployments, and the only way I figured it out was by having direct access to the Infura team, which others obviously wont and that is an issue. </p><p>How deployments work with different gasPrices - its not clear if you should worry about things like time outs during the process. What if you set a low price, end up waiting hours, and your internet suddenly drops? What if there is a time out on the request to an API somewhere that fails? </p><p>I always default to a higher gasPrice when deploying to make sure it actually passes and is including. </p><p>Better documentation around best practices and common pitfalls here is definitely needed. </p><p>Ganache has visual interface to their test explorer. Sometimes you want something with a more visible understanding of what transpired with certain transactions. Like etherscan displaying internal transactions and well-known contract events, but with visuals. </p><p>Visual analysis/element would really help developers understand what is happening in the network. </p><p>When you have multiple contracts for a DApp, you need an up-to-date document/visual interface that shows you latest deployed contract and its methods/interfaces.Auto-generating visual tools for SC that are meant for developer aid. </p><p>At Ujo, we have 4 contracts, a registry, a payment handler, badges (collectibles), oracle. Gets put into JSOn file in /build, but this is not visible or particularly useful for anyone but me. </p><p>Take some info out into separate document so the rest of the team can easily see where they are deployed and what they do at a higher level.</p>',
'How do you handle testing?': '<p>Mythril is very useful and we use it. </p><p>Writing extensive unit tests in Truffle covers a lot of the low hanging fruit and gives you a great understanding of your contracts and how they really work. </p><p>It really depends on the use case: i.e. checking for over- or underflow means you sometimes need to be really careful. </p><p>Best resources to learn about tests? </p><p>The EVM is notoriously bad at providing good error reports. </p><p>Revert with reason will be really helpful for this. But there might still be edge cases where it is not certain what transpired. </p><p>You used to require a lot of context in order to sense what </p><p>A lot of my knowledge comes from debugging myself and following the traces through the EVM. Sometimes you just have to vasbyt (an Afrikaans word meaning, roughly, grit your teeth and just hold on). </p><p>Solidity is moving more towards safer defaults in general, which allows more advanced devs to take the guard rails off when we know what we are doing: </p><p>Explicitly setting the constructor (to avoid some of the Parity hacks) </p><p>Addition of transfer function to automatically check for failure of sends (which was previously manual). </p><p>After DAO hack, I started collecting information and Smart Contract best practices repo, which is now maintained by the Consensys Diligence team. </p><p>Infura uses a load balancer between multiple Eth clients, but these have different tx pools, so during the migration process, it is pinging infura, but it is shuffling the request to different node each time, which eventually cause the migration to fail. </p><p>However, the error reporting from the client claims that the nonce is too low, which is technically true, but not at all descriptive about why the migration actually failed.</p>',
'What tools dont exist at the moment?': '<p>One thing that comes to mind is a mature, incentivized storage platform does not really exist, still. Swarm has never really answered my immediate needs, and I worry sometimes that it is a bit too similar to something like S3. </p><p>Wouldnt need to solve all problems immediately, just needs to be better than what we have today. Infura provides access to the IPFS network, and then backs them up themselves so that they have guaranteed access to it. Which is good enough, for now. </p><p>In the future, if youre going to have 1000s of GB of media, this will need to be looked at much more closely. </p><p>Protocols labs multi-hashing scheme is very useful in addressing the content.</p>',
'Other domain specific questions?': '<p>What are the biggest challenges for Ethereum right now? </p><p>Its still uncertain to me how the development experience will change when scalability improvements start to get deployed. </p><p>Whether it is sharding, plasma, side channels etc, what changes from a development perspective? </p><p>How do we choose which shard to inject our contracts into? How does the network load balance this? </p><p>What does a dev need to change for Plasma, and what does it mean for UX? Does it need a separate MetaMask, or do we need to build our own in-browser wallets again?</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>Curation markets! </p><p>More collectible stuff. The art scene is finally catching on, which is great. The cypherfunks, which were four years too early, are being discovered again through no work of my own, which is awesome. </p><p>I just want more people to be able to do what they want to do, more often.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Google, gitter, ETH stack exchange. </p><p>Some Consensus resources that we all use. </p><p>Most of Consensys internal stuff is moving toward being external-facing and most of his stuff should be open in the future.</p>',
'Are there any other questions we should be asking?': '<p>Curious about how we plan on dispersing the money? How do we decide on spinning up new teams to work on stuff or find existing teams working on it and enabling them. </p><p>Wouldn\'t make sense to fund multiple implementations of something? Take the block explorer: what about etherscan, alethio etc?</p>'
},
'91': {
'Name': 'Alvaro',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>VirtuePoker offchain game, smart contracts to represent state of a poker game offchain consensus of consensus, and submit to onchain. </p><p>Building poker with Ether, that can be played without an intermediary. </p><p>When you leave the table, you cash out with the stake which you have left</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Whisper </p><p>Building a p2p game. We tried using Whisper for real-time communication does not have receipts; we have discarded it right now. </p><p>Read a Stackoverflow about Status problems building on top of Whisper. </p><p>The P2P is tough need to be direct peers need to run neighbor nodes yourself. </p><p>Connecting the mesh is tough. </p><p>SO post said that Whisper doesnt acknowledge receipt of messages. </p><p>Running whisper on a geth node is optional. </p><p>PROBLEM: whisper has low adoption. </p><p>As a result, the game cannot be decentralized. All messages that are passed to each other between clients, are going through a centralized center. </p><p>People use WebRTC with direct connections. But wont work for them because they dont want to reveal peoples IP addresses. </p><p>Theres also a protocol called Telehash. </p><p>DHT. </p><p>Web3 </p><p>Switching to new release soon interface change is coming. </p><p>Callbacks are annoying; should use promises. </p><p>We promisify the functions themselves. </p><p>Weve only used web3. </p><p>A web3 alternative, ether.js (from L4) </p><p>Solidity </p><p>Why doesnt it have common data structures? e.g. a simple array; if you delete one item, you get a hole in the array. </p><p>Need a way to store data that is indexed and where it can be safely deleted. Manually doing this stuff is bad.. </p><p>There are many implementations of this; but having a standard implementation would be really helpful. </p><p>A lot of these things should be built into the language. </p><p>SafeMath. I dont use a lot of libraries otherwise. </p><p>EthPM? -> It worked, kinda? </p><p>Creating more low level libraries[a]? </p><p>I like Remix. It has improved a lot. </p><p>I had no problem with the UI. </p><p>Like testing in Remix though the debugger could be improved. </p><p>Truffle is good, as well.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'92': {
'Name': 'Javier Franco',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>How to simplify the way to calculate the gasPrice. </p><p>Having an estimateGasCost when you send a transaction? </p><p>A lot of people have trouble when sending a transaction with a low gas cost, doesnt get accepted but you can replay the same tx with the same nonce with higher gas price and overwrite </p><p>Wallets need to implement this, it would help a lot of people.</p>',
