 Here's I feel it really bounty of bull but absolutely if somebody makes a speech request for a thing that I Don't want to deal with or is outside my wheelhouse. I would absolutely yeah fountains So it's 12.09 give or take some seconds. So should I start now or? So hello, I'm Richard Moore. I'm the author of ethers.js. It's an ethereum library It's goals are being complete simple and tiny I also tend to over speak my slides. So I might say things before the slide comes. We'll see So there's a few things I want to talk about. I'll take a whole bunch of random stuff. So the things that are like kind of bolder I'll be going into more detail So I'll just go quickly over kind of So for example, so it's complete you can create wallets you can create utilities frameworks and dApps if you used Line either line. It's built on top of either. So there's a lot of other things I try to expose all the internals that I use because those are often useful for tools We're trying to kind of do like lower level things. It's ready. So it's available for no JS typescript e5 has yes, six modules available and Even before is fully ready for the browser Tested, there's only over 20,000 test cases But for me testing is like a big thing. I Don't I use ethers for my own stuff. I don't want a mistake. I made to destroy my own either So it was or critical kiddies or anything is important. So Also, it's tiny It's creeping up slowly over time last year. It's 78 kilobytes. There's been a lot more stuff added So now over the wire is about 98 kilobytes once it hits a hundred I'll probably start panicking and maybe start rolling back and pulling us on the features But part of the move for me five is really for modular system using sort of learner It's usually a lot of parts of learner and then it has a bunch of stuff that helps manage learn on top of it But that way if you just need a bi coding one little library in and not worry about having an entire library Lots of documentation again This is something that could use more work talking about bounties anyone who wants to There's lots of little things in the universe that people That aren't obvious feel about ethereum like there needs to be some concepts included in the documentation Also as mentioned earlier the important thing is MIT licensing Everything including all the currencies like hundred percent are MIT license This means that if you are some private corporation you can take this code and not worry about Something propping up in the future and you having to open source some fundamental part of your business By the way So a big distinction between ethers and most other libraries as they are today And there's a few people working with as well trying to help promote this idea that signers and providers should be fundamentally different creatures Your signer has a private key in it. It actually signs messages for you. It does things Providers are so they provide a countless information. They ask they let you ask for things like what is the current block number? What does block 75 look like? The gas price they let you send a raw transaction, but a raw transaction of it in of itself is kind of a countless You needed something else with the account to do that So there's a big distinction between providers and signers So if you're coming from about three worlds, this will be one of the big pain points Feel free to vote me afterwards or on the line or anywhere to learn more about this and my life is strived to make everyone separate these things So basic providers you're probably listening to Jason RPC IPC provider, which is Actually, it's Jason RPC over IPC The web 3 web 3 providers purpose is that you can if you currently have a web 3 application You can take your web 3 provider and jam it into that provider and it builds a ethers provider out of it So it becomes ethers for battle There's also one I'm going to explain the fall back provider in second the third party providers So there's like currently the ether scan if you're an ultimate alchemy cloud flare There's two others that have approached me since that that wants to be added So I'm going to go to like the default provider So the default provider is a system that I consider also makes a lot of my life talking too fast I get carried away So yes, the default provider basically this is the type of providers like to see more promoted as well the way that We'll see maybe so basically the idea of default provider is so it's a Instance of a fall back provider So if you for example create the default provider for homestead It'll be backed by ether scan if you're a cloud smith or clouds layer. No smith alchemy And it will actually keep a connection to all five of these connection And when you make a request for say the current walk number it will query two of them at random And when it gets the response it will decide are these that if they both say walk one million You're good to go returns one million to you the user and you're done if there's a discrepancy between them It'll query the third and then a fourth until there's a consensus across the back ends. So this means that The classic example I worry about in terms of the The classic example I worry about in terms of an attack factor So people who are familiar to us you can ask, you know, what address should I send this ether to for Rick mood on If I was an attacker I would just hijack and fear it make it always