TOP 10 EIP every WEB3 professional MUST know.

Alain | Web3hackingLabs
7 min readSep 25, 2022

--

EIP stands for “Ethereum improvement proposal” and you shouldn’t confound it with ERC which stands for Ethereum Request for Comments (It contains a “set of rule”, or functions required to implements in applications to be compliant with the protocol, like approve() transfer() balanceOf() in ERC20 for example.)

What is precisely an EIP ?

EIP stands for Ethereum Improvement Proposals

Ethereum Improvement Proposals (EIPs) describe standards for the Ethereum platform, including core protocol specifications, client APIs, and contract standards. Network upgrades are discussed separately in the Ethereum Project Management repository. (Source: https://eips.ethereum.org/)

In others words each EIP describes one request for improving the Ethereum protocol.

The following website list all tracked EIPs: https://eips.ethereum.org/all

There are 3 different types of EIPs.

  • Standard tracks (All requests touching in the protocol itself, 95% percent of EIP belongs to this category.)
  • Meta (All requests around the Ethereum protocol.)
  • Informational (Don’t invoke any changes to the code/implementation, to be simple, it provides just “general guidelines” and good practices.)

Each EIPs can have different stages.

  • 0. IDEA, the Ethereum improvement proposal is still an idea (it’s not tracked in the Ethereum database.)
  • 1. DRAFT, tracked EIP in the Ethereum data base but not ready for review.
  • 2. REVIEW, the EIP is ready for peer review.
  • 3. LAST CALL, Final review of the EIP before changing it’s status to “review” or to “final” (there is usually a deadline of 14 days).
  • 4. FINAL, The EIP is accepted as a new standard.

This is the most followed path among EIPs, but there is others stages. (Like withdrawn, stagnant meaning inactive for more than 6 months or living indicating continuously updated EIPs.)

Source: https://eips.ethereum.org/EIPS/eip-1

You can find the list of all EIPs here : https://eips.ethereum.org/

Everyone can submit an EIP, even you.

If you have a good idea for the Ethereum protocol or if you know how to resolve an Issue you can create your own EIP, you need to:

First review EIP-1. Then clone the repository and add your EIP to it. There is a template EIP here. Then submit a Pull Request to Ethereum’s EIPs repository. (https://eips.ethereum.org/)

Or in simple words:

  1. Review EIP-1 which provides instructions on how to write a good EIP
  2. Clone the Template EIP repository. (https://github.com/ethereum/EIPs/blob/master/eip-template.md)
  3. Submit a “Pull Request” to the main Ethereum EIPs repository. (https://github.com/ethereum/EIPs)

Now, once you understand what is an EIP and an ERC, we can browse all the interesting EIPs/ERCs.

Here is a no exhaustive list of interesting EIPs

1. EIP1559 (London upgrade)

This one is quite recent. (August 5, 2021)

This update changed how gas fees are handled by users and the Ethereum VM.

Still Today of people think that every transaction are provided with a gasprice field which is gas the user is willing to pay.

When the block is mined, miners should take (by aucton) all transactions with the most expensive gasprice in order to earn as much money as possible.

And the most expensive one is taken.

But after the EIP1559 which was accepted, this is not the case anymore on Ethereum. (But it may still be the case on others blockchains.)

  • Gas fees becomes more predictable.
  • Gas fees becomes a bit more stable.
  • Users overpay less for gas fees.
  • The increase of ETH decreased. (but ETH is still not deflationary)

I can’t fully explain how this new standards works here (Because it will be too long, here is a more detailed explanation: https://www.youtube.com/watch?v=MGemhK9t44Q)

2. EIP-779: The DAO fork

If you’re an Ethereum Dev, you’re certainly heard about the DAO hack which happened in 2016.

At this time 3.3 ETH hacked (60 millions USD, or 14% of the totalSupply of ETH at this time) due to a reentrancy flaw in a smart contract.

So the Ethereum community decided to hard fork the Ethereum blockchain in order to return the ETH.

About 85 percent of mining power agree to the decision and the Ethereum blockchain was “hard forked” following the EIP779 the 17 June 2016.

The remaining 15 percent formed the ETC chain which is still “alive” today.

3. EIP-140 REVERT instruction

Did you know that revert() instruction doesn’t existed before March 2017?

At this time, in order to verify if a condition is true or false and reverting the EVM if result is “bad”, devs used assert() which behaves about the same way than revert() but with 1 difference.