'Who are you and what are you working on?': '<p>VirtuePoker making the migration to the new problem. </p><p>We have a Proof-of-Concept on Python; implementing in Electron. </p><p>Talking to Plasma, to use for scaling and also gas costs. This is a big problem. </p><p>The poker game actions are all done off-chain; the money stuff is on-chain. The winner reports the results. This is on-chain and expensive. Even reporting on the results costs $1. </p><p>Offchain stuff: </p><p>P2P network between all the peers just a centralized API right now. Later want to be p2p without a server, but could have attack vectors with people listening in. </p><p>Building the backend regulatory process if you lose a hand, but thought you won, you should be able to call in. Also to prevent collision. View patterns.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Gas costs: </p><p>Ethereum price increased, gas priced also increased, then CryptoKitties launched gas cost of $1. We think the only solution is Plasma. </p><p>In the beginning, itll be only a chain for payout. Wont have the EVM. The first Plasma implementation wont be a EVM will be only for sending payments. </p><p>Well be moving from this to a payment-only architecture. </p><p>Documentation is very weak Plasma especially. </p><p>New joiners, suffer when learning. Compared with, say, Javascript. </p><p>Especially since were all in a phase where new developers are entering. </p><p>Ethereum Foundation examples has not changed in a long time. </p><p>Theres no rollback when you deploy a contract. </p><p>Deployment costs of a contract is expensive the Dutch Auction for their ICO costs 1 ETH to deploy. </p><p>We were using Truffle to test. Achieved 97% code coverage. </p><p>Testrpc. Mining a lot of blocks. </p><p>Testing code based on temporal logic, number of blocks, e.g. you want to protect funds for 90 days or so. </p><p>Can achieve same result with 20/30 minutes of blocks. </p><p>This kind of testing is really slow.</p>',
'How do you handle testing?': '<p>Testing our Dutch Auction ICO contract: </p><p>We were targeting 100% code coverage. </p><p>The contract allowed ICO to stop in two ways: </p><p>By hitting the market cap </p><p>By calling stop (?) </p><p>The time between the auction being finished, and the tokens being claimed, you want 7 days. </p><p>This is equivalent to 30k blocks. </p><p>How to test? You hardcode lower numbers, test (which is slow), then switch in the real numbers. </p><p>What a solution for this would look like: </p><p>These tools could have a way to mine the number of blocks you want, instead of block-by-block. </p><p>Stress-testing the economics &amp; game theory of ICO contract: </p><p>To be able to bid, you need to be whitelisted. Then, the amount you bid is also limited. </p><p>Solidity: </p><p>Its a simple language. Not very complex. Problem is you have to be very strict about testing everything; not even leaving a single line of code without coverage. </p><p>E.g. Parity bug. All contracts where using the same contract. </p><p>E.g. if you want to use an external function of a contract, and that person kills the contract, you are screwed. Kinda like someone deleting an NPM package you depend on. But theres no roll back. </p><p>We are moving towards factory or library-driven contracts. </p><p>We will have a proxy contract.</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'93': {
'Name': 'Rick Dudley',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>I worked on EthPM briefly. </p><p>I gave up in frustration </p><p>I was working at Monax at the same time with RJ and Jan. </p><p>This is a good bounty that were going after. </p><p>Bigger problems within EthPM: </p><p>Fundamentally, in Ethereum, we have contract immutability. </p><p>If I take the same bytecode and deploy it to two different networks, its going to have different hashes. So how do I reference the code across my local, testnet, and mainnet environments? How do I reference that in my dev environment? -> the contract address wont be the same. </p><p>Working on at the moment? </p><p>VulcanizeDB with Maker as their client. </p><p>Steps: </p><p>Take IPFS (the content-address allows you to verify the content is correct) and retrieve the data </p><p>SQL query you do a search given parameters and you get back a result set. </p><p>Because you trust the database is free of faults. </p><p>Vulcanize: our result-sets contain content-addressable data. </p><p>ETL system for blockchains. </p><p>Pull blockchain data into a Postgres database load all blocks, transactions, tx receipts. </p><p>You as an engineer write a transformation which also generates a GraphQL endpoint. </p><p>Your dapp can then pull that data on an ongoing basis live pubsub, polling, … The data is also content-addressable. </p><p>e.g. you put the events for a contract into a table, you have a block range, a contract, in this table </p><p>Then, you take that table, do a pg_dump, and put it into IPFS. </p><p>You can then verify that using your own client. </p><p>Github / vulcanize / vulcanize.db </p><p>Will be released soon. </p><p>Will eventually write a DSL for those transform. </p><p>Standalone vulcanize db reads from one node, but can gossip the transformed to other nodes. </p><p>Interactions with IPFS, Tendermint, Lightning, … </p><p>Federated exchange decentralized exchange </p><p>Once you have that system; then the Tendermint validators can have a system marketing </p><p>Tendermint validators can be bonded on Ethereum AND they promise to route the Bitcoin HTLCs</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Lack of people over 40 naivete. </p><p>Trust and guarantees which crypto gives you which guarantees? </p><p>The claims of Ethereum what features are worth preserving. </p><p>Contracts are immutable; but state is mutable contract code being mutable doesnt give you any security. -> immutability. </p><p>Is the RChain application model (not Turing complete) better than having a Turing complete VM? </p><p>We havent been super happy with ganache in particular.</p>',
'How do you handle testing?': '<p>I like the DappHub stuff; but its not fully integrated. </p><p>There isnt a full testing suite; no way to go from the Solidity integration tests, to full-stack integration tests. </p><p>Casey Detrio worked on testing &amp; fuzzing within Ethereum Foundation codebases. </p><p>But they dont run simulation networks on updates, so there could be consensus breaks. </p><p>For instance, the airline industry does this. Airlines use BFT within fly-by-wire systems. </p><p>Check out: videos from SQLite author explaining how they did testing. </p><p>Our testing: </p><p>We use both Zeppelin and Dapphub. </p><p>Phantom-js test of something that uses IPFS and Ethereum. </p><p>Monax had a lot of great tools, that didnt get the attention they deserved in the community: </p><p>Counterintuitively, the federated context has higher security requirements. Your clients ask tougher questions than ICO token buyers.</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Bottom-up sharding scheme </p><p>An app-sharding model. </p><p>Put a market-based order based on parameters on what validators you want. </p><p>Active bounty is a hybrid between a consulting contract &amp; a bounty? </p><p>With Github, you have the opportunity to watch source code writing (commits) to deployment on mainnet the whole process cryptographically held together</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'94': {
