Web3 & Blockchain Interview

Questions
1. Distributed Ledger Technology (DLT)
· What is a distributed ledger and how does it differ from a
traditional database?
· A distributed ledger is a database that is replicated and synchronized across
multiple nodes in a network. Unlike traditional centralized databases, no single
authority controls it, and every node holds a copy, ensuring transparency and
resilience.
· Explain the concept of consensus in DLT.
· Consensus is the mechanism by which all nodes in the network agree on the
state of the ledger. It ensures validity, prevents double-spending, and maintains
trust without a central authority. Common methods: PoW, PoS, BFT, etc.
· Compare Byzantine Fault Tolerance (BFT) and Proof of Work
(PoW).
· BFT: Achieves agreement even if some nodes act maliciously, suited for
permissioned blockchains, efficient but less scalable.
· PoW: Requires solving computational puzzles, ensures security in
permissionless systems like Bitcoin, but is energy-intensive.
· How does immutability work in blockchain?
· Immutability is achieved through cryptographic hashing and block linking. Each
block contains a hash of the previous block, creating a chain. If any data in a
block is altered, its hash changes, breaking the chain. Since the blockchain is
replicated across many nodes, tampering with one copy is ineffective unless the
majority are altered, which is computationally infeasible in secure blockchains.
· What are some real-world non-financial applications of DLT?
· Examples include supply chain tracking, secure voting systems, healthcare
record management, intellectual property rights protection, land registry systems,
and decentralized identity verification.

2. Blockchain Fundamentals
· What is a block in blockchain, and what data does it store?
· A block is a container of data that stores transaction records, a timestamp, a
nonce, and the cryptographic hash of the previous block. This linkage ensures
chain integrity.
 · Walk me through how a transaction flows from initiation to
confirmation.
· A transaction is created and signed with a private key → broadcast to the
network → validated by nodes (consensus rules applied) → included in a block
by a miner/validator → block added to the chain → transaction confirmed once
multiple blocks are built on top.
· Compare public, private, and consortium blockchains with
examples.
· Public: Open to anyone (e.g., Bitcoin, Ethereum). Secure but slower.
· Private: Restricted access controlled by one organization (e.g., Hyperledger
Fabric). Faster, more controlled.
· Consortium: Governed by a group of organizations (e.g., R3 Corda). Balances
decentralization with efficiency.
· Explain the UTXO model vs the account-based model.
· UTXO (Unspent Transaction Output, Bitcoin): Transactions consume outputs and
generate new ones. Stateless, transparent, but complex for smart contracts.
· Account-based (Ethereum): Each account has a balance that updates directly.
Easier for smart contracts but requires global state tracking.
· What problem does decentralization solve in blockchain?
· It removes single points of failure, prevents censorship, reduces reliance on
intermediaries, and builds trust in a trustless environment.

3. Wallets, Keys, and Addresses

· How is a blockchain address generated from a public/private
key pair?
· A private key generates a public key using elliptic curve cryptography. The public
key is hashed (SHA-256, RIPEMD-160 for Bitcoin; Keccak-256 for Ethereum) to
generate the wallet address.
· What is the difference between hot wallets and cold wallets?
· Hot wallets: Connected to the internet, convenient for transactions but vulnerable
to hacks.
· Cold wallets: Offline storage (hardware, paper wallets), highly secure but less
convenient.
· Explain hierarchical deterministic (HD) wallets.
· HD wallets use a seed phrase (BIP-39/44) to generate a tree of addresses. This
allows easy backup and management of multiple addresses from one root key.
· How does MetaMask interact with dApps?
· MetaMask injects a Web3 provider (e.g., [Link], [Link]) into the browser,
enabling users to connect, sign transactions, and interact with smart contracts
directly from their wallet.
 · What happens if someone loses their private key?
· Access to funds is permanently lost since ownership is cryptographically tied to
the private key. Recovery is only possible via a backup seed phrase.

4. Smart Contracts
· What is a smart contract, and how does it differ from a
regular backend program?
· A smart contract is self-executing code deployed on a blockchain. Unlike regular
backend programs, it runs in a decentralized environment, is immutable,
transparent, and executes automatically when conditions are met.
· Write or explain a simple Solidity contract (e.g., a token
or counter).

·
· What are gas fees, and why is gas optimization important?
· Gas fees are costs paid to execute transactions and smart contracts. They
incentivize validators/miners and cover computational work. Optimization reduces
fees and prevents excessive costs.
· Explain the difference between Solidity and Vyper.
· Solidity: Feature-rich, widely used, C-like syntax.
· Vyper: Python-like, simpler, emphasizes security with fewer features (e.g., no
inheritance or modifiers).
 · How do events work in smart contracts?
· Events are logs emitted during contract execution. They are stored on the
blockchain and can be indexed, allowing off-chain applications to track and react
to contract activity.

