Library
Mastering Ethereum: Building Smart Contracts and DApps
blockchain

Mastering Ethereum: Building Smart Contracts and DApps

Andreas M. Antonopoulos & Gavin Wood 2018 15 references

How Ethereum works under the hood — keys, wallets, transactions, the EVM, Solidity & Vyper, smart-contract security, tokens, oracles, DApps, and consensus — for building, auditing, and reasoning about Ethereum smart contracts.

ethereum smart-contracts solidity evm smart-contract-security tokens dapps

Overview

The Core Framework

  • Ethereum is a deterministic, Turing-complete "world computer" — a stored-program computer fused with a blockchain; one shared world state advanced by the EVM.
  • Power is a liability. Generality (Turing-completeness, delegatecall, rich languages) is also attack surface; gas bounds execution and defensive programming keeps it safe.
  • Determinism forbids on-chain randomness — which is why oracles, off-chain storage, and external entropy exist.
  • Immutable code + irreversible value ⇒ you can't patch a deployed bug and lost keys/wrong addresses are permanent. Reuse audited code ("security by maturity").
  • Spec over implementation: Ethereum is defined by the Yellow Paper, so many interoperable clients exist by design.

Quick Lookup

Situation Do This Avoid This
Sending value Validate recipient; a wrong to burns ether Trusting an unchecked address
External calls in a contract Checks-Effects-Interactions + reentrancy guard State update after the call (the DAO)
Arithmetic Solidity ≥0.8 checks overflow (was SafeMath) Assuming uint won't wrap
Need randomness Commit-reveal / VRF / oracle block.timestamp/blockhash entropy
Calling another contract Hardcode/verify the address; new or known address Casting an arbitrary address to a type
Backing up a wallet Store the BIP-39 mnemonic offline Relying on the password alone
Writing a contract Reuse OpenZeppelin; minimize complexity Rolling your own crypto/token

The Key Insight

Ethereum is a "single shared-state...world computer" — and because that computer is open, immutable, and adversarial, its power is inseparable from its risk. (Core thesis, Chapters 1 & 13)

Key Diagrams: Key→Address→Transaction→EVM flow · Reentrancy & Checks-Effects-Interactions

References

1

Consensus — Rules Without Rulers (PoW, PoS, Forks)

Consensus is "a system of strict rules without rulers" (Chapter 14): with no central authority to decide what is true, every node must…

14
consensus proof-of-work proof-of-stake +2
MEDIUM
2

Ethereum Core Framework — The World Computer & Power-as-Liability

This skill distills Mastering Ethereum (2018) and is a 2018 snapshot. Several specifics have since changed: The Merge (2022) replaced Proof-of-Work…

1
ethereum evm gas +3
CRITICAL
3

Cryptography — Keys, Addresses & the One-Way Trap

Ethereum uses no encryption — only digital signatures and hash functions (Chapter 4). All on-chain data is public, by necessity: every node must read…

4
cryptography secp256k1 keccak256 +3
HIGH
4

DApps and the web3 Stack — Decentralization Across the Whole Architecture

"A DApp is an application that is mostly or entirely decentralized." Smart contracts decentralize logic and payment; web3 extends decentralization to…

12
dapps web3 ipfs +5
HIGH
5

EVM Internals — Stack Machine, State, Gas, and Bytecode

"The EVM is the part of Ethereum that handles smart contract deployment and execution" — a sandboxed, single-threaded, 256-bit stack machine with no…

13
evm gas opcodes +4
HIGH
6

Implementation Playbook — Build, Test, Deploy

A deployed contract is immutable and usually holds value, so a bug is both expensive and unfixable. The entire workflow exists to exhaust failure…

2-3, App C-E
deployment testing tooling +3
CRITICAL
7

Oracles — Importing Trusted Data into a Deterministic EVM

An oracle is "a system that can answer questions that are external to Ethereum" — it brings off-chain data on-chain for contracts to consume. Because…

11
oracles determinism data-authentication +2
MEDIUM
8

Rules of Thumb — Heuristics Across All Chapters

On an immutable, adversarial platform, every rule below exists because a deployed bug is permanent, irreversible loss. "Complexity is the enemy of…

all
heuristics security gas +3
HIGH
9

Secure Design Patterns

Deployed contract code is immutable and runs in an adversarial public environment, so a single bug equals permanent monetary loss — the engineering…

9
security patterns defensive-programming +1
CRITICAL
10

Smart Contract Vulnerability Catalog

Deployed contract code is immutable and runs in an adversarial public environment, so a single bug equals permanent, unrecoverable monetary loss.…

9
security vulnerabilities exploits +2
CRITICAL
11

Solidity Essentials — Writing Immutable, Self-Owning Contracts

Smart contracts are "Immutable computer programs that run deterministically in the context of an EVM… on the decentralized Ethereum world computer"…

7
solidity abi modifiers +5
CRITICAL
12

Tokens (ERC-20, ERC-721, Fungibility, Standards)

A token is an ownable abstraction representing assets, currency, or access rights — but on Ethereum a token is not an asset the recipient holds; it…

10
tokens erc20 erc721 +3
HIGH
13

Transactions — Ethereum's Sole Canonical State-Change Input

A transaction is an RLP-encoded binary message signed by an EOA, and it is the only input that drives the EVM to change Ethereum's state. "The…

6
transactions rlp nonce +4
HIGH
14

Vyper — Safety by Omission and Readability as a Security Property

"Vyper is an experimental, contract-oriented programming language for the EVM that strives to provide superior auditability, by making it easier for…

8
vyper auditability overflow +4
MEDIUM
15

Wallets & Key Management — HD Wallets, Mnemonics & Self-Custody

A wallet is "the system used to store and manage a user's keys" — a keychain of private/public pairs, not a money store (Chapter 5). Ether and tokens…

5
wallets bip-39 bip-32 +4
HIGH