
Cloudflare's Ethereum Gateway - jgrahamc
https://blog.cloudflare.com/cloudflare-ethereum-gateway/
======
achingtooth
"But Jonathan," I hear you say, "by providing a gateway aren't you just making
Cloudflare a centralizing institution?"

The problem is the market share of these institutions. Google could argue that
they aren't the sole gatekeeper to search since services like DuckDuckGo
exist. This isn't really valid when you control a huge amount of the market
share. I'm worried about how the internet is becoming super homogeneous, it
really hurts startups. I'm not saying what Cloudflare is doing is bad, but the
amount of control Cloudflare has is increasingly worrying based of all the
services they are launching. Look at what it did to The Daily Stormer (I think
they are disgusting and have zero support for them), it's clear that they
aren't unbiased. If Cloudflare blocks your service on their VPN, DNS, DDoS
protection, IPFS site, Ethereum, etc you are majorly screwed. Most people
aren't willing to change their setup just to visit your one service. I still
think what Cloudflare does is awesome, not trying to be too negative, just a
little worried.

~~~
swiley
I think with tools like ipfs the situation is similar to git and GitHub. Yes
github could screw you over but it takes very little work to get off their
platform. With ipfs you just change your DNS (which is something you do every
time you update the content anyway.)

~~~
achingtooth
Yeah you're right, I might just be a little alarmist. Having these services is
better than not.

------
easymodex
From what i know about cryptocurrencies, Ethereum has so many more use cases
and functionalities built in than Bitcoin. It seems like this is what
blockchain tech is all about, not just transacting money. Is there some real
reason why Ethereum coin market cap is so much lower? Is it just the hype and
Bitcoin being first?

~~~
RIMR
Ethereum has been around for nearly 4 years now, and despite some wacky smart-
contract experiments, the most compelling use of it as a platform has been
CryptoKitties.

Other than that, it is mostly just a cryptocurrency.

Ethereum is novel, but it doesn't solve the right problems.

~~~
SirensOfTitan
Prediction markets are interesting but I don't think they've taken off at all.

One of the larger issues with Ethereum is that Solidity, and the EVM as an
extension, make it really, really difficult to write correct, cheap contracts.

Off the top of my head, choices like:

* uint256 as a standard word size

* the possibility of reentrancy attacks

* overflowing integers wrap around

* contract upgrades are non-trivial (particularly upgrading solidity versions using an upgradable contract paradigm).

* Operator semantics are confusing

* State mutability is not as explicit as it ought to be

I know bad language features like hoisting were fixed a while back (and maybe
some of the stuff I listed as well), but many of us are stuck on pinned older
versions of solidity because upgrades.

Questions like: "what transactions are present for a particular address" have
non-trivial answers. Key management is difficult even for experienced users,
as are addresses and identity management.

There is some momentum toward using WASM instead of EVM in future Ethereum
versions, but I honestly think the proper move is to develop and use a
standard language for the purposes of building secure financial contracts.

Running a full-node and keeping it healthy (let's say with state pruning, i.e.
not a full archive node) is actually pretty difficult. Most people probably
use infura because of this. I still don't have a great answer on how to
properly determine that a node (geth, unsure about parity) is effectively 1.
up to date and 2. healthy (i.e. can be load balanced), making it difficult to
automate stuff like load balancer promotion / demotion.

Last week the gas price on the network went up like 20-40x for 4-5 days
because of an individual contract spamming transactions with a high gas price.
It seems like few people noticed and few people cared.

~~~
langitbiru
What do you think of Vyper?

------
machbio
If I am understanding - Cloudflare is suggesting that we use IPFS hashes (
[https://developers.cloudflare.com/distributed-web/ipfs-
gatew...](https://developers.cloudflare.com/distributed-web/ipfs-
gateway/automated-deployment/) ) - hence the need to update DNS records
everytime you deploy... So disregard of IPNS

~~~
mattober
IPNS is currently pretty slow when it comes to retrieving content. Updating
DNS records ensures a faster user experience for those retrieving the content
from gateways. That being said, Protocol labs is currently working on speeding
up IPNS so hopefully IPNS can be relied on more in the future.

