# Resources for New Ethereum Developers ## General - [ethereum.org](https://ethereum.org/) has recently revamped their whole site and their [developers](https://ethereum.org/en/developers/) section is very thorough and probably the best jumping off point. It provides a great overall introduction to Ethereum, and you’ll see other tabs with tutorials, etc. (Some of the references linked below will be linked somewhere from ethereum.org). Just clicking around on ethereum.org and reading through it will be really valuable. - [Mastering Ethereum](https://github.com/ethereumbook/ethereumbook) is an excellent book that teaches more "low-level" type of things, like how keys, wallets, and the EVM work. This is very helpful to know but often not applicable day-to-day ## Tools and Frameworks - [Foundry](https://github.com/gakonst/foundry) is my personal favorite development framework, and it's very quickly growing in popularity and becoming the default choice. It has lots of great features that other frameworks don't have, a quick development pace, and good support channels if you need help. - Visit the [repo](https://github.com/foundry-rs/foundry). - Check out the Foundry [book](https://book.getfoundry.sh/) for thorough documentation. - Note that Foundry is a suite of three tools: - `forge` is the development and test framework - `cast` is a tool used to interact with contracts, read the blockchain state, and parse/format data - `anvil` is a local testing node that runs on your machine - [Dapptools](https://github.com/dapphub/dapptools/) is what Foundry was based off of. This framework is now deprecated and has passed the torch to Foundry, but it's worth knowing about for two reasons: 1. Good historical context, since it was the inspiration for foundry. 2. HEVM, it's EVM implementation, has very powerful testing capabilities that other frameworks still don't have—namely [symbolic execution](https://en.wikipedia.org/wiki/Symbolic_execution), which is an advanced topic you don't need to worry about yet, but it's good to be aware of. Dapptools is really a suite of 4 tools, with the two main ones to focus on being: - [dapp](https://github.com/dapphub/dapptools/tree/master/src/dapp) - This is the actual test framework for writing and executing tests, analgous to `forge` - [seth](https://github.com/dapphub/dapptools/tree/master/src/seth) - Ethereum CLI to query contracts, debug transactions, etc. (analagous to `cast`, both of which are similar to ethers.js mentioned below) - [Hardhat](https://hardhat.org/), [Waffle](https://ethereum-waffle.readthedocs.io/en/latest/), and [ethers](https://ethers.org/) is a popular combination of tools for development/testing environments. This was the most popular prior to Foundry's success. - [solidity-template](https://github.com/paulrberg/solidity-template) is a popular way to bootstrap Hardhat repos, which uses all three of these (with Hardhat, tests are written in JS or TS) - ethers is the best JS library for interacting with any EVM-compatible chain - [Truffle](https://trufflesuite.com/) (along with dapptools) was one of the very first smart contract test frameworks. It's not very popular these days, but again worth being aware of as it's still under active development and some teams do use it. ## Solidity Intro - The [Solidity docs](https://docs.soliditylang.org/en/latest/) are pretty solid and contain a lot of great info. - [Cryptozombies](https://cryptozombies.io/en/course/) is very popular, though I haven't tried it myself. Last I checked it used [Truffle](https://trufflesuite.com/) and [web3](https://web3js.readthedocs.io/en/v1.5.2/), but if you do those exercises, I’d recommend using Foundry or Hardhat/ethers if possible - [Damn Vulnerable DeFi](https://www.damnvulnerabledefi.xyz/) contains challenges where you have to hack contracts. It comes with a template Hardhat repo, so is a good way to learn Solidity and Hardhat at the same time. There's also an unofficial Foundry version [here](https://github.com/nicolasgarcia214/damn-vulnerable-defi-foundry). - Other challenges similaro to Damn Vulnerable DeFi include [Ethernaut](https://ethernaut.openzeppelin.com/) (also has unofficial foundry versions: [1](https://github.com/ciaranmcveigh5/ethernaut-x-foundry), [2](https://github.com/StErMi/foundry-ethernaut)) and [Capture the Ether](https://capturetheether.com/) (these might be a bit outdated by now, not sure). Building things and playing around with things is the best way to learn. Aside from the above, some tips: - Install ethers.js globally by running `npm install -g @ethersproject/cli`, then start an ethers shell using `ethers`. Now you can play around with ethers in a REPL, which is very helpful to quickly test/try things. - Once you have Foundry installed, try doing