Over a million developers have joined DZone.

ICO for Dummies

DZone's Guide to

ICO for Dummies

A quick overview of blockchain and cryptocurrency technologies before diving into the basic terminal commands you need to create your own ICO using the Bitcoin API.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

With the very public drama of involvement in the stock market, fairy tale stories, and some epic crashes, the term “cryptocurrency” has become a household word. Everyone is using, buying, and selling it or talking about those who are — but, as often happens with buzzwords, the knowledge that most actually have is not very deep. Do we really know what it is we are discussing? This article is an introductory insight into the cryptocurrency world for those who are new to it, the kind that would have been useful for myself and my team when we started to develop an ICO for one of our customers.

So what is cryptocurrency? It is a digital currency based on cryptographic methods. Hard currencies are handled by national banks while cryptocurrencies are decentralized networks without any administration center. That is, each is an interdependent network consisting of so-called nodes that exchange information about transactions. One of the key concepts in the cryptocurrency world is the blockchain, i.e. a chain of blocks built as a linked list according to certain rules. The network is actually a replicated and distributed database, so everyone knows who transferred funds to whom and for how much, and the information will be kept safe even if one of the nodes is damaged.

One of the main features of cryptocurrencies is their finality: when a transaction is created, it is considered unsigned. Next, lists of several transactions are built, forming a block. These blocks are generated by miners who earn a profit from them. As soon as a transaction is included in a block, the block is sent over the network and verified by other network users. If the block is considered correct, it is included in a blockchain; this is equivalent to one confirmation of the transaction in the block. As soon as another block is added to the list, the number of transaction confirmations from the previous block is increased by one. A transaction included into a blockchain cannot be canceled since new blocks contain the hash of the previous block. Given this, modifying or canceling a transaction would lead to recalculating all the following blocks which can become both expensive and impractical.

Now that we know how a cryptocurrency network is built, we need to find out how the rate is calculated. For hard currencies, it is quite obvious: the rates are based on many factors, such as emission, exchange rates, etc. A cryptocurrency also has factors affecting its rate. The most important is the supply and demand ratio, and others, such as energy cost, mining complexity level, etc.

The most interesting aspect of cryptocurrency for our team was the generation of supply and demand. What causes the demand for a new currency that no one knows about? The process is very straightforward: an ICO (initial coin offering) is intended exactly for this purpose, much like an IPO (initial public offering) in the stock market. ICOs are an intelligent way to attract investments into a new currency and to increase its marketability. One of the advantages of the ICO is its simplicity: to buy currency tokens, you merely need the desire and the funds, while buying shares on the stock market may be more difficult and time-consuming.

When creating an ICO, the developers can choose between two scenarios:

  1. The funds are collected first, then tokens are issued and distributed among investors. For this purpose, a website with an investor area needs to be developed.
  2. Tokens are issued and then traded on the stock market. Therefore, currency development and pre-mining are required.

In development, our team dealt with the first option as chosen by our client. We assembled to develop an ICO from scratch. The customer had only given us a general idea of how to attract investments (starting an affiliate program and making a profit from it), and the project had to be developed within a tight deadline.

The most interesting stage in this journey was integrating with the cryptocurrency API. By way of illustration, let us take Bitcoin. At first, like any other task in a new field, the integration seemed inaccessible. The following resources were a great help to us:

  1. https://en.bitcoin.it/wiki/Original_Bitcoin_client/API_calls_list – commands and their descriptions, theory.
  2. https://bitcoin.org/en/developer-reference – a detailed description of commands and their parameters. It turned out to be very simple. We worked with the Bitcoin API via curl.
  3. http://chainquery.com/bitcoin-api – a resource to search for commands with descriptions and sample curl queries.

Now let us explore how a network is organized. As already mentioned, the Bitcoin blockchain network is decentralized. We worked with two nodes, the public and the private. The private node, deployed on a separate server and not connected to the public network, contains secret information, i.e. users’ private keys. The public node is connected to the public network and is used to exchange information with other nodes.

