Ethereum Virtual Machine

From Vulnerapedia
Jump to navigation Jump to search

Ethereum Virtual Machine (EVM) is the runtime environment for transaction execution in Ethereum. It's made of a stack, memory, gas balance, program counter, and the state (including contract code). The Ethereum protocol itself exists solely for the purpose of keeping the continuous, uninterrupted, and immutable operation of this special state machine. It's the environment in which all Ethereum accounts and smart contracts live. At any given block in the chain, Ethereum has one and only one 'canonical' state, and the EVM is what defines the rules for computing a new valid state from block to block.

Technical details

The EVM is stack-based, in that most instructions pop operands from the stack and push the result to the stack. The EVM is designed to be deterministic on a wide variety of hardware and operating systems, so that given a pre-transaction state and a transaction, each node produces the same post-transaction state, thereby enabling network consensus. The formal definition of the EVM is specified in the Ethereum Yellow Paper. EVMs have been implemented in C++, C#, Go, Haskell, Java, JavaScript, Python, Ruby, Rust, Elixir, Erlang, and soon WebAssembly.

Ethereum virtual machine diagram
Diagram adapted from Ethereum EVM illustrated

The Ethereum state transition function

The EVM behaves as a mathematical function would: Given an input, it produces a deterministic output. It therefore is quite helpful to more formally describe Ethereum as having a state transition function:

Given an old valid state (S) and a new set of valid transactions (T), the Ethereum state transition function Y(S, T) produces a new valid output state S'


Ethereum's state is an enormous data structure called a modified Merkle Patricia Trie, which keeps all accounts linked by hashes and reducible to a single root hash stored on the blockchain.

Ethereum virtual machine vulnerabilities

Main article Ethereum virtual machine vulnerabilities

Besu vulnerabilities (Java)

Erigon vulnerabilities (Go)

Evmone vulnerabilities (C++)

Geth vulnerabilities (Go)

Nethermind vulnerabilities (C#, .NET)

External links