'Name': 'Evan Van Ness',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Have only ever played around very early, but never built anything seriously </p><p>Personality isnt suited to writing bug free software, which is what you have to write in this space, and not a serious enough developer </p><p>The idea of writing code with actual value attached to, direct value that you can never take back in the case of an error. </p><p>Im glad others are developing, but I would lose too much sleep. </p><p>I run the Week In Ethereum newsletter, and has become a full time job at Consensys. </p><p>Close to 40hrs a week to curate </p><p>Do a podcast as well. </p><p>Moderator of r/ethereum</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Its tough for everybody in this space to balance the “Wow, this will change the world” with the “Wow, this is really nascent tech”.</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Lets talk a little about why youre skeptical of fat protocols? </p><p>Never met Joel Monegro - hear even he doesnt agree with the way people interpret his article. </p><p>Same day as his “theres no such thing as fat protocols,” Jake Brukhman wrote Fat Protocols is Not an Investment Strategy. </p><p>In the very long run, this is a kind of database that will get commoditised. There will be parts that are decentralized, parts that will be centralized, public, private. No reason to think the protocol will always be where value accrual occurs </p><p>What opportunities exist or others to get involved in the community? </p><p>Transcribing calls - core dev, plasma, sharding, etc </p><p>do actual UX reports and write them up well. </p><p>Monthly and daily newsletter that are out there and could also be improved. </p><p>Plenty of technical builders are frustrated because their projects dont get the attention they deserve. Helping those teams with marketing is really necessary and could be bountified. </p><p>There are other projects have developed languages that compile to the EVM that are more safety focus and not entirely clear on open sourcing them because they are worried about maintenance. </p><p>More general problem of people open sourcing tools that they dont really want to maintain - so bountifying those important projects is a possibility. </p><p>Having a financial reward can actually hinder people if the work is creative. Only really helps when there are pretty clear guidelines and it is more a problem with motivation. </p><p>What is your general strategy to getting involved in the Ethereum community? </p><p>Anybody can start a podcast and there are A LOT of interesting stories to tell in this space because were all a little weird. </p><p>Especially if you put a bit of effort into the editing part! </p><p>Considers the newsletter a “tool that helps people be more productive”. </p><p>Its really interesting that there are non-coding things that can achieve this effect and figuring out others would be really great community-based work for non-technical people to do. </p><p>Same thing for writing simplified versions of some of the technical papers and research that is being produced, a la Beige Paper </p><p>There are lots of different lists of info, sometimes up-to-date, sometimes not. People at Consensys have put together a list of all the developer tools, which should be opened up at some stage soon. </p><p>A lot of this stuff is ephemeral. If you dont see the announcements and use things within a few weeks, they can often slip off your radar.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>NexusMutual - on chain smart contract coverage - risk coverage for your solidity code. Its very necessary for the ecosystem right now. Goal is to become a thing that is seen as as necessary as a security audit and a bug bounty program. </p><p>Scaling is getting closer! FFG is pretty exciting. </p><p>Prediction markets are still exciting (but we all keep saying that). </p><p>We definitely need to keep iterating through compensation and incentivisation for working on public infrastructure, And making it such that people can open source their stuff in such a way that they dont then forever need to spend the rest of their time maintaining.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>All the information used to be on Reddit, and there were some Skype channels for the people more deeply involved. </p><p>Part of the reason the newsletter takes so long to curate is that news has decentralized </p><p>Used to joke that the newsletter is just copying links on reddit </p><p>Spend a lot of time finding things in twitter. </p><p>A lot of new projects dont know that r/ethereum is the main gathering place for the community. </p><p>Doesnt touch on East/West divide of the community. </p><p>I feel like I have low visibility into the Asian ecosystem. </p><p>One of the brilliant insights from Vitalik was to go and spend so much time in Asia to make it a global thing, but there is still a lot more work to be done on that and in connecting the communities in general. </p><p>Translations are always a big part of this.</p>',
'Are there any other questions we should be asking?': '<p>There are a lot of people with tools for themselves that are not well maintained. </p><p>There is some solution space out there where that gets solved and we need to find it.</p>'
},
'95': {
'Name': 'William Entriken',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Started using Ethereum in December. </p><p>Created ERC721/161 to support my project. It was contentious, I won the fork wars. </p><p>Underestimated how crazy this ERC721 process was. </p><p>721 is the first standard thats actually an Interface. </p><p>Interfaces are broken in Solidity. </p><p>Started filling bugs in Solidity. interfaces should be able to inherit from interfaces. </p><p>External vs public in interfaces. I fixed it. </p><p>Fixing things in Solidity basically rewriting the whole inheritance model in Solidity. </p><p>In 721, I had a caveat section, “errors in Solidity etc” </p><p>People said: “the standard shouldnt say a function is payable” but I said that the interface needs to enforce this. </p><p>Got the attention of Christian, Alex, Hudson. </p><p>721 had a dependency on 165. So I started to fix 165. </p><p>Mainly occupied with full time job, speaking re: 721 and its use cases at conferences, evangelism, million dollar homepage, navy, google, hardware (semiconductors) </p><p>Big open-source guy, worked on KDE project, worked in semiconductors.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>The #1 problem: </p><p>My mom wants to buy ETH. In order to do this, she has to go to Gemini, give her SIN, give access to webcam, and access to their bank account. </p><p>Biggest bank in this ecosystem is Coinbase. </p><p>Every ICO is “illegal” </p><p>Need a new crypto bank. This bank needs to solve two huge problems: </p><p>Identity management (provided by the bank themself). </p><p>Anti money laundering </p><p>The #2 problem: </p><p>Solving KYC / AML for the general population, is understandable, and secure </p><p>Couple solutions like <$300 transactions lets you avoid AML restrictions</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Lack of private/business incentive to solve Bank/payments, not exchange, problem in crypto. </p><p>The ERC process: </p><p>Bring initiative, theres forks, solve the problems being polite, being political, making phone calls to reach consensus. </p><p>Problems: </p><p>Problem #1: Ethereum is centralized. Code / governance is handled by one party. </p><p>This is the “EIP” process. </p><p>These arent technical reasons, theyre political reasons. </p><p>The EIP process: </p><p>Anybody writes an EIP must be technically valid, describes a change to the Ethereum ecosystem. “I want a sidechain”, “i want to change the gas for this opcode”, etc </p><p>If the EIP is implementable (i.e. it compiles), its accepted as a draft. </p><p>If there is community support, itll be reviewed by all core devs. </p><p>If it is supported by core devs, it is implemented. </p><p>If people support it, then people will upgrade the clients. </p><p>How it actually works: </p><p>You publish the EIP. There is a storm of discussion; emotional, backhanded. </p><p>Blackballed for mentioning cultural/political taboos </p><p>PR is not the right word for it. More like a wiki. </p><p>They discuss it at the core dev meeting. They implement the code, clients upgrade it. </p><p>Someone puts it on Hudsons PM meeting agenda </p><p>How Swift (from Apple) handles this: </p><p>You go to the mailing lists, you start a discussion. </p><p>This takes a lot of effort, so you wanna be sure your stuff is legit. </p><p>Big discussion in the community. Swift is centralized (one party). You need code already, a test case or something, you explain technically in-depth. You get it to review, 2 week review period, its posted on top of Apple Swift website + goes out to mailing list. </p><p>The key point is: the 2 week speed pump. Everyone has to pass through that. </p><p>How DARPA handles bounties </p><p>Heres a very specific problem and you need a 100x improvement </p><p>Come up with working solution that can support network of 10k </p><p>If you can do it elegantly, heres 50k and well study it further before implementing </p><p>The community expects full-time people; they dont cater to part-time contributors. </p><p>A contributor needs to look at all issues and PRs theres no queueing system. One could get approved at any time. </p><p>The ERC process: </p><p>Write an interface for a contract. He wrote 165 and 721. </p><p>A ton of new token standards. </p><p>First mover advantage to writing standards/interfaces - something like street cred for devs. </p><p>Over-standardization occuring </p><p>Not enough focus on what people would actually want/need to use </p><p>I dont see the need for a package manager, the existing tools seem adequate. </p><p>Not enough money allocation from teams to bug bounties.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'96': {
