Chapter 12 Further Reading: The Ethereum Virtual Machine
Primary Sources
The Ethereum Yellow Paper
Gavin Wood. Ethereum: A Secure Decentralised Generalised Transaction Ledger. (Continuously updated.) The formal specification of the EVM. Appendix H contains the complete opcode table with gas costs, stack inputs/outputs, and formal semantics. Appendix G defines the gas cost schedule. Dense and mathematical, but the authoritative reference for any question about EVM behavior. - URL: https://ethereum.github.io/yellowpaper/paper.pdf
The Ethereum Execution Specification (Python)
Ethereum Foundation. Ethereum Execution Specs.
A readable, executable specification of the EVM in Python. Each hard fork has its own module. Far more accessible than the Yellow Paper for understanding how specific opcodes work. The ethereum/vm/instructions/ directory mirrors the opcode categories covered in this chapter.
- URL: https://github.com/ethereum/execution-specs
EVM Opcodes Reference
wolflo/evm-opcodes and ethervm.io. Comprehensive reference tables listing every EVM opcode with its hex value, gas cost, stack inputs/outputs, and a brief description. Useful as a quick-lookup companion to this chapter. - URL: https://www.evm.codes/ - URL: https://ethervm.io/
Textbooks and Technical Books
Mastering Ethereum
Andreas M. Antonopoulos and Gavin Wood. O'Reilly, 2018. Chapter 13 ("The Ethereum Virtual Machine") provides a thorough overview of EVM architecture, opcodes, and execution. Chapter 14 covers security considerations that arise from EVM-level behavior. An essential complement to this chapter for readers who want a second perspective.
The Ethereum Book (community edition)
Ethereum Foundation. Continuously updated community resource. Covers EVM internals, gas mechanics, and contract interaction patterns. More current than the Antonopoulos book on post-Merge and post-Dencun changes. - URL: https://github.com/ethereumbook/ethereumbook
EVM From Scratch
Shafu. 2023. A tutorial-style guide that walks through building an EVM implementation from zero. Covers the stack machine model, opcode implementation, memory/storage handling, and gas accounting. Strongly recommended for readers who learn by building. - URL: https://www.evmfromscratch.com/
Key Ethereum Improvement Proposals (EIPs)
Gas Cost EIPs
| EIP | Title | Relevance |
|---|---|---|
| EIP-150 | Gas cost changes for IO-heavy operations (Tangerine Whistle) | Changed gas forwarding to 63/64 rule; mitigated call stack depth attacks |
| EIP-1283 | Net gas metering for SSTORE (withdrawn) | The EIP that nearly broke contracts; see Case Study 1 |
| EIP-2200 | Structured definitions for net gas metering (Istanbul) | The safe replacement for EIP-1283 with 2,300 gas guard |
| EIP-2929 | Gas cost increases for state access opcodes (Berlin) | Introduced cold/warm pricing for SLOAD, CALL, BALANCE, etc. |
| EIP-2930 | Optional access lists (Berlin) | Allows prepaying cold access costs at a discount |
| EIP-3529 | Reduction in gas refunds (London) | Capped refunds at 20% of transaction gas; killed GasToken arbitrage |
Opcode Addition EIPs
| EIP | Title | Relevance |
|---|---|---|
| EIP-145 | Bitwise shifting instructions (Constantinople) | Added SHL, SHR, SAR opcodes |
| EIP-1014 | Skinny CREATE2 (Constantinople) | Deterministic contract deployment; see Case Study 2 |
| EIP-1344 | ChainID opcode (Istanbul) | Added CHAINID for replay protection |
| EIP-3198 | BASEFEE opcode (London) | Exposes EIP-1559 base fee to contracts |
| EIP-4399 | Supplant DIFFICULTY with PREVRANDAO (The Merge) | Replaced mining difficulty with beacon chain randomness |
| EIP-5656 | MCOPY - memory copying instruction (Cancun) | Efficient memory-to-memory copy opcode |
Security-Related EIPs
| EIP | Title | Relevance |
|---|---|---|
| EIP-170 | Contract code size limit (Spurious Dragon) | 24,576-byte limit prevents state bloat via large contracts |
| EIP-211 | New opcodes RETURNDATASIZE and RETURNDATACOPY (Byzantium) | Proper return data handling for inter-contract calls |
| EIP-214 | New opcode STATICCALL (Byzantium) | Read-only calls; EVM-level enforcement of view functions |
| EIP-6780 | SELFDESTRUCT only in same transaction (Dencun) | Killed metamorphic contracts; see Case Study 2 |
Research Papers
A Survey of Attacks on Ethereum Smart Contracts
Nicola Atzei, Massimo Bartoletti, Tiziana Cimoli. 2017. Systematizes smart contract vulnerabilities at the EVM level. Categories include reentrancy, call stack depth, type confusion, and unexpected ether. The vulnerability taxonomy maps directly to the opcodes and execution patterns covered in Sections 12.4 and 12.8.
