A technical reading list for getting very deep in Ethereum in 2016, including Ethereum Improvement Proposals (EIP) that fundamentally strengthened the protocol against attacks.

Book with Ethereum logo captioned with Rapid Learning and Just In Time Support


  • This first public audit on Ethereum is a classic. Very deep impact and had clues to all major attacks on Ethereum so far, such as reentrancy hazards and gas economics. May you find the next major contributions and vulnerabilities on Ethereum, possibly using this resource for ideas and inspiration. (Don’t forget the Appendix.)

The “Yellow Paper”: Ethereum’s formal specification

  • The formal specification of the Ethereum protocol. Yes it could be clearer, but until someone seizes the opportunity, it’s what’s there.

Ethereum Subtleties

  • A lot of the subtleties of Ethereum. Blackhats don’t often lurk in the daylight of the obvious, but in the darkness of subtleties where much fewer whitehats roam. For example, one of the DoS attacks used “note: there is a difference between zero-balance and nonexistent!”

EIP 150: Long-term gas cost changes for IO-heavy operations to mitigate transaction spam attacks

  • Phase 1 mitigation for transaction spam attacks

EIP 155: Simple replay attack protection

  • Replay attack prevention

EIP 160: EXP cost increase

  • EXP cost increase. Fixes the “last” mispriced opcode.

EIP 161: State trie clearing (invariant-preserving alternative)

  • State trie clearing to purge empty accounts from the chain
  • An earlier proposal is EIP 158

EIP 170: Contract code size limit

  • Limit the maximum size of contract code on the blockchain


Some places for discussions are happening here, feel free to join in the conversation!





This was first published on ConsenSys blog. The reading list is still largely relevant; Gitter has historical discussions.

Addendum: Technical Discussions in 2022


Ethereum Magicians forum

Ethereum R&D Discord