Episode 6 — Scaling Reliability Microservices Web3 / 6.10 — Web3 Basics

Interview Questions: Web3 Basics

Model answers for Web3 concepts, blockchain fundamentals, DApps, smart contracts, and cryptocurrencies.

How to use this material (instructions)

Read lessons in order — README.md, then 6.10.a -> 6.10.e.
Practice out loud — definition -> example -> pitfall.
Pair with exercises — 6.10-Exercise-Questions.md.
Quick review — 6.10-Quick-Revision.md.

Beginner (Q1-Q4)

Q1. What is Web3 and how does it differ from Web2?

Why interviewers ask: Tests foundational understanding — can you explain decentralized technology clearly and identify where it genuinely adds value vs hype?

Model answer:

Web3 is the vision of a decentralized internet built on blockchains, where users can read, write, and own their data and digital assets without relying on centralized platforms. Web2 (the current internet) is dominated by platforms like Google, Facebook, and Amazon that store user data, control access, and monetize user activity. Web3 shifts control to users through three key mechanisms:

Blockchains replace centralized databases — state is stored across thousands of nodes, no single entity controls it.
Smart contracts replace backend servers — logic executes automatically on-chain, visible and verifiable by everyone.
Wallets replace user accounts — authentication is cryptographic (you prove identity with a private key signature), not password-based.

The practical differences: in Web2, if Twitter bans your account, you lose your followers and content. In a Web3 social protocol like Lens, your social graph lives on-chain — no platform can take it away. In Web2, you need Stripe and a bank account to accept payments. In Web3, any wallet can send and receive value natively.

That said, Web3 has real trade-offs: slower performance, higher per-transaction costs, worse UX (seed phrases, gas fees), and regulatory uncertainty. The pragmatic view is that Web3 solves specific problems well (cross-border payments, censorship resistance, programmable money) but is not a replacement for all Web2 infrastructure.

Q2. What is a blockchain and why is it considered secure?

Why interviewers ask: Evaluates whether you understand the core technology beyond buzzwords — can you explain the cryptographic guarantees?

Model answer:

A blockchain is a distributed, append-only database where data is stored in blocks that are cryptographically linked together. Each block contains a batch of transactions, a timestamp, and the hash of the previous block. This hash linkage creates a chain — if you modify any data in a historical block, its hash changes, which breaks the link to the next block, cascading through every subsequent block.

Security comes from three layers:

1. Cryptographic hashing — SHA-256 produces a unique fingerprint for each block. Any tiny change in input produces a completely different hash (avalanche effect). It is computationally infeasible to find an input that produces a desired hash.

2. Consensus mechanisms — Before a new block is added, the network must agree it is valid. In Proof of Work (Bitcoin), miners compete to solve a puzzle requiring trillions of guesses. In Proof of Stake (Ethereum), validators stake their own money as collateral — if they cheat, their stake is destroyed.

3. Decentralization — The blockchain is copied across thousands of nodes worldwide. To tamper with the chain, an attacker would need to simultaneously alter more than 50% of all copies (PoW) or control more than 33% of all staked value (PoS), which is prohibitively expensive. For Bitcoin, this would require billions in hardware; for Ethereum, billions in ETH.

The result: once a transaction is confirmed and finalized on a major blockchain, it is effectively permanent. No company, government, or hacker can reverse it without the consensus of the entire network.

Q3. What is a smart contract?

Why interviewers ask: Core Web3 concept — tests whether you understand how decentralized applications work at the code level.

Model answer:

A smart contract is a program deployed on a blockchain that executes automatically when predetermined conditions are met. It is written in languages like Solidity (for Ethereum/EVM chains), compiled to bytecode, and deployed as a transaction. Once deployed, it lives on-chain at a permanent address and runs exactly as coded — no one can modify it.

Think of it like a vending machine: you insert money (send crypto), select an item (call a function), and the machine automatically dispenses the product (executes the logic). No cashier needed, no trust required.

Key characteristics:

Immutable — once deployed, the code cannot be changed (upgradeable proxy patterns exist but add complexity).
Deterministic — every node running the EVM executes the same code and reaches the same result.
Self-executing — logic runs automatically when triggered by a transaction.
Transparent — anyone can read the code (if verified on Etherscan).

Smart contracts enable ERC-20 tokens (like USDC), ERC-721 NFTs, DeFi protocols (Uniswap, Aave), and DAOs. They are the "backend" of decentralized applications.

The critical difference from traditional backend code: bugs are permanent and can lose real money. The DAO hack in 2016 lost $60 million due to a reentrancy vulnerability. This is why security auditing is essential before deploying contracts that handle value.

Q4. What is the difference between a cryptocurrency coin and a token?