EVM: From Solidity to Byte Code, Memory and Storage
Blockchain at Berkeley. Medium, 2019. An accessible tutorial tracing the compilation of simple Solidity contracts to bytecode, with step-by-step stack traces. Good supplement to Section 12.6.
Under-Optimized Smart Contracts Devour Your Money
Ting Chen et al. SANER 2017. Identifies gas-wasting patterns in deployed smart contracts. Quantifies the cost of common anti-patterns (dead code, redundant storage reads, unused computation). Provides empirical evidence for the gas optimization principles in Section 12.5.
Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks
Michael Rodler et al. NDSS 2019. Proposes runtime reentrancy detection at the EVM level. Relevant to understanding how the EVM's CALL mechanics enable reentrancy and how EVM modifications could prevent it.
Tools and Practical Resources
EVM Playground
ethervm.io/decompile and Remix IDE Interactive tools for writing bytecode, stepping through execution, and observing stack/memory/storage state. Remix IDE's debugger allows stepping through individual opcodes for any deployed or local contract.
Foundry
Paradigm. Foundry: A blazing fast, portable, and modular toolkit for Ethereum application development.
Foundry's forge debug command provides an opcode-level debugger for smart contracts. Foundry's cast tool can compute function selectors (cast sig "transfer(address,uint256)"), decode calldata (cast calldata-decode), and interact with deployed contracts at the ABI level.
- URL: https://getfoundry.sh/
Tenderly
Tenderly. Smart Contract Debugging and Monitoring. Provides transaction-level EVM traces showing every opcode execution, gas consumption, and state change. Invaluable for debugging deployed contracts and understanding gas consumption in production. - URL: https://tenderly.co/
Slither
Trail of Bits. Slither: Static Analysis Framework for Solidity. Static analysis tool that detects vulnerabilities at the Solidity and EVM bytecode level. Can identify reentrancy, DELEGATECALL issues, storage variable shadowing, and other patterns discussed in this chapter. - URL: https://github.com/crytic/slither
Dedaub Contract Library
Dedaub. Smart Contract Decompiler and Security Scanner. Decompiles deployed bytecode back to a Solidity-like representation. Useful for understanding contracts whose source code is not verified. Demonstrates the bytecode-to-source mapping described in Section 12.6. - URL: https://library.dedaub.com/
Heimdall
Jon-Becker. Heimdall: An advanced EVM smart contract toolkit. Includes a bytecode decompiler, ABI decoder, and contract inspector. Open-source alternative for bytecode analysis tasks covered in this chapter. - URL: https://github.com/Jon-Becker/heimdall-rs
Video Lectures
"EVM Deep Dives" Series
noxx. 2022. A series of blog posts and accompanying talks that trace EVM execution through increasingly complex examples. Covers the function dispatcher, storage layout, memory management, and ABI encoding in granular detail.
"Ethereum Under the Hood" — Devcon Talk
Ethereum Foundation. Various years. Devcon presentations on EVM internals, gas optimization, and security. Search for "EVM internals" on the Ethereum Foundation YouTube channel for multiple relevant talks.
"Smart Contract Security: EVM-Level Vulnerabilities"
OpenZeppelin. Ethernaut Workshops. Workshop series covering reentrancy, DELEGATECALL exploits, and storage layout attacks — all rooted in EVM-level behavior. The Ethernaut CTF challenges provide hands-on practice with these concepts. - URL: https://ethernaut.openzeppelin.com/
Historical Context
"Ethereum's Shanghai Attacks" (2016)
Various authors. Blog posts and post-mortems. In September-October 2016, attackers exploited underpriced opcodes (particularly EXTCODESIZE, BALANCE, and SUICIDE) to slow the network. These attacks directly motivated EIP-150, EIP-160, and the broader approach to gas repricing that continues through EIP-2929. Understanding these attacks provides context for why EVM gas costs evolved as described in Section 12.5.
"The DAO Hack and the Fork"
Various authors. 2016. The DAO exploit was fundamentally an EVM-level vulnerability (reentrancy via CALL). It remains the most consequential EVM security incident in Ethereum's history, leading to the Ethereum/Ethereum Classic chain split. Understanding the exploit requires the CALL semantics and state rollback behavior covered in Section 12.8.