return The attacker's address every time you send ether to anyone it goes to that person so this means you have to compromise two of these random sources to kind of Compromise the system as a whole if that makes sense Long story short what I say is basically I think it's a lot safer to have providers in this way to basically back it by Multiple sources if you run your own infrastructure, you would also probably want to do this you can have your own note your own Ethereum notes be a higher priority So you can give like this a wing of three now that means that yours is far more likely to matter when it comes to deciding Given this call against the blockchain. Here's the response. It's going to query multiple sources. It's going to give more clout to your And for your first If there's a discrepancy which might happen in your own infrastructure You might have been hacked or anyone who here who's used to running their own nodes will know that sometimes they get out of sync And when they do that, it's nice that at least in fear will pick up the slack for you or from fears out of sync Your node might work together with ether scan to provide a more reliable answer So long story short, it's very easy to connect you basically to say cons provider equals either stock about default provider You're not connected to homestead and you're good for whatever you need to do It obviously supports all the major networks right be Robston or Lee Okay So signers Not really a lot to say. So this is the other Dual to the provider. This action is a private unit. It's it's very isolated theory Unfortunately, a lot of people today use things like geth which conflate your signer provider But in the future, I'd like to see more people move towards the signer This could be a ledger nano signer, which is in no way whatsoever connected to your provider Providers because they're very conflated for it as well. So maybe we need to find a better word for providers But basically we support all the common languages Forget 39 Wait, you know what on that all the encodings are custom encodings This is going to sound weird and not make a lot of sense. But for people who care, maybe they care Basically, they're all ASCII 7 so there's no transmission errors for these libraries If you transmit normal things over you transfer UTF-8 code over a non-UTF-8 channel You will crop the data and so there's a lot of work One other keynote I want to point out this is like a PSA that I want more people to do a lot of people in their Wallets they kind of skip security So memory-based cryptography in order to encrypt something important to be safe It has to take a while Making it faster makes it less secure. So if you want 10 seconds of work People usually forego that and just put no encryption on it because it's No one everyone hates it when they log into their their wallet and the UI freezes for 10 seconds While it's like unlocking your wallet. So PSA or suggestion I guess better than PSA Put a progress bar like people see a progress bar It makes them feel better, but it says the word decrypting underneath it or securing your funds underneath it People are far more willing to wait those 10 seconds And so you just need to trick the user into accepting the fact that you're trying to make it more secure So yes Exactly Right Okay, so let's so E&S is a first-class citizen E&S I always explain I think E&S is like the most important thing in the entire blockchain space not just Ethereum like There's so many problems in how the internet works today. You have to trust every CA. Otherwise, you're compromised So E&S solves all these problems. So E&S is a first-class citizen in ethers It always has been since like version 2 and it was really dialed up version 3 and since then it's carried on So for example, you can use tapioca E which is one of our contracts as the address for the contract when you instantiate this It'll work it up. The cool thing is when we upgrade our contract We just upgrade E&S and all of our software could be used to work. We don't have to change anything There's no redeploying stuff other than the contract Obviously anywhere it long story short anywhere in ethers you can use an address you can use a E&S Deploy a contract I didn't really plan what it's gonna say about this but basically you've created a contract factory which allows you to create a contract the important thing in ethers is how a So a signers send transaction does not return to you a transaction hash It returns to you the full transaction which means that once you've done this step So keep in mind that at this point the contract is not in mind But you have available to you a full contract object with the contract address. So if you had some sort of Database you wanted to track this in maybe The gas price is going to like search you want to keep track of what transactions you've sent to the network Whether transaction ideas were maybe you need to like bump up the gas price later in the event that it's not actually So you have access to all information before The contract is even on the network and then you can do this last step actually wait for it to be there Obviously if you send a message to your contract before it's deployed Other things are gonna work. You won't be happy hacker. So you still have to wait for it to be Also, but it doesn't mean you can do stuff in the meantime So this is more like low-level things