When assert() is called, it consumes all the gas supplied. (which is not the case for revert() ) So this is not ideal at all for the user experience…

4. EIP-7 DELEGATECALL instructon

Same for delegatecall, this opcode was introduced by the late 2015 (before revert() ) in order to replace CALLCODE instruction which does the same as DELEGATECALL but when you call CALLCODE is an external contract:

  • The msg.sender and msg.value stays the same which is not ideal.

You can get more info here about these functions: https://ethereum.stackexchange.com/questions/3667/difference-between-call-callcode-and-delegatecall

5. EIP-1014 Create2 instruction

Did you know that you can create a smart contract, with another smart contract?

Yes it’s possible by using the CREATE opcode, or directly in Solidity.

But sometimes you need to compute in advance (before the creation of the contract) his public address.

Here is how is computed the address of the contract with CREATE opcode:

keccak256(senderAddress, nonce)

Problem: The nonce may not be known in advance.

With CREATE2 it’s a bit different:

keccak256(0xFF, senderAddress, salt, bytecode)

Every parameter is known in advance. (You can choose the salt parameter to be any 32bytes data you want.)

6. EIP-3529 Decrease refunds for gas costs

Did you know that:

  • By calling selfdestruct() on a smart contract, you can have a gas refund of 24000
  • By setting a storage value to 0, you can have a gas refund of 15000. (In most cases.)

But there is one issue with this system. There is token named “gasToken” which takes advantage of this system.

  • When gas prices are cheap, it can create smart contracts/SSTORE variables. (With low cost because gas price are very cheap.)
  • And when the gas prices are higher, you destroy the smart contract and set variables to 0 in order to gas refund and gas when the network is busy.

Here is a link to learn more about gasToken: https://gastoken.io/

So in this EIP, the refunds were lowered in order make the “vulnerability” harder to exploit.

7. EIP-3198 BASEFEE opcode

This EIP adds a new opcode called BASEFEE , it return the minimum gas fee you need to pay in order to submit a transaction on the blockchain.

This value may vary according the the EIP1559 specifications.

8. EIP-3541

This standard specifies that all contract EVM bytes that start with the 0xEF mustn’t be deployed on the blockchain.

But why?

0xEF is anyway an INVALID instruction, so at each execution of the contract the EVM should revert right? Yes but this doesn’t seems to be the reason.

I can’t fully explain here why, so I’ll leave the official link: https://eips.ethereum.org/EIPS/eip-3541

9. EIP-3675 Moving to proof of stake.

This EIP contains the specifications for an upgrade to proof of stake.

It was proposed in July 2021, but now we’re in September and the merge is done!

10. EIP-695 chainID fied

The goal of this EIP is to improve the multi-chain support between different software. (Like wallets for example.)

When you submit a transaction of the blockchain, you submit a JSON-RPC call on an Ethereum node (This is a JSON string), and the node propagates/writes the new state on the blockchain.

With this improvement, the chainID field is mandatory to make a JSON-RPC call so the next time a call is made there is a lower chance to make a call to the wrong blockchain.

More information about JSON RPC here: https://ethereum.org/en/developers/docs/apis/json-rpc/

Bonus: useful ERCs

To finish the article, I want to highlight you the most used ERC standards you should know:

(Actually ERC are a subcategory of “Standard track” which is also a subcategory of all EIPs)

  • ERC20: Standard for creating tokens. (If you’re subscribed to my stories, I think you know this standard well.)
  • ERC223: Similar to ERC20, but with several new functions. (for preventing loss of tokens, consume less gas…)
  • ERC667: This is a combination of ERC20 and ERC223 but it’s backward compatible.
  • ERC721: Standard for creating NFTs. (Same for ERC20.)
  • ERC777: This is a standard for tokens. (with backward compatibility to ERC20), with several new functionalities too.
  • ERC1155: Standard for saving NFTs and Tokens in 1 smart contract.
  • ERC884: Similar to ERC20, but each token can represent shares of a “project”, this standard require that founders are “whitelisted”. (it’s like a KYC version of ERC20)
  • ERC1967: Standard for up-gradable UUPS proxy pattern

All Ethereum ERC are listed here: https://eips.ethereum.org/erc

▶ Conclusion

Any web3 developer/auditor should know at least a bit about EIPs and ERCs because they describe how the Ethereum protocol works, what are the different evolution and what are the good practices.

This will allow you to have a better understanding of the EVM and the Ethereum ecosystem which is mandatory if you want to thrive in the blockchain world.

--

--

Alain | Web3hackingLabs

Smart contract Auditor & Cybersecurity engineer, follow me on Twitter to get more value: https://rebrand.ly/twitter_medium