'Name': 'Christopher Goes',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Wyvern is an application agnostic protocol for exchange of transactions, not tokens </p><p>Parameterisable orders - kitties with blue eyes, discovery mechanism </p><p>NFT, bonds, collateralized debt obligations, pools of cats, where people care more about the parameters of the asset </p><p>Buying and selling of smart contracts. Use case- rental of smart contracts in exchange for fees </p><p>Like the 0x for transactions, ethereum assets </p><p>Proxy account system where users create DEX orders that execute transactions under specified conditions. </p><p>Abstracting over Ethereum bytecode - anything you can send over eth transaction you can buy/sell </p><p>Mostly written in January 2018</p>',
'What are the tools/libraries/frameworks you use?': '<p>Solidity, Typescript, Truffle for deployment, JS front end </p><p>Bytecode checking handled by libraries </p><p>Bytecode of your order (constructed in UI) is checked vs orderbook </p><p>How are you building the front-end to construct bytecode? </p><p>https://exchange.projectwyvern.com/ </p><p>Wyvern schemas library maps bytecode to visual representations</p>',
'What are your biggest frustrations?': '<p>Solidity - I find it difficult to write complex, high-assurance code vs Rust/Ocaml etc. </p><p>Wyvern uses large exchange core contract </p><p>System of several contracts (delegate calls) needed to validate order </p><p>I wish there were easier ways to use typescript rather than javascript with solidity. Calls to the contract (from javascript) are mostly untyped. I definitely want better statically typed testing tools that are clear and easy to use.</p>',
'How do you handle testing?': '<p>Oyente </p><p>SolCoverage is super useful </p><p>Javascript tests </p><p>Current experience writing tests in solidity is terrible. Could be better with a better interpreter. </p><p>Current static analysis tools focused too heavily on reentry bugs, post-DAO </p><p>Security audit on Wyvern revealed that a non-zero contract balance tool </p><p>More edge cases needed between Solidity and EVM gotchas</p>',
'What tools dont exist at the moment?': '<p>Local, easy Solidity interpreter </p><p>Currently, tests are done on EVM through a blockchain </p><p>Most things youre testing dont rely on blockchain features (timestamps, block # etc.) </p><p>Easy interpreter that runs locally on computer not through ganache </p><p>Also, Better gas measurement- line by line gas cost analysis </p><p>His workaround was using solidity assembly code (well documented) </p><p>User account experience would be better if people used contracts instead of standard accounts </p><p>Wyvern already uses user-owned smart contracts as their user account </p><p>Instead of ERC-721 way (smart contract approved to spend your funds). If users had proxy accounts, they could create global limits on spending of tokens. Wouldnt need to track approvals via various individual contracts. </p><p>Custom rules for fraud detection/reversal could be set up (i.e. double confirmation/ time period required for transactions > $xxxxx)</p>',
'Other domain specific questions?': '<p>What are the barriers to Wyvern usability (by relayers) and liquidity? </p><p>Wyvern is an exchange contract, not a platform </p><p>Platforms will diverge in their purpose </p><p>Openseas could use Wyvern </p><p>Economic model set up which they could take fees. Can be used by relayers to take fees in Wyvern orders </p><p>Would more expect relayers in different verticals, more </p><p>Wyvern makes it easier to share liquidity (between relayers)</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Introduction to Ethereum Medium post: https://medium.com/@preethikasireddy/how-does-ethereum-work-anyway-22d1df506369 </p><p>EVM yellow paper, Solidity documentation </p><p>Edge cases can be super technical - go look at the hardcore docs if you really want to know. There are no easy answers for some things, after all.</p>',
'Are there any other questions we should be asking?': null
},
'97': {
'Name': 'Matt Condon',
'How do you handle smart contract verification and security?': '<p>Nothing, no real process besides following best practices. </p><p>Gets auditing. Should be running Mythril but hasnt set it up yet. They have a great blogpost on finding unchecked self-destruct.</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Built a raffle contract, but didnt ship it because I didnt want to deal with real money in early 2017 </p><p>First thing I shipped was steak.network </p><p>Now building XLNT and gnarly </p><p>Solidity contracts. </p><p>Off-chain clients. </p><p>Frontend interfaces for blockchain-backed stuff.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Truffle, Infura, MetaMask, Etherscan, Remix, Solidity flattener. </p><p>If not already mentioned, are there any libraries you rely on regularly? </p><p>Web3, BigNum, moment, Numeral, Chai, Mocha</p>',
'What are your biggest frustrations?': '<p>Iteration cycle is slow, especially compared to webdev </p><p>No visibility into errors in solidity. No error logging, no line numbers. Complete black box. </p><p>People end up commenting out lines, deploying testing, re-editing just to figure out bugs. </p><p>Needs to be fixed at the EVM level. </p><p>Logging is undefined. dont really know how youre supposed to log even though I have read all the docs. </p><p>The solidity inheritance interfaces are weird. Really likes Bamboo for this reason. </p><p>Ganache fixed a lot of testrpc issues. But it doesnt support websockets so thats annoying. But at least you can actually use geth in dev mode now. </p><p>Are you running into problems with any of the following: </p><p>Gas limit: Yes, in general. </p><p>Off-chain computation: Yes, open problem for TrueBit. Theres gotta be some best practices for setting up state machines and stuff like this. </p><p>State Channels: Havent used them.</p>',
'How do you handle testing?': '<p>Try not use truffle test. </p><p>Never written a solidity test, but written a lot of JS tests. </p><p>Also do some manual integration tests using Remix to deploy to Ganache or something. Using remix for this testing.</p>',
'What tools dont exist at the moment?': '<p>Truffle has a lot of rough edges (documented elsewhere) </p><p>Gas profiling </p><p>Interactive debugger that works</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Mental model of how blockchains work. Also mental model of how Ethereum works. </p><p>I wrote an article called “Getting up to Speed on Ethereum” that answers the vast majority of question I had when starting. </p><p>Tokens are just numbers in a database with an API to add and subtract. Not some native object or something. </p><p>Solidity the language, besides its quirks, is not hard to learn. The hard part is understanding the environment its executed in, and what that means for your program </p><p>What would be the hardest part of teaching a software engineer to build a dapp? </p><p>“Solidity is just like javascript” - THIS IS SO LOADED WITH WRONG IMPLICATIONS </p><p>Peoples understanding of web development doesnt really transfer </p><p>Software engineering principles transfer, but its not just web development.</p>',
