Advanced Python and Vyper Smart Contract Development - Verifying Calldata In Metamask

## NFTs: Verifying Metamask Transactions We're going to learn how to verify transactions in Metamask and this is so powerful so that you don't accidentally sign transactions that you don't want to sign. So you don't accidentally sign transactions that are malicious. This is how you can make sure that the call data that you get in your Metamask is actually what you expect. This is going to be a little excerpt from the Foundry/Solidity of Sifon Updraft. So there might be references to Foundry or Solidity but it's all basically the same. So let's go ahead, let's follow along here and learn how to verify transactions in Metamask. We can finally go back to what we were talking about with Metamask and that decoding the transaction data and all this weird stuff. If we come to a contract address, and this is WETH. This is a contract that wraps native ETH and turns it into an ERC20 token. But, if we come to a contract, right, we hit "write contract", let's connect to web3. Sure. You don't have to actually do this, just feel free to follow along with me. We're going to open up our Metamask. Let's go to Sepolia here. We're going to connect here. Okay, cool. And, we wanted to call "transferFrom", right? And let's just add some stuff here. Let's do source address and you know, this. This is probably won't go through, cuz I don't have any WETH right now. But let's just hit, right, "Write". This transactions Metamask is probably going to be like, "Hey, this is going to fail." Whatever. Yeah, sure, whatever. But, when we get a Metamask transaction that pops up, if we scroll over to the hex, we scroll down. We can now actually start to understand what is going on here. And, this is what we always want to make sure is actually correct when we're working with our Metamask and when we're dealing with all of this. So, what we can do is we can actually copy this whole thing and pull up our terminal here. I'm just going to make this nice and big here. What we can do is we can do "cast --help". We hit "cast --help" and we scroll all the way up. There's a command in here called "calldata-to-code". To code ABI encoded input data. So, if we do ```bash cast --calldata-decode ``` we can see we need to pass in a sig and the call data. So, luckily, for this transaction, our Metamask was smart enough to know that we're calling the "transferFrom" function. But sometimes, it's actually not going to be smart enough to figure this out. So, that's where we are going to need to match what we expect this to be calling. To what it's actually calling, right? So first off, we are expecting this to be calling the "transferFrom" function. So, I can grab this function selector, which we just learned. Come back here. I can do ```bash cast sig ``` I'll pass pass in here "transferFrom" the whole function signature, which what? It takes an address, address, and a uint256. So we'll do address, address, uint256. And, we'll see that this is what the function selector should be. So, I can say, "Okay, great. The two of these match". This indeed is calling the function selector that I wanted to call. Okay, awesome. If it doesn't match, what can happen sometimes, again we can go to something like the Sam CZ Sun signature database or openchain.xyz/signatures. Paste this in, hit search. And we can see that there's actually two different functions that have the same signature. One is "transferFrom" and one is "gasprice_bit_ether" with an int 128. So, what's interesting here is you can't have a function with the same function selector. So, if I actually went into Remix/solidity.org, let's actually create a new contract called conflicting.sol. Right. And we'll do a little a little zoom in here. ```solidity SPDX-License-Identifier: MIT contract Conflicting { function transferFrom(address, uint256, address) public { // hello, uint256 sup } function gasprice_bit_ether(int128) public { // sup } } ``` And I try to compile this. Guess what's going to happen? Compile. No, let's pragma solidity 0.8.18. This should be an address too. And now I try to compile. We scroll down, it'll say function signature hash collision for "gasprice_bit_ether" (int128). You can't have a contract in Solidity where two functions have the same function selector. So, in any case, we could be calling one of these two functions on our. This is where it's important to actually go through the contract code and say, "Hmm, there could be a couple different function selectors here. Let's make sure it's the one that we expect", right? So, in any case, so this is calling this "transferFrom" function. If this contract has a gas bit "gasprice_bit_ether", it might be calling that. But, in any case, we know, so we could go through the code, right? We go through "transferFrom". Okay, great. There's a "transferFrom" function. That is indeed what we want to call. The function selector is working. Perfect. Okay. So, now that we've verified the function selector, we should also verify the rest of this stuff. So, now that we know what the function selector is and we know what the function signature is, we can take this whole hex here and go back into our terminal and use that "calldata-to-code". So we can say ```bash cast --calldata-decode ``` and we can see what it what we need. We need the sig and the call data. So, I'll hit up, the sig is going to be "transferFrom" and it takes an address, an address, and a uint256, right? We can just double check that. Address, address, uint256. Sure does. And, we can paste in that call data and hit enter. And we can see what this call data stuff is using for input parameters to that function. So, it's our address, our address, and then 1,000. And then if that's what we expected, we'll maybe reject this for now. Go back to, right. And, that and if that's what we wanted to call on this function, we would go ahead and put this through. This is especially important when we're using front ends, like, for example, if I wanted to use Uniswap, right? Let's go ahead and connect here, to Metamask. Yep, connect. Looks good. Go away. Go to, let's say if I was on ETH mainnet and I wanted to swap ETH for, so so I'm going to test this here, so obviously nothing's showing up, but when I hit swap, if I was on a real network with real money, what I want to do then is do that same process of going through and checking to make sure that the transaction that it's sending is actually the one that I wanted to be sending, right? So, if we want to be absolutely sure of what our transactions are doing, we can first check the address. We can take these exact steps to say I know exactly what transaction, I know exactly what function my transaction is calling. So, we check the address to make sure that the contract is what we expected to be. And then, we can read the function of that contract that we want. We check the function selector that we're using, so that it, it, so that we know that it is indeed the function that we're calling. And, then we decode the call data to check the parameters that we're sending. So, this is how we can actually make sure our wallets are doing what we expect them to do.