Why interviewers ask: Tests precision of vocabulary — many people confuse these terms, but the distinction matters for technical and regulatory reasons.

Model answer:

A coin is the native asset of its own blockchain. Bitcoin (BTC) is the native coin of the Bitcoin blockchain; Ether (ETH) is the native coin of Ethereum; SOL is native to Solana. Coins are used to pay transaction fees (gas) on their respective networks and are part of the protocol's consensus mechanism (miners/validators earn coins as rewards).

A token is a digital asset created via a smart contract on an existing blockchain. Tokens do not have their own blockchain — they ride on top of one. USDC, UNI, LINK, and SHIB are all tokens that live on Ethereum (following the ERC-20 standard). You still need ETH (the native coin) to pay gas fees when transferring these tokens.

The analogy: a coin is like a country's currency (USD in the United States), while a token is like a gift card or arcade token — it operates within a system built on top of that country's infrastructure.

This distinction has regulatory implications too. The SEC may classify certain tokens as securities (subject to securities law), while coins like Bitcoin are more commonly treated as commodities. From an engineering perspective, creating a token (deploying an ERC-20 contract) takes minutes; creating a new coin requires building an entire blockchain.

Intermediate (Q5-Q8)

Q5. Compare Proof of Work and Proof of Stake. Why did Ethereum switch?

Why interviewers ask: Shows understanding of consensus mechanisms — one of the most debated topics in blockchain architecture.

Model answer:

Proof of Work (PoW) requires miners to expend computational energy solving cryptographic puzzles (finding a nonce that produces a hash with enough leading zeros). The first miner to solve the puzzle wins the right to add the next block and earn the block reward. Security comes from the fact that re-mining blocks would require redoing all that computational work.

Proof of Stake (PoS) replaces computational work with economic stake. Validators lock up cryptocurrency (32 ETH minimum for Ethereum) as collateral. The protocol randomly selects a validator to propose each block (probability weighted by stake). If a validator acts maliciously, their stake is "slashed" (destroyed). Security comes from the economic cost of an attack.

Dimension	PoW	PoS
Energy	Enormous (Bitcoin uses as much as some countries)	~99.95% less energy
Attack cost	Buy >50% of global hash power	Buy >33% of all staked tokens
Hardware	Specialized ASICs (expensive, wasteful)	Standard servers
Finality	Probabilistic (6 blocks ≈ 1 hour)	Economic (2 epochs ≈ 13 min)
Centralization risk	Mining pools (few pools dominate)	Large stakers (whale accumulation)

Why Ethereum switched (September 2022, "The Merge"): primarily environmental sustainability — Ethereum's PoW consumed the electricity of a small country. PoS reduced energy consumption by 99.95% while maintaining security through economic penalties. Additionally, PoS enables future scalability improvements (sharding) that were difficult with PoW.

Q6. Explain the architecture of a DApp and how it differs from a traditional web application.

Why interviewers ask: Tests practical understanding of how Web3 applications are built — critical for any engineer working in the space.

Model answer:

A traditional web application has three layers: frontend (React) -> backend API (Express) -> database (PostgreSQL). The backend handles authentication, business logic, and data persistence. Everything runs on servers controlled by one organization.

A DApp replaces the backend and database with a blockchain and smart contracts:

Frontend — Still React/Next.js, hosted on Vercel or IPFS. Uses ethers.js or Web3.js instead of REST API calls.

Smart contracts — Replace the backend API. Business logic is written in Solidity and deployed to the blockchain. Functions are called via JSON-RPC through an ethers.js Contract instance.

Blockchain — Replaces the database. State is stored in smart contract variables (mappings, arrays). All data is public and immutable.

Wallet (MetaMask) — Replaces authentication. Users sign transactions with their private key instead of logging in with credentials.

IPFS — Replaces file storage (S3). Large files are stored on the decentralized IPFS network; only the content hash is stored on-chain.

Key architectural differences: (1) reads are free but writes cost gas, (2) data is public by default, (3) updates require deploying new contracts (old ones persist), (4) there is no "admin panel" to fix bugs after deployment, (5) off-chain indexing (The Graph, subgraphs) is often needed because blockchain state is not efficiently queryable.

In practice, most DApps are "hybrid" — they still use centralized services for the frontend hosting, notification systems, and off-chain indexing, while keeping the critical financial logic and asset ownership on-chain.

Q7. What are the most critical security considerations for smart contracts?

Why interviewers ask: Smart contract security is life-or-death in Web3 — bugs can (and have) lost hundreds of millions of dollars.