'What are you most excited about in the short term?': '<p>Biggest hype tech is token-curated registries. Curate a set of things such that the resulting registry is more valuable than the sum of its parts. Use that to create economic incentives around rational behavior for the curation process. </p><p>E.g.: machine learning if you want to create public images for a dataset </p><p>E.g. structure government as a token curated registry where laws are curated into a constitution. If someone thinks their expertise will increase the value of the constitution they can become a curator </p><p>Mostly interested in 2nd layer projects that dont exist for cryptos sake</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': '<p>All of the people in Cape Town that I just met.</p>'
},
'98': {
'Name': 'Ramon Recuero',
'How do you handle smart contract verification and security?': '<p>Found a list of the top 10 security vulnerabilities; reentrancy, math overflow, ... </p><p>You dont know what you dont know. </p><p>How to find info: </p><p>Google / reading about the DAO hack / Reddit.</p>',
'Other bounties?': '<p>Having difficulty in hiring people most engineers dont understand blockchain. </p><p>Dont have much to show for it right now. </p><p>SoV </p><p>Infrastructure needs to get exist first. </p><p>Lack of use-case, to be honest. </p><p>Explaining the data model for blockchains: </p><p>E.g. similar to: Dan Abramov: Redux devtools on the right. </p><p>Making an interactive demo of data flowing through.</p>',
'Who are you and what are you working on?': '<p>Last summer, developed Redis on Ethereum. Simple to read &amp; write data.</p>',
'What are the tools/libraries/frameworks you use?': null,
'What are your biggest frustrations?': '<p>Was pleasantly surprised with Truffle - testing was easier than expected. </p><p>What was hard: </p><p>Debugging. Solidity compiler error messages could be better. </p><p>Theres no console.log, can click and step into the code. </p><p>Google and Stack Overflow are often the best resources when running into bugs. </p><p>Trial &amp; error, until you get through it. </p><p>Its difficult to communicate this to other people. </p><p>Getting the mindset for developing for the blockchain is hard. </p><p>Hard to remember,even harder to explain to other people. </p><p>Deploying to testnets and mainnets was hard. </p><p>Had trouble with gas. </p><p>Getting Ether on the testnet. No faucet. </p><p>Found developer on Reddit Ethereum thread. </p><p>No chance to update the contract. Just pushed new contracts. </p><p>Eth npm in the beginning. </p><p>Different ES6 configurations in front and backend</p>',
'How do you handle testing?': '<p>Redis had the smart contract. Made an npm library; had Truffle tests + npm tests.</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': '<p>Testing in Truffle. </p><p>Is simple if you come from the Javascript world. </p><p>Metamask.</p>',
'Who are the other people you think we should talk to?': '<p>Blockchain Berkeley Lab professor working with students learning blockchains.</p>',
'What are the best educational resources?': '<p>Did Coursera course to implement blockchain, but its likely not the best.</p>',
'Are there any other questions we should be asking?': '<p>Share your learnings, get the community back in, and do another iteration.</p>'
},
'99': {
'Name': 'Facu Spagnuolo',
'How do you handle smart contract verification and security?': null,
'Other bounties?': '<p>For governance: </p><p>We are still exploring which models are better for upgradeability. How to take into account the community, dev team, investors etc. We need a governance pattern that works specifically for upgradeability decisions, which tend to be more focussed than larger governance questions and might lend themselves to specific, narrow mechanisms. </p><p>It may be possible to modify the way the compiler maps state variable to storage, so that we can allow people to implement similar patterns to ours without all the inline assembly stuff. Might make a nice bounty - improving the compiler in general to allow new features specifically in terms of what you can do with the EVM. </p><p>Having a scheduler implies huge gas costs, so we need to find scheduling mechanisms that will allow the community to run transactions in a feature for you and be rewarded with tokens or Eth or whatever. (see chronologic for this kind of stuff too) </p><p>We are trying to see if there is anyway to use TCRs and token curation markets in order to handle on chain standard libraries and upgradeability too. The idea behind zeppelin OS is to encourage other teams to build their own on chain standard libraries and provide them through zeppelin OS to be used in other projects. We would love to see the community come forward with suggestions about how this could be best managed.</p>',
'Who are you and what are you working on?': '<p>I studied Computer Engineering and am a full stack dev. I started my career by programming web stuff and distributed systems. </p><p>A year ago I had heard a lot about BTC and “blockchain”, so I got involved. </p><p>My life goal is to build the technologies that will make peoples lives easier and more free. </p><p>Cryptocurrencies clearly can do this, but Ethereum specifically - because of the community, and the fully functional VM on a chain - is clearly the best platform we have so far. </p><p>I knew Manuel from before, and so got together with him and decided to start building some tutorials and interaction guides to walk people through the same forests I was exploring. Started contributing to Zeppelin as a security researcher, because that is the major focus at the company. </p><p>This gave a lot of background as I really had to grasp how thing happen in the EVM. You have to be incredibly conscious and attentive about the stuff youre programming. </p><p>Auditing well-known projects also really helped me grow my knowledge of how the whole ecosystems works and what the best practices are. </p><p>I am now building Zeppelin OS - upgradable smart contracts, with a scheduler, and on chain standard libraries. </p><p>Its a huge challenge to build this on Ethereum currently, so I became a core member and we are releasing our first version today!!</p>',
'What are the tools/libraries/frameworks you use?': '<p>Truffle - I dont really like it, but have to use it. </p><p>We can improve a lot of things here and build some more things on top of it. </p><p>Testing your contracts easily across any network and setting your own defaults through the console is not as easy as it should be. </p><p>Truffle scripts allow you to deploy your application, but the truffle environment itself is very difficult to manage, especially if you need to modify it to fit your specific project. You can lose days trying to do that. </p><p>We should start thinking about providing an interface that can be consumed, extended and used by other cmd line tools, and things like zeppelin_OS. </p><p>The testing environment is really good, but could still provide some extra features (like better debugging and changing variable easily between tests without needing to recompile everything). </p><p>I havent yet found one chance to run the debugger properly - but we really need that and it really needs to be easy to use. </p><p>When I try to debug my contracts on the network, I start logging events on the smart contract to see what is happening. This is really slow, it is a waste of gas and is not the way I want to handle things in the future. </p><p>We also use open zeppelin a lot in our own projects: i.e. DApps we build ourselves, and zeppelin_OS - an on chain version that can be used as a standard library for zeppelin OS. </p><p>Currently you have to deploy manually the smart contracts from our libraries that you want to use. But now, with zeppelin_OS, everyone can build a standard library that can be linked to a project that is using zeppelin_OS and everyone can use the same source code. </p><p>Say goodbye to all those deploy-time issues ;) </p><p>We use many small helper libraries: e.g. to do tricky things like testing low level calls, crafted transactions where you need to specify very small things to do with the data as an array of byte or whatever. Truffle provides no friendly way to do this, so you have to start playing with buffers of bytes and hashes and all sorts of nonsense. </p><p>Ethereumjs-abi, ethereumjs-utils etc. </p><p>Web3 is a great library. Its very simple, though its been a long time that they have been promising a stable 1.0 version. </p><p>MetaMask is also really useful - makes life easier in so many ways. </p><p>We use both geth and parity as we have our own nodes to test things. </p><p>Remix is really cool and it works really well. I encourage people to use it and look forward to new releases from them. </p><p>Sharing sets/suites of contracts easily can be improved.</p>',
