-
Notifications
You must be signed in to change notification settings - Fork 29
/
07-externally-owned-accounts.html
218 lines (173 loc) · 6.8 KB
/
07-externally-owned-accounts.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
<!DOCTYPE html>
<link rel="stylesheet" href="boilerplate/style.css" />
<script type="module" src="boilerplate/editor.js"></script>
<title>Web3 From Zero - Lesson 7</title>
<h1>7. Externally Owned Accounts</h1>
<p>
In the last lesson we talked about keys, what they are, how they are used, and how they relate to
each other.
</p>
<p>
In this lesson, you will learn how keys are related to addresses and how they together form the
basis for externally owned accounts (EOAs).
</p>
<h3>Address Recap</h3>
<p>
In Part I, you learned that addresses are to a blockchain are like IPs are to the internet, but
how are addresses related to keys?
</p>
<p>
An address is a 20 byte (160 bit) long integer that gets calculated from the public key and it can
look like this:<br>
<code>0xdd00Cc906B93419814443Bb913949d503B3DF3c4</code>
</p>
<figure>
<img src="images/ecc-keys.png">
<figcaption>
Figure 1: ECC Keys
</figcaption>
</figure>
<p>
The 0x usually indicates a hex number, and the length was chosen to allow for enough addresses in
the future while still being short enough for everyday usage.
</p>
<p>
The public key gets hashed with
<a href="https://cryptobook.nakov.com/cryptographic-hash-functions/secure-hash-algorithms#sha-3-sha3-256-sha3-512-keccak-256">
Keccak-256
</a>, and the first 20 bytes of this hash become the address for an EOA controlled by the related
key pair.
</p>
<h2>Exercise: Create an Address from a Public Key With Ethers</h2>
<p>
Ethers comes with a few utility functions that allow you to create an address from a public key
step by step.
</p>
<p>
The example comes with a random pair of keys, and you have to create the address yourself. Keep in
mind that the public key comes with a <code>0x04</code> prefix that indicates its in the
uncompressed version and is not part of the key.
</p>
<p>
The functions you need are:
</p>
<ul>
<li><code>ethers.utils.hexDataSlice()</code> to cut parts of the key and hash.</li>
<li><code>ethers.utils.keccak256()</code> to create the hash that includes the address.</li>
</ul>
<p>
You can look at <code>wallet.address</code> to check if the key is correct.
</p>
<code-editor>
const { hexDataSlice, keccak256 } = ethers.utils
const { address, privateKey, publicKey } = ethers.Wallet.createRandom()
// Write your code here!
<p>
const keyWithoutPrefix = hexDataSlice(publicKey, 1) // remove 0x04
const hashedKey = keccak256(keyWithoutPrefix)
const myAddress = hexDataSlice(hashedKey, 12)
print(address)
print(myAddress)
</p>
</code-editor>
<p>
Ethereum uses letter casing in the address as a checksum. While the addresses work independently
of casing, it is sometimes used to check the integrity of an address.
</p>
<h2>How do Addresses Relate to Externally Owned Accounts?</h2>
<p>
As the name implies, an EOA is an account that is controlled from outside the blockchain network.
The private key that was used to create the address isn't on chain and the person owning it is
also external to the blockchain network.
</p>
<p>
The arrows in figure 2 show who controls which address and where, in relation to the blockchain
network, each controller is located.
</p>
<figure>
<img src="images/externally-owned-account.png">
<figcaption>
Figure 2: Externally Owned Account
</figcaption>
</figure>
<p>
The address controlled by an external private key is an EOA, the other addresses are controlled by
smart contracts, and thus, not EOA.
</p>
<h2>Spending Tokens</h2>
<p>
Now, that we know how keys relate to addresses and what EOAs are, let's look at an example. Say
you want to send tokens from one address to another.
</p>
<p>
You have to send your address, the target address, and the amount of tokens you want to spend, to
the Ethereum network. You have to send your public key too, so the nodes on the network can verify
that it's a legit transaction.
</p>
<p>
The transaction is checked for two facts.
</p>
<ol>
<li>Does the transaction include the correct public key?</li>
<li>Do you own the private key related to this public key?</li>
</ol>
<p>
Since your address is generated from your public key, the Ethereum nodes know if you send a key
that doesn't belong to your address. They can run the hash algorithm on the public key, look at
the first 20 bytes, and compare them to your address.
</p>
<p>
The next step is to verify that you also have the correct private key. Only private key owners can
spend money of an address.
</p>
<p>
To check this, the nodes will send you a random message and you will sign it with the private key
you used to generate the public key. Since they already have your public key, they can use it to
check if your signature is correct. If you used the wrong private key to sign, this check will
fail and your trasaction will be rejected.
</p>
<p>
There is still risk here. The Ethereum network will take any vaild address as a target for your
transaction. If you make a typo, your funds may end up at an address that no one has a private key
for and they are lost.
</p>
<h2>Receiving Tokens</h2>
<p>
Receiving tokens is more easy, but doesn't come without risk either.
</p>
<p>
Anyone can send funds to any valid address. So, if someone knows your address, they can send you
tokens, wether you like it or not.
</p>
<p>
The usual case is that you sold a good or service, and someone will pay you by sending tokens to
your address. You have to make sure your address doesn't have any typos, but that's it.
</p>
<p>
Special cases are airdrops. When a project or person does an airdrop, it means they send tokens to
addresses that have specific criteria. Like, used a service, or held a special NFT before some
date.
</p>
<p>
Usually an airdrop is a good thing, because you get free tokens. But scammers use airdrops to
phish you. They randomly send you some token which might lead you to investigate. You can end up
on a suspicious site that asks you for your private key or to sign a scam transaction.
</p>
<h2>Summary</h2>
<p>
EOAs are addresses controlled by an external private key instead of a on-chain smart contract.
</p>
<p>
The relation between private key, public key, and address allows the blockchain network to verify
all transactions can only come from controllers of the correct private keys.
</p>
<p>
Sending tokens around still bears the risk of typos. Also, when you lose your private key or it
gets stolen, all tokens on that address are lost. This is especially crucial for developers! Make
sure you always use private keys dedicated to development only, so if you accidentally upload them
to a public code repository, nothing of value is stolen.
</p>
<p>
In <a href="08-crypto-wallet-setup.html">the next lesson</a>, you will learn about wallets and
how to set up your own via Ethers.js.
</p>