5. Ethereum & EVM Architecture

· What is the Ethereum Virtual Machine (EVM)?
· The EVM is a decentralized runtime environment that executes smart contracts.
It ensures all Ethereum nodes execute the same code deterministically,
maintaining consensus across the network.
· Walk me through how the EVM executes a smart contract.
· Smart contracts are compiled into EVM bytecode. When executed, the EVM runs
the bytecode in a sandboxed environment using gas to limit computation. Each
instruction consumes gas, and execution halts when gas runs out or the function
completes.
· Explain gas and gas limits in Ethereum.
· Gas measures the computational work of transactions. The gas limit sets the
maximum allowed gas a transaction can consume. Users pay gas used × gas
price. If the gas runs out, execution reverts but gas spent is lost.
· What are testnets, and why are they important?
· Testnets are Ethereum-like networks with no real economic value, used for
testing. Examples: Goerli, Sepolia. They allow developers to deploy/test
contracts without risking real ETH.
· Compare Ethereum mainnet with Polygon (L2 scaling).
· Ethereum mainnet: Highly secure, but slow and expensive due to congestion.
· Polygon (L2): Uses sidechains and rollups to scale Ethereum, offering faster and
cheaper transactions while benefiting from Ethereum’s base security.

6. Cryptography in Blockchain
· How does SHA-256 differ from Keccak-256?
· SHA-256 (Bitcoin) is part of the SHA-2 family, while Keccak-256 (Ethereum) is
from the SHA-3 family. Both are cryptographic hash functions, but Ethereum
chose Keccak before NIST finalized SHA-3.
· Explain how public/private key cryptography enables digital
signatures.
· A private key signs data, and the corresponding public key verifies it. This
ensures authenticity (sender is valid) and integrity (data not altered).
 · What role do Merkle Trees play in blockchain?
· Merkle Trees enable efficient and secure verification of large datasets.
Transactions are hashed into pairs recursively until a single Merkle Root is
obtained. This allows verification of a transaction’s existence without needing the
full dataset.
· How are nonces used in Proof-of-Work?
· A nonce is a random value miners vary to find a block hash below the target
difficulty. Once found, the block is valid and added to the chain.
· Why are hash collisions dangerous for blockchains?
· A hash collision occurs if two different inputs produce the same hash. If possible,
it would allow forging transactions or blocks, breaking blockchain integrity. Strong
cryptographic hashes (SHA-256, Keccak) make this practically impossible.

7. Tokens & NFTs

· What is the ERC-20 standard, and why is it important?
· ERC-20 defines a standard interface for fungible tokens on Ethereum, ensuring
compatibility across wallets, exchanges, and dApps. It enables tokenization of
assets, stablecoins, and governance tokens.
· Explain ERC-721 vs ERC-1155.
· ERC-721: Standard for NFTs (non-fungible, unique assets like art or collectibles).
· ERC-1155: Multi-token standard, supporting both fungible and non-fungible
tokens in one contract, useful for gaming assets.
· How does minting an NFT work?
· Minting creates a new NFT on the blockchain by assigning a unique token ID and
metadata to an owner’s address.
· What role does metadata play in NFTs?
· Metadata defines an NFT’s attributes (e.g., name, image, traits). Usually stored
off-chain (IPFS/Arweave) with a link stored on-chain.
· How do token approvals work in DeFi protocols?
· Users approve smart contracts to spend tokens on their behalf. Approvals set
allowances in ERC-20 contracts, enabling DeFi protocols (like Uniswap) to
execute trades.

8. RPC Providers & Web3 Development

· What is an RPC provider, and why do we need one?
· RPC providers (e.g., Infura, Alchemy) connect dApps to blockchain nodes via
Remote Procedure Calls. They allow reading blockchain state and broadcasting
transactions.
 · Compare Infura, Alchemy, and QuickNode.
· Infura: Widely used, backed by ConsenSys.
· Alchemy: Developer-focused with enhanced APIs and analytics.
· QuickNode: High-performance RPC with multi-chain support.
· How does [Link]/[Link] interact with smart contracts?
· They provide JavaScript libraries for dApps to connect wallets, call smart contract
methods, listen to events, and send transactions.
· What is the role of WalletConnect?
· WalletConnect is an open protocol for connecting dApps with mobile wallets via
QR codes or deep links, enabling secure transactions.
· How would you troubleshoot a failed transaction via an RPC?
· Check transaction status on block explorers (Etherscan), inspect gas usage,
confirm nonce correctness, validate contract code, and check RPC response for
error logs.

9. Security in Blockchain
· Explain the reentrancy vulnerability with an example.
· A contract calls an external contract before updating its state, allowing attackers
to repeatedly call back and drain funds. Example: The DAO hack.
Mitigation: Update state before external calls, use ReentrancyGuard.
· How can integer overflow be prevented in Solidity?
· Use Solidity ≥0.8.0 (auto-checks overflows) or SafeMath libraries in earlier
versions.
· What is front-running, and how do you mitigate it?
· Front-running happens when attackers preempt transactions by exploiting
mempool visibility.
· Explain the use of a multisig wallet.
· A multisig wallet requires multiple private keys to authorize transactions, reducing
risks of a single compromised key.
· Which tools are commonly used for smart contract auditing?
· MythX, Slither, Echidna, Manticore, Oyente, and manual reviews by audit firms
(e.g., OpenZeppelin, Trail of Bits).