'What are your biggest frustrations?': '<p>Speed of testing in Truffle is taking ~15min and it should be 1-2 at most. We need to speed that cycle up badly. </p><p>Ropsten is really slow when we need to test something in a “real” network. We have needed to cancel manually our own transactions and follow many rabbits down many different holes to figure out what happened. We need a better, more realistic testnet, for all our contracts. </p><p>You cant set breakpoints when debugging contracts, or end-to-end transactions on the network and this can cause you to lose the whole day when you miss something as simple as a flag or a param in a contract etc. </p><p>No easy way to log things in Solidity, which makes missing the stuff above much easier than it should be. </p><p>The linter tools also take too long. It should just be possible to install and run these sorts of things without needing to do any config of your own, which is not currently the case. </p><p>Solcoverage has to be set up manually, and the docs kind of suck around this. It took us a long time to figure it all out for ourselves. </p><p>Plain solidity console/interpreter to test your contracts where you can play with the types, variables and scopes without needing to recompile everything. </p><p>Volatility of the markets - really hard to convince people to join and use the currency because of this. </p><p>Legal issues around launching companies and products are a real PITA. We need proper DAOs and soon. </p><p>Came out of web dev industry, and it is really mature. They have a lot of methodologies for running projects and organising teams. Most people in Ethereum are very young and these sort of processes are generally a mess. </p><p>Theres a lot of pressure on the back of the price, and this or that ICO and we need to make sure that the community supports and contributes to better, clearer, slower processes that actually achieve the desired goals rather than cutting corners to ship not-really-decentralized products. </p><p>We need to figure out some new processes too unique to the problems we face in crypto.</p>',
'How do you handle testing?': '<p>We use Travis CI. </p><p>Coverall for coverage tests, also for solidity coverage using solcoverage as a plugin. Super useful to us. </p><p>Write plain mocha tests (integration and unit) and we aim for 100% coverage always. </p><p>When working on DApps we usually have standard paths to test how the UI works. </p><p>This is another developer tool that is missing: a tool to test UIs when signing transactions.</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': '<p>Upgradable smart contracts? </p><p>Weve been exploring many different approaches over the last year, all of them using proxies: i.e a contract using a delegateCall opcode to make things happen. </p><p>Biggest problem: we had to store information about 2 different domains, 1 of them being the proxy information and the other the contract that needs to be upgraded. </p><p>Proxy information: delegates each call to implementation contract. Storage in proxy contract, logic elsewhere, so not something new (Parity also uses this pattern). </p><p>We dont see how upgradability works without some kind of mechanism for governance: the proxy needs to ask someone/something if the contract can/should be upgraded. This information needs to be stored as well: the “owner” and the implementation details. </p><p>The way solidity manages storage, the contract that was going to be upgraded needed to follow the storage slots where the proxy was saving the relevant information because it is important not to overwrite them. </p><p>We found a final approach that manages this very elegantly: using inline assembly to store variable and bypass the way solidity performs its own checks. We are using storage slots that solidity will never be able to access, which is how we can ensure our approaches are really safe and that we can have upgradeable smart contracts that dont overwrite important information. </p><p>Why should we even have upgradeable though, if immutability is such a big thing? </p><p>We really dont think upgradeability works without governance. </p><p>We have storage in one place and logic in another. So the storage actually remains immutable and will never forget what is put into it. We can modify it, but that is part of the history and you can inspect those modifications easily if you like. </p><p>We are not leaving immutability then, just handling it in a smarter way. </p><p>The idea came from exploring the strategy Solidity itself uses for mapping of variables, but with some delta to make sure Solidity wont overwrite things.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>Zeppelin OS!! </p><p>Really excited to see a lot of projects on mainnet. </p><p>Decentraland, Aragon and Status are the most exciting. </p><p>Interested by Cardano: they have a really different way of writing smart contracts on a blockchain and we can learn a lot from them. They also have a really good team, which is always a good lense for me to assess projects through. </p><p>Neo is another interesting project. Havent used it yet, but met them at a conference and they were really focussed and clear about what they are going to be doing over the next little while. </p><p>Cosmos is really interesting! Its really huge, but I am excited to see what happens there. </p><p>Plasma, eWASM, state channels - all these things are going to be exciting to explore more.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Fran Giordano from Zeppelin - knows a lot about the EVM especially. </p><p>Alejo Salles from Zeppelin - worked with quantum physics, neuroscience and AI. Mind-blowing.</p>',
'What are the best educational resources?': '<p>People in zeppelin are the best resources I have! </p><p>One of the things I love most about Ethereum in general is the community, so we try to get to know as many other projects as we can and collaborate with them. This is a great way of finding quick answers to hard questions and getting an overview of the best current tools available. </p><p>Google, ethereum stack exchange too. But the community is the best resource we have.</p>',
'Are there any other questions we should be asking?': '<p>I would love to know how people got involved and how they managed to be where they are right now: i.e. what path did they walk to get to where they are now. </p><p>I would really like to know if we are all doing the same things to get to where we are, or if there are smarter ways to grow quickly without losing culture/vision. Sometimes it feels like were all alone in the jungle, struggling to survive, and it would be awesome if not everyone had to feel this way going forward. </p><p>Would also be helpful to see how other companies are organising themselves on a day-to-day basis and how they collaborate with other teams, with remote workers etc.</p>'
},
'100': {
'Name': 'Manuel Araoz',
'How do you handle smart contract verification and security?': '<p>We design first then develop. </p><p>Sometimes they see other teams mix these two phases. </p><p>This is bad, because you can break your assumptions in nuanced ways..</p>',
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Open Zeppelin: open source smart contract framework </p><p>Currently working on building web app </p><p>On chain libraries with upgradability </p><p>Contract interaction </p><p>Marketplace </p><p>Scheduler for asynchronous execution.</p>',
'What are the tools/libraries/frameworks you use?': '<p>Use the truffle toolkit the entire way. Truffle for testing. </p><p>Publish on npm for users to use open zeppelin. </p><p>One of the first to try ethpm. </p><p>It was super buggy with IPFS errors and it couldnt find the resources and stuff</p>',
'What are your biggest frustrations?': null,
'How do you handle testing?': '<p>Truffle automated testing with javascript unit tests </p><p>Migrated to async/await style of tests </p><p>Mocha, Chai </p><p>Onchain bug bounties for finding implementation bugs.</p>',