The first and simplest operation is getnewaddress – creating a so-called address for the user. Sample curl query:

curl –user <username>:<password> –data-binary ‘{“jsonrpc”: “1.0”, “id”:”<id>”, “method”: “getnewaddress”, “params”: [] }’ -H ‘content-type: application/json;’ http://<ip>:<port>/

That is all, nothing difficult or frightening. A private key is generated on the node, and the public key is returned to the user. The private key is to confirm a transaction, while the public key is to determine where to transfer the currency. If compared to a debit card, the private key is the CVV2 code, and the public key or address is its account number used to transfer funds to the owner.

Here it becomes yet more intriguing. Now that the address is created, we need to learn to make transactions. At this stage for our team, another feature of Bitcoin became important. As I mentioned earlier, it turned out that all transactions are final. The user’s address is not only a record of how much money the user has, but it also represents the number of unspent transactions. You cannot simply spend a portion of the money from a transaction; the commands are a bit more complex. A transaction, as a whole, may be spent only once. In the cryptocurrency world, a transaction has an input and output, so transactions make a chain.

Let us imagine that a transfer from Alice’s address to Bob’s address is made (Transaction A), and Bob receives 1 BTC. Since Bob has not made any action yet, the transaction status is Unspent. If, for instance, Bob transfers 0.7 BTC to Tom, the input transaction for this new transfer is Transaction A, and as an output, we will get two transactions: Transaction B (transferring 0.7 BTC to Tom’s address) and Transaction C (getting the change of 0.3 BTC at Bob’s address). After that, the status of Transaction A will be changed to Spent. If the user wants to transfer more BTC than he has in one transaction, there will be several input transactions whose total equals or exceeds the amount required by the user.

The selection of Unspent transactions from the list of all Unspent transactions depends on the logic, and a simple command, listunspent, is used for this purpose. The query is sent to the public node.

curl –user <username>:<password> –data-binary ‘{“jsonrpc”: “1.0”, “id”:”<id>”, “method”: “listunspent”, “params”: [6, 9999999 “[\”<address>\”]”] }’ -H ‘content-type: application/json;’ http://<ip>:<port>/

The listunspent method parameters [6, 9999999 “[\”<address>\”]”] are of interest here:

  • The first parameter is the minimum number of confirmations – 6.
  • The second (maximum 9999999) is the maximum available value.
  • The third is the list of transaction user addresses that we would like to get.

The method returns the array of transactions with Unspent status related to the specified addresses.

To create the transaction itself, browse the resulting list of Unspent transactions and generate the data array to pass to createrawtransaction.

curl — user <username>:<password> –data-binary ‘{“jsonrpc”: “1.0”, “id”:”<id>”, “method”: “createrawtransaction”, “params”: [“[{\”txid\”:\”myid\”,\”vout\”:0}]”, “{\”address\”:0.01}”] }’ -H ‘content-type: application/json;’ http://<ip>:<port>/

For details on the createrawtransaction function parameters, click here. The createrawtransaction function is executed in the private node since the transaction must be signed with the key of the user who created it.

Next, after creating the transaction comes retrieving the user key from the private node using dumpprivkey by passing the public key to it, and signing the transaction with this key using the signrawtransaction method that accepts the new transaction hex code, the data on input transactions, and the private keys to sign the transaction.

A signed transaction should be sent to the public node to notify all users. To do this, the sendrawtransaction method is used. It contains one mandatory input parameter, the signed transaction hex code. Another important aspect of transactions is the fee calculation for miners, but a thorough description is better left for a separate article. It certainly was not easy for us to understand how this part of the ICO logic operates. Most of us in the group were new to cryptocurrency and had to gather this knowledge bit by bit from our own research.

Given how much our team needed to learn when we took our client’s cryptocurrency project, I gladly pass my knowledge on, and I hope it will be useful to you. Most of all, I trust you will be emboldened to work with cryptocurrency!

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

ico ,security ,cryptocurrency ,bitcoin api ,blockchain

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}