watch you can do for contracts So normally you can do contract dot transfer whatever your function name is you just call it Sometimes you want deferred signing you may want to for example one of the signers that provide is an offline signer What this does is when you sign a transaction. It just shows up on the screen as a QR code So this is what I run on my out of my little like cheap, you know hundred dollar laptop. It's I've had the Network card and Bluetooth is all been very progressively removed there's no intent is left in the machine so I can now sign all my transactions on the machine and pops up QR code my scan Takes me on my phone takes me to a website, which is the transaction to the network and so I have a nice air-gap solution Static calls Again, most these things are quite familiar to people who use them if you're not familiar with them You probably don't care too much about them, but this allows you to sleep over the dock call on a transaction in web 3d it lets you use an eth underscore call instead of a sent transaction Just to simulate what might happen It's important to realize there's a lot of consistency things in blockchain general You can't rely on this as to being what's going to actually happen But it can help give you clues if maybe something through you can kind of get maybe air messages or that sort of thing Estimate is usually the gas price. That's expected by the network for so many costs Okay Okay, so ABI is so one of the things I just here's go with the human readable ABI It probably looks familiar. It looks like a slidity signature because it is Literally all is the important thing to realize is that solidity happens to be machine readable But it's also fairly human readable. And so we might as well adjust use the slidgy signature instead of this craziness I've also omitted a lot of things so to fit in the slide so Basically, I'm trying to push this type of format It also means you can look at your source code and kind of tell us going on because you see your ABI You know that it has a transfer function and a balance of function of this sort of thing This is very hard and this is usually stored in a separate JSON file. You can't get lost So the important thing is all these tools for conversion between human readable JSON and sick hash This is how you compute topics and the first four bytes When you're computing the signature function call So you can convert in between all these formats by using the fragment you pull in JSON and you have a spit out of you know the full or whatever These are useful tools if you just need to kind of transform or even parse the slidgy signatures And I think we're getting close ABI v2 Seven minutes left So ABI v2 for people who aren't familiar my interest is this two year introduced this two years ago in ethers. Yes basically The by default this literally does not enable you to have a raise of dynamic objects It does not allow you to expose structs Outside of a contract there. I'll actually support it. You see the special flag to Tell us leak while they're not through warnings They're very easily complex objects to pass in and out functions basically Maybe self-explanatory Again, maybe bug me afterwards to get more questions. This is going to be changing soon as well So right now you obviously you'll always be able to specify a tuple string name The ABI assuming Extended to support struct so you actually specify struct definitions in your ABI and then you'll be able to spring that Let's just say add user takes in a user and it would do all the rest Utilities so this is just a quick slide to show some of the other utilities are available in ethers So obviously the ABI coder late So these things are all exposed because a lot of tools that aren't necessarily even aetherium or art aren't dapps Uses to build their own tools There's a language I'm working on and it uses a lot of these just kind of be more solidity friendly Which is pretty much unrelated to anything that exists today, so There's lots of cool things to do with it RLP binary. This is again everything's yes one click. I will mention strings If you're dealing with strings at all in aetherium, I recommend you use the UTF-8 library in JavaScript If you have an in-battle string, it'll just fix it for you It'll either replace bytes that don't make sense with a placeholder byte or just strip them entirely When you're dealing with hash of the things, this is not ideal because the hash of these two things is not equal anymore So this strings library is designed to just throw an exception in the event there's invalid stuff It's usually indication somebody's trying to break the system or I mean we're in Japan People like might still be running a shift to GIS as their default encoding It's nice when things fail before you submit a shift to GIS for kind of a big five encoded or whatever set of bytes into DNS, which you've now registered a name that you can use I think that's Mostly what I want to say about that. I might be done. Oh, no, I'm done. Okay, four minutes, command line interface. Yes So there's also command line interface It's a very simple library. It makes it very easy to write your own utilities as command line So for example, if you're doing your own ERC-20 token, you might have a function that allows you to withdraw your funds That you've collected from users. This allows you to easily make a tool which lets you