10. Decentralized Storage & Oracles

· Difference between on-chain and off-chain data storage.
· On-chain storage is permanent but expensive. Off-chain storage (IPFS, Arweave,
Filecoin) is cheaper and scalable, with only references stored on-chain.
· What is IPFS, and how does it work?
· InterPlanetary File System stores files using content-addressing. Files are split
into chunks, hashed, and retrieved via unique content identifiers (CIDs).
 · Compare Arweave and Filecoin.
· Arweave provides permanent storage (“pay once, store forever”), while Filecoin
incentivizes storage with a market-based model.
· Why are oracles necessary in blockchain?
· Blockchains cannot access external data natively. Oracles bridge real-world data
(prices, weather, APIs) into smart contracts.
· How does Chainlink ensure decentralized data feeds?
· Chainlink aggregates data from multiple independent nodes with incentives and
penalties to ensure reliability and prevent manipulation.

11. Monitoring & Deployment

· What is Etherscan, and how does it help developers?
· Etherscan is a blockchain explorer for Ethereum. It allows developers to view
transactions, contracts, token balances, logs, and debug execution.
· How do you monitor a blockchain node’s health?
· By tracking metrics like sync status, block height, peer connections,
memory/CPU usage, and logs using monitoring tools (Prometheus, Grafana).
· Explain event logging in smart contracts.
· Events emit logs stored in transaction receipts, enabling dApps and external tools
to track state changes without full node parsing.
· What is Hardhat/Truffle/Foundry, and why are they used?
· Development frameworks for compiling, deploying, and testing smart contracts.
· Hardhat: Modern, flexible, with plugins.
· Truffle: Older, battle-tested.
· Foundry: Fast, Rust-based toolchain for Solidity.
· How can CI/CD pipelines be set up for smart contract
deployment?
· By automating contract compilation, testing, and deployment with GitHub
Actions/GitLab CI + tools like Hardhat. Pipelines may include security scans
before deployment.

12. Advanced Web3 Topics

· Compare Optimistic Rollups and zk-Rollups.
· Optimistic Rollups: Assume transactions are valid by default; fraud proofs catch
invalid ones (slower finality).
· zk-Rollups: Use zero-knowledge proofs to guarantee validity instantly (faster, but
computationally heavier).
· What are ZK-SNARKs vs ZK-STARKs?
· ZK-SNARKs: Succinct, require trusted setup.
· ZK-STARKs: Transparent (no trusted setup), scalable, but larger proof sizes.
· How do cross-chain bridges work, and what security risks do
they pose?
· Bridges lock assets on one chain and mint wrapped assets on another. Risks:
hacks from faulty smart contracts, centralization, or validator compromise.
· Explain Automated Market Makers (AMMs) in DeFi.
· AMMs (e.g., Uniswap) use liquidity pools instead of order books. Prices are
determined algorithmically by constant product formulas (x*y=k).
· How does DAO governance typically work?
· Token holders propose and vote on changes. Votes determine treasury
spending, upgrades, and rules. Governance tokens align incentives among
community members.
· What is tokenomics, and why does it matter for blockchain
ecosystems?
· Tokenomics is the economic design of a token — supply, distribution, utility,
incentives, and governance. Good tokenomics ensures sustainability, adoption,
and ecosystem growth.
Blockchain & Web3 Quick-Fire Questions
· DLT vs Traditional DB? → DLT = decentralized, tamper-
resistant; DB = centralized, mutable.
· Consensus role? → Ensures all nodes agree on ledger state.
· PoW vs PoS? → PoW = mining with computation; PoS =
validators stake tokens.
· UTXO vs Account Model? → UTXO = Bitcoin, token-based;
Account = Ethereum, balance-based.
· Hot vs Cold Wallet? → Hot = online, convenient; Cold =
offline, secure.
· Seed phrase use? → Backup for regenerating private keys.
· Smart contract? → Self-executing code on blockchain.
· Gas fees? → Cost paid to run transactions/contracts.
· EVM? → Ethereum’s runtime for executing smart contracts.
· Merkle Tree role? → Efficient proof of data integrity.
· ERC-20 vs ERC-721? → ERC-20 = fungible tokens; ERC-721 =
NFTs.
· Oracles? → Bring real-world data into blockchain.
· Front-running? → Exploiting pending transactions; mitigated
by commit-reveal/MEV solutions.
· AMM (Uniswap)? → Uses liquidity pools & math (x*y=k) for
pricing.
· DAO governance? → Token holders vote on proposals and
treasury spending.