A technical reading list for getting very deep in Ethereum in 2016, including Ethereum Improvement Proposals (EIP) that fundamentally strengthened the protocol against attacks.
- This first public audit on Ethereum is a classic. Very deep impact and had clues to all major attacks on Ethereum so far, such as reentrancy hazards and gas economics. May you find the next major contributions and vulnerabilities on Ethereum, possibly using this resource for ideas and inspiration. (Don’t forget the Appendix.)
- The formal specification of the Ethereum protocol. Yes it could be clearer, but until someone seizes the opportunity, it’s what’s there.
- A lot of the subtleties of Ethereum. Blackhats don’t often lurk in the daylight of the obvious, but in the darkness of subtleties where much fewer whitehats roam. For example, one of the DoS attacks used “note: there is a difference between zero-balance and nonexistent!”
- Phase 1 mitigation for transaction spam attacks
- Replay attack prevention
- EXP cost increase. Fixes the “last” mispriced opcode.
- State trie clearing to purge empty accounts from the chain
- An earlier proposal is EIP 158
- Limit the maximum size of contract code on the blockchain
Some places for discussions are happening here, feel free to join in the conversation!
This was first published on ConsenSys blog. The reading list is still largely relevant; Gitter has historical discussions.