collect those funds By default it includes sending either side messages wrapping either unwrapping if your sweeping is very useful I'm sure once in a while you Accidentally publish a public and private key or information that you used to derive a public private key or something to get hub This gives you a the 10-second like quick steal my funds back as we move your funds back into a wallet control Before anything takes off with it It can also run like about so this allows you to do like batch scripting to do So you can for example resolve E&S names in your batch I think I've almost done that at all. Same sort of thing as this for E&S. There's a massive E&S CLI that lets you register names manage your name separate solvers Everything you can do in E&S you can do through the command line Especially useful if you're like me keep most of your E&S names on a separate computer That's air gapped going back to the previous offline signing thing. It's a little more work But it means that my E&S names are less in the wind And I'm done and this is some sort of I don't this QR codes for I guess some sort of contest or something So make sure you scan it because I think you need to do something with it, but That's my spiel I think I have two minutes for questions No because web workers are only for the browser I mean There's not really a lot of value to it because the encryption is not the slow or you mean like like a script Yeah, a script is written entirely custom. So it actually used overteens So it doesn't be one of the workers to be asynchronous Because it's not it's not a portable way to be easier as well. We should actually talk Do you have any plans about how to deal with like network changes with a like what free provider? Right because metamask no longer refresh. Absolutely. So The way I handle that is I have my own custom function which refreshes if that sub changes. But yes in the meantime Basically the idea is we're gonna move one step up. There'll be a provider manager Which will give you the notifications that a new provider is now being used Because providers have to remain immutable otherwise weird things happen And it'll become more important if you point out once you start having multiple availability chains You will actually have to talk to multiple chain ideas at the same time. So it'll become more Common to see both riders Why would I use web 3.js instead of ethers, I mean Politically charged I Mean I like you there's I built it because I needed it I use it Don't want to badmouth Yeah, you mentioned our full-back providers with when you have when you try to read but what about when you try to rock We send a transaction also writing broadcasts across all of them simultaneously Writing costs ether. So that's not really a real attack record if someone's paying. Oh Is that times up? Yeah, so basically it's totally safe to broadcast across all of them in that case Now keep in mind that if you broadcast to five back ends the same transaction two of them will probably say okay got it But the other three that took a little bit longer gonna say transaction already seen on network But that's in this case a fine error and so it returns to you the fact that you know, it was I So earlier you mentioned JavaScript build toolchain. Yes expertise. Are there any other like pressing matters that you can use up with I mean, I think the biggest things right now are documentation and building But I would like to talk to somebody people don't realize how Involved a web software provider is to do in a reliable and scale away So it's something that I would like to talk to people and get more feedback on and Would mine help with Yes Feel free to plug me afterwards as well to talk to Absolutely and so it's important realize that your attack vector is is based If it takes 10 seconds to decrypt your password today The reason why this is valuable is because that means if an attacker is trying to guess your password They take 10 seconds of their computer working a hundred percent per guess. Yeah, they want to guess a million things They have to but absolutely next year when computers are twice as fast That five seconds is now five second at some point the attack vector will become affordable And so it's also important to realize you should be building new accounts regularly and every so often moving If you're using memory card up if you're not if you're using a demonic. It doesn't matter It's already as insecure as it would be But if you are using every hard Things like this for this purpose. You should absolutely be greatly moving your funds just to Kind of stay up to date The other thing I recommend is putting these new contract quality really care about Yes Also, I think I'm also But if there is one more question Okay, go for Martin No, it does not it will soon Definitely on the road map chain ID was the one thing that I need to bug you Yeah, how is your work funded? So it's right now. I'm actually officially part of the EF now So the EF is like helping keep this thing going up until then the EF provided a few grants I've received grants from a on There's an a on port of this as well, which I wrote so that helped find a lot of this Especially the me five stuff and get going get going is phenomenal if you're not unfamiliar with it become familiar with it It's freaking awesome Also, I'm sure everyone here is familiar with it. So that's a Cool. Thank you