Model answer:

Smart contracts are uniquely dangerous because they are immutable (bugs cannot be patched), public (attackers can read the code), and handle real money (exploits are immediately profitable). The top security concerns:

1. Reentrancy — The most famous vulnerability (The DAO, $60M lost). An attacker's contract calls back into the victim before state updates complete, allowing repeated withdrawals. Prevention: the Checks-Effects-Interactions pattern — update state before making external calls. Use OpenZeppelin's ReentrancyGuard.

2. Access control — Missing onlyOwner or role-based access checks allow unauthorized callers to execute privileged functions. Prevention: use OpenZeppelin's AccessControl or Ownable contracts.

3. Integer overflow/underflow — Pre-Solidity 0.8.0, arithmetic could silently wrap around. Prevention: Solidity 0.8+ has built-in overflow checks. For older contracts, use SafeMath.

4. Front-running — Attackers monitor the mempool, see profitable pending transactions, and submit their own with higher gas to execute first. Prevention: commit-reveal schemes, using private mempools (Flashbots).

5. Oracle manipulation — If a contract depends on external price data, attackers can manipulate the data source. Prevention: use Chainlink oracles, TWAP (time-weighted average prices).

Mitigation strategy: internal review -> automated tools (Slither, Mythril) -> professional audit ($10K-$500K) -> bug bounty program (Immunefi). For contracts handling significant value, formal verification provides mathematical guarantees.

Q8. How do stablecoins work and why are they important for Web3?

Why interviewers ask: Stablecoins are the most widely used crypto asset for real-world transactions — understanding them demonstrates practical Web3 knowledge.

Model answer:

Stablecoins are cryptocurrencies designed to maintain a 1:1 peg with a fiat currency (usually USD). They exist because raw crypto (BTC, ETH) is too volatile for everyday commerce — you cannot price goods in an asset that can swing 10% in a day.

Three mechanisms:

Fiat-backed (USDC, USDT): The issuer holds real dollars in bank accounts as reserves. For every USDC minted, there is $1 in a bank. To redeem: burn the USDC, receive the dollar. Trust assumption: you trust Circle/Tether to actually hold the reserves. Risk: centralized — the issuer can freeze addresses.

Crypto-collateralized (DAI): Users lock crypto (e.g., $150 in ETH) in a smart contract and mint $100 in DAI. Overcollateralized to absorb price drops. If collateral value drops below the threshold, the position is liquidated. Trust assumption: the smart contract code is correct. Risk: capital-inefficient, vulnerable to rapid market crashes.

Algorithmic (historically FRAX, UST): Use algorithms and incentive mechanisms to maintain the peg without full collateral backing. Trust assumption: the mechanism works under all market conditions. Risk: fragile — TerraUSD (UST) collapsed in May 2022, wiping out $60 billion.

Why they matter for Web3: stablecoins are the bridge between crypto and the real economy. They enable DeFi lending denominatd in dollars, cross-border payments that settle in minutes instead of days, and on-chain commerce. USDC and USDT combined process more daily transaction volume than many traditional payment networks. They are arguably the most immediately useful crypto innovation for mainstream adoption.

Advanced (Q9-Q11)

Q9. Design the architecture for a decentralized exchange (DEX).

Why interviewers ask: Tests system design thinking in a Web3 context — requires understanding of smart contracts, liquidity, and the trade-offs of decentralized systems.

Model answer:

A DEX like Uniswap uses an Automated Market Maker (AMM) model instead of a traditional order book.

Core smart contracts:

Factory contract — Creates new trading pair contracts. Anyone can create a pool for any two tokens.
Pool contracts — Each holds reserves of two tokens (e.g., ETH/USDC). Uses the x * y = k constant product formula to determine prices.
Router contract — Frontend-facing interface that handles multi-hop swaps, slippage protection, and deadline checks.

How a swap works:

User wants to swap 1 ETH for USDC:
  1. Pool holds 100 ETH + 300,000 USDC (k = 30,000,000)
  2. User adds 1 ETH (pool now has 101 ETH)
  3. New USDC balance: k / 101 = 297,029.7 USDC
  4. User receives: 300,000 - 297,029.7 = 2,970.3 USDC
  5. Pool takes 0.3% fee (deducted before calculation)

Liquidity provision: Anyone can deposit equal-value amounts of both tokens into a pool and receive LP (Liquidity Provider) tokens as a receipt. They earn a share of the 0.3% trading fees. Risk: impermanent loss — if token prices diverge, LPs can lose value compared to simply holding.

Supporting infrastructure:

Frontend: React app hosted on IPFS or Vercel
Indexing: The Graph subgraph for historical trades, pool data, and analytics
Price oracle: TWAP from the pool itself or Chainlink for more robustness
MEV protection: Flashbots or private transaction pools to prevent front-running

Trade-offs vs centralized exchange: DEXs have no KYC, are permissionless (any token can be listed), and are non-custodial. But they have higher fees (gas + swap fee), slippage on large trades, limited order types (no limit orders in basic AMMs), and worse capital efficiency.