'What tools dont exist at the moment?': '<p>Upgradability </p><p>Were going to build an upgradable library, for the most used kinds of contracts. So that you can just use the library and it will be an upgradable form[a]. </p><p>Upgradability requires governance mechanisms though, and these are more difficult to figure out, as it is not just about code. </p><p>We are not working on debugging, but would love to see someone solve it </p><p>We use the truffle debugger but its not covering all their needs </p><p>Remix is good, but we would rather not use the web UI. </p><p>Better tools for deploying and managing contracts on the blockchain </p><p>Were building this (John &amp; Marcus) </p><p>Tools to replay past transactions </p><p>E.g. for historical testing of upgrades.. replaying transactions from previous versions and making sure they dont break. </p><p>Stress-testing cryptoeconomic system: we only really do human analysis now. </p><p>Better tools like simulations of the mechanism design to prevent game theoretic problems would be cool. This can be a bounty[b].</p>',
'Other domain specific questions?': '<p>Interesting: Solidity compiler team runs OpenZeppelin tests when they update &amp; other projects tests to make sure theyre not breaking.</p>',
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': null,
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Jorge from Aragon. </p><p>Kevin Owocki from Gitcoin. </p><p>Other Zeppelin devs: he will make intro. </p><p>Esteban from Decentraland.</p>',
'What are the best educational resources?': null,
'Are there any other questions we should be asking?': null
},
'101': {
'Name': 'Brendan Chou',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>On chain derivatives for erc-20 tokens </p><p>Open sourcing their code in next week or two </p><p>Only smart contracts protocol so far, no UX/Dapps</p>',
'What are the tools/libraries/frameworks you use?': '<p>Remix for smart contracts </p><p>Writing Javascript tests </p><p>Truffle for compiling and test, NPM to manage packages, </p><p>SolCoverage</p>',
'What are your biggest frustrations?': '<p>Running tests in Truffle doesnt show you why/where it reverted </p><p>Must search through binary instead </p><p>TIME uncertainty (for interest rates). Given that time is discrete on chain, its hard to determine the interest rate at a given block, and it gets even harder when you think about how to do that in as decentralised and trustless a way as possible. </p><p>Not being able to run untrusted code. If a borrower goes to repay a lender, it would be nice if that borrower could call a function to notify the lender to run arbitrary code in a safe way - maybe an obscure design pattern though. </p><p>Sending ERC token allowances are annoying. </p><p>Changing token standards is difficult but may be necessary (see ERC 233 and 277) </p><p>Creators and owners currently have control over smart contracts, not truly decentralized </p><p>>0 less efficient than !== 0 due to Solidity handling of ints. These kind of edge cases in general are difficult to learn about and it is only really by writing contract yourself and testing them endlessly that you discover stuff like this. </p><p>Doing floating point arithmetic on chain, using Eulers number, e, and other fun things (30,000 gas, not too expensive which is awesome).</p>',
'How do you handle testing?': '<p>Mocha, js unit tests on Truffle</p>',
'What tools dont exist at the moment?': null,
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>Anything that helps us iterate faster. Tests currently take ~20 min. Currently doesnt run more than one ethereum node per computer. Could be cool to split up tests on different ethereum nodes. </p><p>If you modify contract that inherits from another, you have to tell truffle. End up recompiling often.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Solidity readthedocs, stack overflow, google searches etc.</p>',
'Are there any other questions we should be asking?': null
},
'102': {
'Name': 'Lane Rettig',
'How do you handle smart contract verification and security?': null,
'Other bounties?': null,
'Who are you and what are you working on?': '<p>Core developer for EWASM, but independent and works on a grant. </p><p>Doing a lot of governance-related stuff lately, EIP0, Fellowship of Ethereum Magicians </p><p>Runs a blockchain community and coworking space in NY called Crypto NYC (www.cryptonyc.org) </p><p>New project called Odin Protocol, an open data marketplace</p>',
'What are the tools/libraries/frameworks you use?': '<p>Use vim, tmux and work way down in the protocols - no web3 etc. </p><p>Lots and lots of helpful vim plugins: various language syntax plugins, version control, etc. </p><p>Writing web assembly itself (tests), Javascript and some C++: evm2wasm transpiler that can maintain backwards compatibility.</p>',
'What are your biggest frustrations?': '<p>Testing - “is a nightmare.” The way it is done at the core level is very overcomplicated and confusing. </p><p>3 types of tests and completely separate tooling for each </p><p>State - honestly dont know, even after several months </p><p>VM - lowest level, see what effect a tx has. Not documented well </p><p>Blockchain - wait for blocks to be mined and stuff to happen. </p><p>Historically made sense to do this. Each client has to pass all three types of tests so that we dont end up with consensus bugs. </p><p>Documentation is non-existent and tooling sucks. </p><p>Would be great if there were a single command to run all the tests. </p><p>How do I run a single (VM) test easily? Or even just an arbitrary subset of tests? We use CI tools to run them instead (Travis, but are transitioning to Circle). Its all dockerized, so getting tests to run locally is very difficult. </p><p>There is a tool called testeth, built in cpp-ethereum. </p><p>Test tooling should be in its own repo! Not maintained very well either. </p><p>In order to run testeth, I have to download and compile cpp-ethereum. </p><p>Worth having CI as its own separate point as it is the other biggest headache, along with testing. </p><p>Communication tools in the EWASM team - use gitter currently. No threading, images etc, basic stuff that is missing. </p><p>EF uses Discord internally and there is an #ewasm channel there, but we have team members who are not part of the Ethereum Foundation and are not on Discord so we need another channel. </p><p>Setting up bridges is a possible solution that seems to be working quite well for other teams. </p><p>Testeth is a great place for bounties and should NOT BE A PART of cpp-ethereum </p><p>Getting testnets up and running - there should be a test network in a box that we can just deploy at the press of the button It should not require a devops engineer to handle this kind of stuff. </p><p>There is a half-baked interpreter for WASM in Go and C++, but we need one in python so that we can plug into Trinity (the new Python full node implementation that is being written from scratch and is the vehicle for research including sharding).</p>',
'How do you handle testing?': null,
'What tools dont exist at the moment?': '<p>Working on evm2wasm in JS - we need to be able to run all the tests using the new WASM infrastructure. I want something like a CI on my local machine, make a change, save the file and see whether the tests are passing or failing. Hot reloading for the whole test suite kind of thing. Local test harness that just works.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': null,
'What are you most excited about in the short term?': '<p>WASM allows people to write contracts in non-EVM specific languages: C++, Rust, typescript etc. </p><p>Bring on an order of magnitude increase in the number of devs. </p><p>Working so closely on Aragon because of the work being done by everyone on governance </p><p>FOAM is going to open up the whole world if it works as they say it will. </p><p>Truebit is amazing. </p><p>TCRs</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': null,
'What are the best educational resources?': '<p>Solidity tutorials on ethereum.org was the place I began. Needs to be updated and Hudson is working on that. It should be the definitive source in the sense that its the first place people studying Ethereum often land. </p><p>Has to be about pair programming for me when it comes to core dev. There is no documentation and it lives inside the heads of core developers. There is a repo for WASM stuff, but it is a moving target.</p>',