Verifying Calldata In Metamask

A comprehensive guide to verifying Metamask transactions - This lesson covers how to verify the call data within a transaction by using Metamask, Foundry, Etherscan, and openchain's signature database to ensure your wallet is performing the actions you intend.

Course Overview

About the course

What you'll learn

How to build a DeFi stablecoin and customized NFT

How to deploy your smart contract on ZKsync with Moccasin

Advanced testing techniques like stateful and stateless Python fuzzing

How to write algorithmic trading scripts in Python

Hashing signatures, proxies, delegate calls, upgradable contracts, random numbers, and more!

Course Description

Who is this course for?

Software engineers
Web3 developers
Finance developers
AI developers
Anyone interested in learning Python and smart contracts

Potential Careers

Smart Contract Auditor

$100,000 - $200,000 (avg. salary)

On-chain Data Analyst

$59,000 - $139,000 (avg. salary)

DeFi Developer

$75,000 - $200,000 (avg. salary)

Smart Contract Engineer

$100,000 - $150,000 (avg. salary)

Web3 developer

$60,000 - $150,000 (avg. salary)

Web3 Developer Relations

$85,000 - $125,000 (avg. salary)

Meet your instructors

Patrick Collins

Patrick Collins

Founder at Cyfrin

Web3 engineer, educator, and Cyfrin co-founder. Patrick's smart contract development and security courses have helped hundreds of thousands of engineers kickstarting their careers into web3.

Last updated on February 4, 2025

Thanks for checking us out

Sign up for free to continue your blockchain learning!

Start learning for free

Start for free

Vyper

Advanced Python and Vyper Smart Contract Development

Section 1: Moccasin Nft

Duration: 2h 21min

An advanced guide to working with Mocassin NFTs - Learn how to build your own NFT contracts using Python, Vyper, and the powerful tools of Mocassin. This lesson covers building basic and advanced NFTs, working with low-level encoding, and deploying to a testnet. Duration: 5min

A comprehensive guide to setting up a new project with Mox - a Python framework for interacting with blockchain. The lesson walks through creating a project directory, initializing it with Mox, and configuring it for use with Visual Studio Code. Duration: 1min

3. What Is An Nft

A beginner's introduction to NFTs, explaining their purpose and functionality. The lesson covers how NFTs are unique, how they differ from fungible tokens, and how they can be used for various purposes beyond just digital art. Duration: 7min

4. Building An Erc721 Contract

A comprehensive guide to building a basic ERC721 smart contract using Viper and Snekmate. The lesson covers setting up the project, importing libraries, and initializing essential state variables such as 'name', 'symbol', and 'baseURI'. Duration: 8min

A basic guide to setting up a token URI with a base URI for your NFT smart contract. The lesson covers how to use IPFS to store images, create a mint function, and define the base URI in your smart contract. Duration: 8min

A practical guide to deploying a Solidity smart contract using a Python script. The lesson covers setting up the environment, importing the contract, minting a token with a custom URI, and printing the token URI for verification. Duration: 3min

7. What Is Ipfs

A comprehensive guide to understanding IPFS and how it's used for decentralized storage of NFT data. The lesson explains how IPFS hashes data to generate unique identifiers, allowing for secure and resilient storage and retrieval. It also introduces the concept of pinning and the importance of utilizing services like Pinata for data persistence. Duration: 8min

8. Viewing An Nft In Metamask

A practical guide to viewing your NFT in Metamask - This lesson explains how to deploy your NFT to your own blockchain and view it in your Metamask. You'll also learn how to use a centralized gateway to access IPFS data within Metamask. Duration: 6min

9. Deploying To Zksync

A comprehensive guide to deploying an NFT smart contract to the ZkSync Era Test Node. The lesson covers setting up the necessary configuration in the "mocassin.toml" file and deploying the NFT contract through the terminal, demonstrating how to connect and interact with the Era Test Node. Duration: 3min

10. Note What Happens When We Stop Anvil

A practical guide to troubleshooting errors in your MetaMask wallet after stopping your Anvil and Era test nodes - This lesson explores how to resolve common MetaMask errors that occur when your test nodes are shut down, including clearing activity tab data and refreshing your MetaMask list. Duration: 1min