Q10. How would you evaluate whether a particular use case should be built on a blockchain or a traditional database?

Why interviewers ask: The hardest Web3 question — it tests your ability to cut through hype and make pragmatic engineering decisions.

Model answer:

I use a decision framework based on five questions:

1. Do multiple mutually distrusting parties need to share state? If all parties trust a central authority, use a database. Blockchain adds value when no single party should control the shared state. Example: cross-border settlements between banks that don't trust each other.

2. Do you need censorship resistance? If no government or company should be able to block transactions, blockchain is appropriate. Example: donations to politically sensitive organizations. Counter-example: an internal company tool — censorship resistance is irrelevant.

3. Do you need an immutable audit trail? If tamper-proof records matter AND you don't trust a single auditor, blockchain helps. But if you trust one auditor, an append-only database with cryptographic signatures is simpler and cheaper.

4. Do you need programmable money or tokenized assets? If your application involves transferring value, token-based incentives, or programmable financial logic, blockchain enables new capabilities that are difficult with traditional systems.

5. Can you tolerate the trade-offs? Blockchain means: public data (privacy concerns), slower writes (seconds vs milliseconds), higher cost (gas fees), immutable bugs, and worse UX. If any of these are dealbreakers, use a traditional architecture.

Rule of thumb: If your answer to questions 1-4 is "no," use a traditional database. Most applications do not need a blockchain. The applications that do — DeFi, cross-border payments, censorship-resistant publishing, provable digital ownership — benefit enormously from it.

Q11. Explain the full lifecycle of a transaction on Ethereum, from the user clicking "Send" to finality.

Why interviewers ask: Tests deep technical understanding of how the blockchain actually works — not just the abstraction layer.

Model answer:

Step 1: Transaction creation. The user's wallet constructs a transaction object containing: from address, to address, value (ETH amount), data (encoded function call for contract interactions), nonce (sequential counter preventing replay attacks), maxFeePerGas and maxPriorityFeePerGas (gas price settings per EIP-1559), and gasLimit (maximum gas units).

Step 2: Signing. The wallet signs the transaction with the user's private key using ECDSA (Elliptic Curve Digital Signature Algorithm). This produces a signature that proves the sender authorized the transaction without revealing the private key.

Step 3: Broadcasting. The signed transaction is sent to an Ethereum node (via Alchemy, Infura, or a direct connection). The node validates the signature and basic parameters, then gossips it to other nodes. It enters the mempool — a pool of pending transactions.

Step 4: Block inclusion. A validator (selected by the PoS protocol) builds a new block. They select transactions from the mempool, typically prioritizing those with higher priority fees (tips). The validator proposes the block to the network.

Step 5: Execution. Every node executes the transactions in the block through the EVM. For a smart contract call, this means running the bytecode, updating state variables, and emitting events. Gas is consumed for each operation. If execution runs out of gas or encounters a revert, the transaction fails but gas is still consumed.

Step 6: Attestation. Other validators attest (vote) that the block is valid. Once enough attestations are collected, the block is considered part of the canonical chain.

Step 7: Finality. After two epochs (~13 minutes), the block achieves economic finality — reversing it would require destroying at least 1/3 of all staked ETH (billions of dollars). The transaction receipt is available with: status (success/revert), gas used, logs (events emitted), and the block number.

For the developer: after tx.wait() returns in ethers.js, the transaction is included in a block with at least one confirmation. For high-value transactions, wait for more confirmations or finality.

Quick-fire

#	Question	One-line answer
1	Web1 vs Web2 vs Web3 in three words each?	Read / Read-Write / Read-Write-Own
2	What consensus does Ethereum use?	Proof of Stake (since September 2022)
3	What is gas?	Unit of computational effort — you pay gas fees for on-chain writes
4	ERC-20 vs ERC-721?	Fungible tokens (currency) vs non-fungible tokens (unique items)
5	What is a DEX?	Decentralized exchange — trade tokens via smart contracts without intermediaries
6	What is IPFS?	Decentralized file storage — content-addressed, peer-to-peer
7	What is a seed phrase?	12-24 word backup of your wallet's master private key — lose it, lose everything
8	What is TVL?	Total Value Locked — amount of assets deposited in a DeFi protocol
9	What is the Checks-Effects-Interactions pattern?	Update state before external calls to prevent reentrancy attacks
10	Coin vs token?	Coin = own blockchain (BTC, ETH). Token = built on another chain (USDC, UNI)

<- Back to 6.10 — Web3 Basics (README)