------
saurik
So as someone who is working in this space (on distributed applications using
Ethereum), I want to call everyone's attention to a very important API that
Cloudflare thankfully did implement: eth_getProof. As far as I am concerned,
this is the most important API offered (and if anything, it is mostly sad no
one has built out a few more APIs designed to make getting to the point where
this is useful).

For those who don't know much about the inner workings of Ethereum, every
account has state associated with it: not just its balance, but in the case of
a contract its memory and its code; the memory of a contract is pretty much a
sparse 256-bit addressable hash table, with everything from a single contract
hashed into the same address space. This makes directly working with the
memory of a contract really trivial; and, if/once you know of a specific
storage slot you want, you can get it using eth_getStorageAt.

Now, what most people know is that each block contains a hash of the previous
block, and "the contents of the block"; but, the setup is actually way more
useful than that: each block "contains" (by hash reference) the entire current
state. So, given a block header you trust, you can work off of a merkle tree
of the entire Ethereum state that is rooted at that block and obtain a proof
that some specific account state value is valid.

This means that light clients can opt to sync only block headers and then
request proofs of the specific tiny bits of information they need from other
nodes. Instead of using eth_getStorageAt to pull a storage slot from the
memory of a contract, or eth_getBalance to find out how much money the account
is storing, you can use eth_getProof to get a merkle path demonstration that
"given the block headers you trust, you can now trust this random value you
wanted to pull".

A really light client might alternatively sync some subset of block headers to
some total amount of difficulty into the past (similar to people who wait for
"confirmations" on Bitcoin blocks), to say "someone who is trying to fool me
about this event having happened would have had to spend a million dollars of
electricity to target me with fake information here, which wouldn't be worth
it given the relatively small amount of my transaction I am verifying".

Another way of doing this is to correlate the current block hash from multiple
providers to make sure that it is the same, and then use that opaque agreement
as the root of trust for calls to eth_getProof. (An important detail: doing it
like this, as opposed to correlating the thing you wanted to check, happens
before any of the providers know what you are looking for, so if they are
colluding they wouldn't be able to target you and the information you want to
read with corrupt data.)

Essentially, since Cloudflare has implemented this specific key API (which is
notable as it is a newer one that has greater resource usage on their end than
other APIs, and so I have seen providers decide not to bother as they just
don't get it), you don't actually have to trust them all that much when you
are using this API: it feels more like working with IPFS, where "well, I asked
for the file with this hash and they gave me a file that in fact does have
this hash... I guess I would be shocked if it weren't the right file".

------
megadeth
Using Cloudflares centralized node defeats the purpose of a blockchain. Cool
feature though that adds to the Ethereum network.

~~~
huehehue
FTA: "But Jonathan," I hear you say, "by providing a gateway aren't you just
making Cloudflare a centralizing institution?"

That’s a fair question. Thankfully, Cloudflare won’t be alone in offering
these gateways. We’re joining alongside organizations, such as Infura, to
expand the constellation of gateways that already exist. We hope that, by
providing a fast, reliable service, we can enable people who never previously
used smart-contracts to do so, and in so doing bring the benefits they offer
to billions of regular Internet users.

\-----

I wouldn't say it defeats the purpose. Unless you expect every user to run
their own node you really have no choice but to provide one for them or rely
on a trusted service like Infura. It also makes nontrivial transaction/history
lookups possible by providing a more performant search layer, the results from
which you can cross reference against the actual on-chain data.

Further, client-side libraries like Ethers.js use a quorum w/ multiple
centralized services to help guard against censorship/errors/etc. at that
level. It's an okay middle ground.

------
yashh
Any idea if cloudflare supports test networks like rinkeby to start
developing?

~~~
saurik
FWIW, the API they provide here is a subset of the API provided by a local
Ethereum node, and also the same general API surface (with the exact same
protocol) as the APIs provided by Infura, AlchemyAPI, and myEtherWallet. While
I also went looking for a testnet endpoint from Cloudflare (and didn't find
one), it is arguably superfluous as it is drop-in compatible for things that
do have testnet endpoints.

------
envolt
Can it be used as a full-fledged Infura replacement?

~~~
pat2man
Yes