'Are there any other questions we should be asking?': '<p>Product management mindset is incredibly important. Ethereum full node software is quite clunky and is not user friendly. Would love to see projects further down the stack actually adopt this kind of mindset. </p><p>Do you know who your users are? What sort of feedback loops do you have with them? How do you talk with them? Have you done user needs analysis? </p><p>Communication tools are interesting to dive deeper into - both internal and external. </p><p>Governance and signals is very important to me - how do you get a sense for community consensus? Build things that reflect the collective will of the community, but we dont have access to that. What signals would you like to be able to get from your community and how? </p><p>Concept in medicine called “practicing at the top of your degree” - doctors should not be scheduling or handling payments. Devs shouldnt be worried about devops, finances, scheduling. </p><p>What % of your time today are you spending practicing at the top of your degree/qualification? Talk about processes especially.</p>'
},
'103': {
'Name': 'Kames',
'How do you handle smart contract verification and security?': '<p>The mainnet launch was very minimal. Using segregated accounts in uPort app, use proxy contracts that have been around like a year. These went through formal verification a while ago. We were confident with putting them on mainnet. Switching up in the future how we handle it. </p><p>Had them audited by Consensys internally, possibly by the diligence group. </p><p>Getting away from smart contracts, looking at a different identity protocol layer. If uPort was continuing in smart contracts upgradeability via smart contracts (ZeppelinOS) would be interesting. </p><p>Deprecating our smart contracts, but using ether-did (decentralization identity). Just need a private key and a public key, so dont need a smart contract. Etherdid registry is a smart contract, but smart contracts are not the core protocol any more.</p>',
'Other bounties?': '<p>Education platform that is not focused on a business model. Loom is doing a fantastic job of educating people, but its a business. A great general education source that is not leading to some business. Online university or online education center would be fantastic. </p><p>Better UI/UX, thinking about this next layer. Get product people, designers, etc. involved. A Material design for dApps.</p>',
'Who are you and what are you working on?': '<p>I am working on uPort as a community a manager. The primary role is basically discovering how to empower developers to use uPort. uPort is a decentralized identity system. </p><p> Getting developers to understand how to implement this in the front-end environment, get people that are not used to Ethereum to understand this </p><p>Ask the right questions to get people thinking about this</p>',
'What are the tools/libraries/frameworks you use?': '<p>Eth.js, we use Nick Dodsons stuff. Inject web3js, but use more of the lightweight stuff for internal requirements. We use Truffle for tests. For the Buidlbox project, we use React-Redux. Mobile app is all react-native. Use React/redux everywhere, React sagas. </p><p>Use IPFS, use Infura. New spec puts us on IPFS, before we were just on Ethereum but this cost too much. Introduced IPFS to help with this, but its a bottleneck point.</p>',
'What are your biggest frustrations?': '<p>Personally, I dont have that many frustrations. However, Solidity has a lot of updates every time and has a lot of breaking changes. Its difficult to manage this. EthPM will help this. </p><p>As a team, working distributed on a lot of systems that are new is pretty tough. But have a pretty knowledgeable team. </p><p>Still deal a lot with the JavaScript ecosystem. Heard web3js was garbage, not having promises and heard it wasnt great. Heard Ethers.js was good, supported by Richard Moore of the Ethereum Foundation. Would be great to have education that there are other options out there beyond the most popular projects </p><p>Eth.js from Nick Dodson is super bare bones and super modular, Ethers.js is a bit more built out by Richard Moore. </p><p>I dibble dabble in smart contracts, I do a few demos with things like token staking for events. But I am mainly in the web 2 stuff. Not necessarily building out infrastructure or production ready contracts, more of showing the general web3 flow. </p><p>Would recommend to redo Remix, want to share code from Remix. From Remix, be able to push GitHub. More of a collaborative Remix, better UI.</p>',
'How do you handle testing?': '<p>We run a lot of unit tests on the JavaScript, but dont do enough testing right now. For smart contracts, reach out internally at Consensys. But not baked out process. Could use a better audit process. </p><p>Could use a better audit tool. Can test smart contracts at a code level, formal verification but havent researched this.</p>',
'What tools dont exist at the moment?': '<p>Drag and drop website builder for dApps, Im working on this. Product people are not able to prototype the user experience is very detrimental to the long term growth of the ecosystem </p><p>Need tools that enable quick validation in the real world. Need better prototyping </p><p>Design systems, design patterns, how to handle long transaction times. New thinking in this regard.</p>',
'Other domain specific questions?': null,
'What was the hardest part about learning to develop with Ethereum?': '<p>Wrapping the head around everything in the ecosystem. Because Consensys is such a big force its easy to focus only on Consensys spokes, but there are a lot of other solutions out there. Yesterday someone posted an alternative to Truffle but hadnt seen that before. Having a clear understanding of people in the ecosystem. </p><p>A library of all smart contracts, background of these smart contracts along with user stories. A better understanding of existing tools. Search and get 5 different options for events smart contracts, or a decentralized exchange. See instantly these.</p>',
'What are you most excited about in the short term?': '<p>The overwhelming amount of events. ETHGlobal is doing a great job with hackathons worldwide, short term and long term benefit. More and more outreach and pulling more and more people in.</p>',
'Was anything easier than expected?': null,
'Who are the other people you think we should talk to?': '<p>Linnia, they are doing market dataplaces for your data. Figuring out how they can build this out in Ethereum.</p>',
'What are the best educational resources?': '<p>Looms CryptoZombies and their general onboarding process, this is very approachable with good design and good practices. Theyve taken a big focus on not just focusing on the code but focusing on the experience. Not good to throw encyclopedias at people. Truffle sits in the middle, they have good docs. Ethereum itself is pretty difficult to parse their docs. </p><p>Designing for intermediate JavaScript developers could be very interesting. Catering this education experience better. </p><p>Just looked at smart contracts long enough, wasnt super intimidating as they are designed to be simple. Looking at Zeppelin, looking at best practices, understanding this stuff. But now want to get more into bytecode stuff. </p><p>Lack lower level knowledge of how to super optimize a smart contract. Want more code to look at to get at optimizing bytecode. </p><p>uPort will be focusing on education, more videos to help these intermediate programmers.</p>',
'Are there any other questions we should be asking?': null
}
}
const Questions = [
{ id: 1, text: 'How do you handle smart contract verification and security?' },
{ id: 2, text: 'Other bounties?' },
{ id: 3, text: 'Who are you and what are you working on?' },
{ id: 4, text: 'What are the tools/libraries/frameworks you use?' },
{ id: 5, text: 'What are your biggest frustrations?' },
{ id: 6, text: 'How do you handle testing?' },
{ id: 7, text: 'What tools dont exist at the moment?' },
{ id: 8, text: 'Other domain specific questions?' },
{ id: 9, text: 'What was the hardest part about learning to develop with Ethereum?' },
{ id: 10, text: 'What are you most excited about in the short term?' },
{ id: 11, text: 'Was anything easier than expected?' },
{ id: 12, text: 'Who are the other people you think we should talk to?' },
{ id: 13, text: 'What are the best educational resources?' },
{ id: 14, text: 'Are there any other questions we should be asking?' }
]
module.exports = {
InterviewsData,
Questions
}
Reference in New Issue View Git Blame Copy Permalink