Skip to content

Ethereum

Ethereum

Ethereum is a blockchain application platform that runs smart contracts, small distributed apps ("dApps") that can respond to function calls, transfer cryptocurrency (such as Ethereum's native currency, Ether), store data, make function calls to other contracts, and more. They can be thought of as small web service-like applications that run on a P2P network. At a more technical level, however, Ethereum offers a complex dApp stack, which includes several components such as the virtual machine that dApps run on, the Ethereum blockchain implementation, and the network protocol that peers use to communicate with each other.

Due to all of the layers involved in this stack, the amount of published information about Ethereum can seem overwhelming at first. Ethereum is a massive project with constantly changing standards (see EIPs), and regularly has new technologies added into its ecosystem (e.g. whisper). For the sake of getting up to speed, you should start with the basics and learn additional topics as needed. Subsequent Confluence pages will also highlight areas of Ethereum that are related to security and penetration testing.

Prerequisite Knowledge

It is highly recommended that you read the Ethereum Documentation. At a minimum you should read the sections: Introduction, Ethereum Clients, Connecting to Ethereum Clients, Account Management, Ether, The Ethereum network, and Contracts and Transactions. You do not need to purchase Ether.

It is also important to become familiar with Solidity, a popular JavaScript-inspired language targeting the Ethereum virtual machine. Documentation can be found here. Once language basics are understood, it is recommended that the following sections be read at a minimum: Solidity in Depth and Security Considerations.

If you are conducting security testing of a custom Ethereum implementation, you will need to become familiar with the Yellow Paper.

Test Environment Setup

This section covers setting up your Ethereum testing environment. The end goal is to have a local test blockchain that you can deploy contracts onto and easily interact with.

Ganache is our recommended Ethereum implementation for testing due to its ease of use. There is a GUI version and a CLI version. If you decide to use the GUI version, please disable analytics when asked (if you forget, this option can be configured under Advanced Settings).

In order to interact with our test blockchain, we'll be using a modified version of the Remix IDE. Please make sure you install the if you are going to be using it with client code. This version has several changes that make the IDE more secure.

To connect the Remix IDE to Ganache, change the environment settings under the run tab to "Web3 Provider" and enter the correct URL displayed by Ganache. You'll also want to install and run remixd to sync with your filesystem. Information about that and more can be found in the Remix Documentation.

Staying Up to Date: EIPs and Hard Forks

Changes to Ethereum standards are tracked in this GitHub repository using Ethereum Improvement Proposals (EIPs). It is important that we keep up to date with these changes, especially the ones that impact platform security.

Major changes that would make nodes incompatible with each other are rolled up into hard forks. The latest hard fork of Ethereum was Byzantium, which introduced the STATICCALL and REVERT opcodes, as well a cryptographic primitives for ZK-Snarks.