things in both `cast` and the ethers REPL, and see how doing the same thing in each compares. - [solidity-shell](https://github.com/tintinweb/solidity-shell) gives you a Solidity REPL which is excellent for quickly running a Solidity command to see what it does. ## Solidity Intermediate/Advanced There is not a good comprehensive resource for intermediate/advanced Solidity development. Some great resources include: - Just try building a bunch of stuff and try optimizing your code for gas, UX, etc. Some examples: - Instead of having a frontend make `n` calls to contracts, batch them with a [Multicall contract](https://github.com/mds1/multicall) - Instead of making two calls to a node, can you use geth state overrides to do it in one call? Even if it means writing a simple contract and providing that bytecode with the RPC call - Try gas golfing your contract to learn more about the EVM (speaking of which, [this](https://github.com/wolflo/evm-opcodes) and [this](https://www.evm.codes/) are great resources) - Unsure of something? Try finding your answer in the [geth codebase](https://github.com/ethereum/go-ethereum) or issues (I don't know any Go, but it's pretty readable) - Consider learning how you would optimize a contract for L1 vs. L2: On L1, execution is expensive but calldata is cheap, on L2 it's the opposite. - Find tools or contracts you wish existed and build them. - Read everything by [samczsun](https://samczsun.com/) - Read everything by [Cristoph Michel](https://cmichel.io/). His [How to become a smart contract auditor ](https://cmichel.io/how-to-become-a-smart-contract-auditor/) is a great resource for understanding the dev landscape. - Read audit reports. Some good ones: - [Uniswap V2](https://docs.vexchange.io/audit.html) by dapphub might be the best audit report ever. - [Gnosis Safe](https://github.com/gnosis/safe-contracts/blob/v1.1.1/docs/Gnosis_Safe_Formal_Verification_Report_1_0_0.pdf) by Runtime Verification (Gnosis Safe has other audit reports at the bottom [here](https://gnosis-safe.io/security/)) - Element Finance [governance audit](https://github.com/element-fi/council/blob/main/audits/Element_Finance_RuntimeVerification_Governance_Security_Audit_Report.pdf) by runtime verification. - [Hermez](https://github.com/trailofbits/publications/blob/master/reviews/hermez.pdf) by Trail of Bits. - [0x](https://github.com/trailofbits/publications/blob/master/reviews/0x-protocol.pdf) also by TOB. - All of [Spearbits audits](https://github.com/spearbit/portfolio/tree/master/pdfs) are amazing. - The replies to [this tweet](https://twitter.com/gakonst/status/1473488004262076416) cover a wide range of good topics you should be familiar with. - Build a [small EVM](https://www.notion.so/Building-an-EVM-from-scratch-part-1-the-execution-context-c28ebb4200c94f6fb75948a5feffc686). - Write an ERC-20 or ERC-721 contract in [Yul](https://docs.soliditylang.org/en/latest/yul.html). Another [resource](https://blog.angle.money/playing-with-yul-cd4785e456d8). - Familiarize yourself with the various [upgradeability patterns](https://blog.openzeppelin.com/the-state-of-smart-contract-upgrades/). - Learn about advanced tooling and test types. Some starting points: - Property based testing: Also called fuzz testing, Foundry and Dapptools have this. - Invariant testing: Another form of fuzz testing, foundry will have this soon, [Echidna](https://github.com/crytic/echidna) and [MythX](https://mythx.io/) have this. - [Static analysis](https://en.wikipedia.org/wiki/Static_program_analysis): [Slither](https://github.com/crytic/slither) is the most popular tool here. - [Symbolic executuion](https://en.wikipedia.org/wiki/Symbolic_execution): Mainly only supported by dapptools currently. Dapptools has some blog posts and READMEs about this if you search around. - [Formal verification](https://en.wikipedia.org/wiki/Formal_verification): [Certora](https://www.certora.com/) is a popular company offering FV, there are other ways to do it also. - Note that all of the bullets in this section are *not* novel things in the Ethereum/crypto world: They are software techniques that have been around for a long time. For example, the aerospace industry heavily uses formal verification, and tons of high-assurance software relies on fuzzing to find bugs. ## Newsletters/Podcasts Some good technical newsletters and podcasts - [zkMesh](https://zkmesh.substack.com/) - [Blockchain Threat Intelligence](https://www.blockthreat.io/) - [Week in Ethereum News](https://weekinethereumnews.com/) is a must read every week. - [Zero Knowledge](https://www.google.com/search?q=zero+knowledge+podcast&oq=zero+knowledge+podcast&aqs=chrome..69i57j0i512l2.2689j0j4&sourceid=chrome&ie=UTF-8) is a good technical podcast (it's not just about ZK things).