A comprehensive guide to creating and deploying your own NFT with the help of IPFS. This lesson dives into the process of uploading and minting an NFT, utilizing both local and centralized IPFS gateways, and then viewing the results in Metamask. Duration: 3min

12. What Is An Svg

A technical introduction to using SVGs in NFTs. The lesson explains the benefits of using SVGs for NFT images, demonstrates how to create simple SVGs in VS Code, and covers how to encode an SVG into a URI to be used on-chain. Duration: 9min

A comprehensive guide to creating a dynamic NFT with a mood that can be changed. The lesson covers creating a smart contract, initializing state variables, incorporating ERC721, and storing image data on-chain. Duration: 3min

14. Base 64 Encoding Images

A practical guide to base64 encoding images for on-chain use. The lesson covers using Python to base64 encode SVG images and save the output as a string variable for use in a Solidity smart contract. Duration: 6min

15. Base 64 Encoding Json

A comprehensive guide to Base64 encoding JSON on-chain. This lesson explores how to convert a JSON string into a Base64 encoded token URI, a key step for storing and retrieving metadata for your NFTs. Duration: 11min

16. Abi Encoding

A comprehensive guide to ABI encoding and decoding in Viper. This lesson explores the concept of encoding data in hex form and decoding it back to its original type. Duration: 12min

17. Function Selectors And Signatures

A powerful introduction to function selectors and signatures in Vyper, showcasing how they unlock contract interaction without requiring ABI encoding. The lesson covers using the "cast sig" command, the "method_id" function, and exploring function signature composition. Duration: 12min

18. Calling Functions Raw

A comprehensive guide to calling Solidity smart contracts using raw hex data in Viper. This lesson shows how to generate raw hex data to call a transfer function, and then how to use that data to directly interact with a smart contract. Duration: 7min

19. Manually Crafting Calldata

A practical guide to manually creating calldata - Learn how to use the 'cast calldata' tool in the terminal to create hexadecimal data for sending to a smart contract. This lesson uses Remix IDE to demonstrate sending calldata to an external function and analyzing the results. Duration: 2min

20. Mid Section Recap

A technical deep dive into raw calls in Viper and Solidity. The lesson explores the concept of function selectors, method IDs, and how to directly interact with smart contracts without relying on the ABI or interfaces. Duration: 3min

21. Verifying Calldata In Metamask

A comprehensive guide to verifying Metamask transactions - This lesson covers how to verify the call data within a transaction by using Metamask, Foundry, Etherscan, and openchain's signature database to ensure your wallet is performing the actions you intend. Duration: 8min

22. Finishing The Mood Nft

A comprehensive guide to finishing the Mood NFT project using Viper. The lesson covers creating a new flag, deploying the contract, and updating the token URI to reflect the mood of the owner. Duration: 7min

A fun workshop to deploying a mood NFT - This lesson will show you how to deploy your own mood NFT to a locally running chain, flip its mood, and view it in Metamask. You'll also learn how to write tests to get 80% test coverage. Duration: 2min

A comprehensive recap of the concepts learned in the Moccasin NFTs workshop - This lesson is a refresher of the key topics covered in the workshop, including NFTs, ERC721, ABI encoding and decoding, and raw data call functions. You'll see how to build a custom token URI and use it to control the mood of an NFT. Duration: 6min

Section 2: Moccasin Portfolio Rebalance

Duration: 1h 58min

Section 3: Moccasin Stablecoin

Duration: 2h 55min

Section 4: Moccasin Signatures

Duration: 1h 55min

Section 5: Moccasin Upgrades

Duration: 46min

Course Overview

About the course

What you'll learn

How to build a DeFi stablecoin and customized NFT

How to deploy your smart contract on ZKsync with Moccasin

Advanced testing techniques like stateful and stateless Python fuzzing

How to write algorithmic trading scripts in Python

Hashing signatures, proxies, delegate calls, upgradable contracts, random numbers, and more!

Course Description

Who is this course for?

Software engineers
Web3 developers
Finance developers
AI developers
Anyone interested in learning Python and smart contracts

Potential Careers

Smart Contract Auditor

$100,000 - $200,000 (avg. salary)

On-chain Data Analyst

$59,000 - $139,000 (avg. salary)

DeFi Developer

$75,000 - $200,000 (avg. salary)

Smart Contract Engineer

$100,000 - $150,000 (avg. salary)

Web3 developer

$60,000 - $150,000 (avg. salary)

Web3 Developer Relations

$85,000 - $125,000 (avg. salary)

Meet your instructors

Patrick Collins

Patrick Collins

Founder at Cyfrin

Web3 engineer, educator, and Cyfrin co-founder. Patrick's smart contract development and security courses have helped hundreds of thousands of engineers kickstarting their careers into web3.

Last updated on February 4, 2025