This is a 301, 401 or 501 reading list on Ethereum. Especially important for those who are newer to the technology and would like to know where to start learning about it.
- This first public audit on Ethereum is a classic. Very deep impact and had clues to all major attacks on Ethereum so far, such as reentrancy hazards and gas economics. May you find the next major contributions and vulnerabilities on Ethereum, possibly using this resource for ideas and inspiration. (Don’t forget the Appendix.)
- The formal specification of the Ethereum protocol. Yes it could be clearer, but until someone seizes the opportunity, it’s what’s there.
- A lot of the subtleties of Ethereum. Blackhats don’t often lurk in the daylight of the obvious, but in the darkness of subtleties where much fewer whitehats roam. For example, one of the DoS attacks used “note: there is a difference between zero-balance and nonexistent!”
- Phase 1 mitigation for transaction spam attacks
Spurious Dragon
- Replay attack prevention
- EXP cost increase. Fixes the “last” mispriced opcode.
- State trie clearing to purge empty accounts from the chain
- An earlier proposal is https://github.com/ethereum/eips/issues/158
- Limit the maximum size of contract code on the blockchain
Discussions
Some places for discussions are happening here, feel free to join in the conversation!
This list was prepared by Joseph Chow, lead developer of BTC Relay. Eventually, we’ll have a living document on the Ethereum Wiki where people can collaborate on building and improving the reading list.