On-Chain Logic

On-chain logic must produce the exact same result when run by any node on the network. This is enforced through consensus mechanisms like Proof-of-Work or Proof-of-Stake. Key aspects include:

• No Randomness: Outcomes cannot depend on local system time or unverified external data.
• State Transition: Logic defines a pure function that transitions the global blockchain state from one block to the next.
• Verifiability: Any participant can independently execute the logic to verify the correctness of the chain's history.

All logic is stored as publicly accessible bytecode (e.g., Ethereum smart contract code) on the blockchain. This enables:

• Full Audit Trail: Every function call, state change, and transaction is permanently recorded and visible.
• Code is Law: The exact rules governing an application are transparent and cannot be secretly altered.
• Security Analysis: Researchers and users can inspect the code for vulnerabilities or intended behavior before interacting.

Logic is not run by a single server but is replicated and validated by a distributed network of nodes. This ensures:

• Censorship Resistance: No single entity can prevent the execution of valid logic.
• Uptime Guarantees: The network persists as long as a sufficient number of honest nodes are online.
• Consensus-Gated State Changes: A state update (e.g., transferring tokens) only occurs if the logic's execution is confirmed by network consensus.

Once deployed and confirmed, on-chain logic is extremely difficult to modify or reverse. This is a core security property.

• Upgrade Paths: Changes typically require explicit, auditable mechanisms like proxy patterns or DAO governance votes.
• Transaction Finality: After a sufficient number of block confirmations, the results of executed logic are considered permanent.
• Historical Integrity: The logic and its past executions form an immutable record, crucial for applications like decentralized finance (DeFi) and provenance tracking.

Execution of on-chain logic consumes network resources, paid for with gas fees. This creates economic constraints:

• Computation Cost: Complex loops or operations increase gas costs, encouraging efficient code.
• Block Space Limit: Each block has a maximum gas limit, creating a market for transaction inclusion.
• Prevents Abuse: The cost mechanism protects the network from spam and infinite-loop denial-of-service attacks.

On-chain programs (smart contracts) can call and interact with each other permissionlessly. This is a foundational principle for decentralized applications (dApps).

• Money Legos: DeFi protocols are built by composing lending, trading, and asset contracts.
• Interoperability: Standards like ERC-20 for tokens create a shared language for contracts.
• Automated Workflows: Complex, multi-step transactions can be executed in a single atomic operation, reducing counterparty risk.

Flaws in on-chain logic can lead to catastrophic losses. Common vulnerabilities include:

• Reentrancy: A function making an external call before updating its state, allowing recursive attacks.
• Integer Over/Underflows: Arithmetic errors that can create or destroy tokens.
• Access Control: Missing permission checks allowing unauthorized users to execute privileged functions.
• Logic Errors: Flawed business logic, like incorrect price oracles or reward calculations.

Once deployed, on-chain logic is typically immutable. This demands rigorous auditing but creates a dilemma for fixing bugs or improvements. Common upgrade patterns include:

• Proxy Patterns: Using a proxy contract that delegates logic to a separate, upgradeable implementation contract.
• Multisig Governance: Requiring a vote from a decentralized autonomous organization (DAO) to authorize upgrades.
• Timelocks: Enforcing a mandatory delay between a governance vote and execution to allow users to exit.

Execution cost (gas) is a core constraint. Inefficient logic can make functions prohibitively expensive or cause transactions to fail by exceeding block gas limits. Key considerations:

• Loop Optimization: Minimizing storage operations within loops.
• Fixed vs. Dynamic Arrays: Using fixed-size data structures where possible.
• External Calls: Batching calls to reduce overhead.
• Block Gas Limit: Complex logic must fit within the per-block computational budget of the network.

Many protocols rely on oracles to fetch external data (e.g., asset prices). This introduces a critical trust assumption and attack vector:

• Oracle Manipulation: An attacker could manipulate the price feed on a smaller exchange to drain funds from a lending protocol.
• Centralization Risk: A single oracle point of failure.
• Mitigations: Using decentralized oracle networks (e.g., Chainlink), time-weighted average prices (TWAPs), and circuit breakers.

The public mempool allows miners/validators and searchers to observe and exploit pending transactions for profit, known as Maximal Extractable Value (MEV). This affects on-chain logic design:

• Sandwich Attacks: Placing orders before and after a victim's large trade to profit from price impact.
• Transaction Ordering Dependence: Outcomes that change based on transaction sequence.
• Countermeasures: Using commit-reveal schemes, private transaction pools (e.g., Flashbots), or incorporating MEV directly into protocol design.

Given the high stakes, rigorous analysis is essential before deployment.

• Formal Verification: Mathematically proving that a smart contract's code satisfies a formal specification of its intended behavior.
• Security Audits: Manual and automated code reviews by specialized firms to identify vulnerabilities. Audits are a standard but not foolproof practice.
• Bug Bounties: Public programs that incentivize white-hat hackers to find and report vulnerabilities.

A smart contract is a self-executing program stored on a blockchain that encodes the business logic for an application. It defines the rules and automatically enforces agreements when predetermined conditions are met. Key characteristics include:

• Immutability: Code cannot be altered after deployment.
• Deterministic: Execution yields the same result on every node.
• Autonomous: Runs without intermediaries. Examples include DeFi lending protocols, NFT minting contracts, and decentralized exchanges.

A blockchain is fundamentally a replicated state machine. On-chain logic defines the rules for transitioning the global state (account balances, contract storage) from one block to the next. Every transaction is an input that triggers a state transition function, which all network nodes compute independently to reach consensus on the new, valid state. This model ensures consistency and security across the decentralized network.

Gas is the unit that measures the computational work required to execute on-chain logic. Every operation (storage, computation) has a gas cost. Users pay transaction fees (gas price * gas used) to compensate validators for resource consumption. This mechanism:

• Prevents network spam and infinite loops.
• Aligns economic costs with computational demand.
• Varies by blockchain (e.g., Ethereum gas, Solana compute units).

A dApp is an application whose backend logic runs primarily via smart contracts on a blockchain. The frontend can be a traditional web interface, but all core transactions and state changes are governed by on-chain logic. This architecture provides censorship resistance, verifiability, and eliminates single points of failure. Major categories include DeFi (Uniswap), gaming (Axie Infinity), and social networks.

An oracle is a service that provides external, off-chain data (e.g., price feeds, weather data) to on-chain smart contracts. Since blockchains are deterministic and isolated, oracles are essential for executing logic that depends on real-world information. They act as a trusted bridge, with designs ranging from centralized data providers to decentralized networks like Chainlink to ensure data integrity and reliability.

The Ethereum Virtual Machine (EVM) is the canonical runtime environment that executes on-chain logic for Ethereum and compatible chains. It is a stack-based, sandboxed virtual machine that processes smart contract bytecode. Other blockchains have their own runtimes (e.g., Solana's Sealevel, Cosmos CosmWasm). The runtime defines the instruction set, security boundaries, and gas metering for all contract execution on that network.