The Ultimate Merkle Tree Guide in Solidity

Everything you need to know about Merkle trees and their future

Most of you probably have heard of Merkle trees by now. They are used everywhere in the world of blockchain.

But are you really sure exactly

  • How they work?
  • What the best ways to use them are?
  • What the future holds for Merkle trees?
Merkel Tree

This is not a Merkle tree.

What are Merkle Trees?

Ralph Merkle invented Merkle trees already in 1979. The most important concept to understand is a Merkle tree. This is a Merkle tree:

Merkle Tree

At the root of the Merkle tree is the root hash. It's created by hashing all its original values as leaf nodes. Now two leaf hashes are combined by creating a new hash just for those together. We do this all the way until we have one tree with a single root hash.

A Merkle proof now is a way for you to prove to someone who only knows the root hash that any value is in fact part of this tree as one of the leafs. For example you could prove that L3 did indeed contain a given value. All one needs to do is provide the Hash 0, Hash 1-1 and the L3 block itself. Now for the proof verification one can compute the hash of L3, then the hash 1 and finally the top hash. We can then compare the root hash against our known root hash. For a visual explanation of a Merkle proof, check out this great explanation.

As you can see for a successful Merkle proof, you need to provide all sibling nodes at every tree level. Keep that in mind as we could potentially improve upon that later in this post.

Why is this enough? Because when using a secure hash function like keccak256, it's practically impossible to create a hash collision, meaning although you reduce an infinite potential input space to just 256 bits, the likelihood that you find two different sets of inputs which result in the same hash is so low that it simply won't happen in practice. Now if you receive a matching root hash in the Merkle proof, you know this one item really must have been part of the original root hash calculation.

Merkle Proof in Solidity

The MerkleProof.sol from the Openzeppelin contracts is a great way to get started. So let's take a look how they implement it:

verifyCalldata takes in the proof itself as bytes32 array, the Merkle root hash and the leaf we want to verify for inclusion. Typically the root will be data you store in the smart contract and proof will be the data from someone created off-chain, proving to the contract that the leaf was part of the original tree.

So now processProofCalldata will iterate through each element in the proof array. 

  1. We start by taking the leaf node.
  2. Then in each step we update our computed hash by hashing it with the next element in the proof.
    1. Hashing both hashes together will always take the smaller value first.
    2. Openzeppelin uses assembly with the keccak256 opcode for more efficient hashing. Alternatively one could use Solidity: keccak256(abi.encodePacked(a, b)).
  3. We return the computed hash.

Then back in verifyCalldata we simply verify that the computed hash matches the expected root hash.

function verifyCalldata(
    bytes32[] calldata proof,
    bytes32 root,
    bytes32 leaf
) internal pure returns (bool) {
    return processProofCalldata(proof, leaf) == root;

function processProofCalldata(
    bytes32[] calldata proof,
    bytes32 leaf,
) internal pure returns (bytes32) {
    bytes32 computedHash = leaf;
    for (uint256 i = 0; i < proof.length; i++) {
        computedHash = _hashPair(computedHash, proof[i]);
    return computedHash;

function _hashPair(bytes32 a, bytes32 b)
    return a < b ? _efficientHash(a, b) : _efficientHash(b, a);

function _efficientHash(bytes32 a, bytes32 b)
    returns (bytes32 value)
    assembly {
        mstore(0x00, a)
        mstore(0x20, b)
        value := keccak256(0x00, 0x40)

Merkle Proofs in Bitcoin

In the blockchain world Merkle proofs date back to the very beginning, the release of the Bitcoin PDF in 2008 to prove transaction inclusions. It detailed a mechanism to verify transaction status for light clients that don’t have the full blockchain downloaded, Simplified Payment Verification (SPV).

Bitcoin light clients, in contrast to full nodes, only download the block headers of the blockchain. A block header is quite small and only contains the previous block root hash, current block root hash, timestamp, difficulty and a nonce. This allows even mobile devices to participate in the network without requiring massive amounts of data storage.

To figure out if a payment is included in the blockchain, simply ask a full node that has the blockchain downloaded for a Merkle proof. The full node can look for the block which has the transaction included and then create a Merkle proof showing that this specific transaction results in the to the light client known block root hash.

Nice, so now a light client can verify payments itself without downloading the full blockchain. But what about more complex things like state in Ethereum?

Merkle Tree Meme

Merkle Proofs in Ethereum

Now for Ethereum we have also smart contract state. In addition to the transaction inclusion Merkle proofs, there is a second state root hash which allows proving that an account had a particular Ether balance at a given block. And alternatively also that a smart contract had a particular state in a given block. And there is a third root hash in Ethereum for logs. It allows proving that a particular event happened in that block.

We are going to take a look on how to use these special Ethereum root hashes in Merkle proofs later. But of course we can also create our own root hashes and use them in our smart contract. There are many ways to do this. Let’s explore some…

1. Efficient Airdropping

Airdrop Meme

One common use case for Merkle trees are airdrops, since Merkle proofs allow us to very efficiently implement ERC20 token airdrops. The implementation is rather simple using above mentioned Openzeppelin MerkleProof library. 

contract MerkleDistributor {
    address public immutable token;
    bytes32 public immutable merkleRoot;

    mapping(address => bool) public isClaimed;

    constructor(address token_, bytes32 merkleRoot_) {
        token = token_;
        merkleRoot = merkleRoot_;

    function claim(
        address account,
        uint256 amount,
        bytes32[] calldata merkleProof
    ) external {
        require(!isClaimed[account], 'Already claimed.');

        bytes32 node = keccak256(
            abi.encodePacked(account, amount)
        bool isValidProof = MerkleProof.verifyCalldata(
        require(isValidProof, 'Invalid proof.');

        isClaimed[account] = true;
            IERC20(token).transfer(account, amount),
            'Transfer failed.'

A. Creating The Merkle Distributor Contract

Let's create the distributor contract first which will hold all the tokens are alternatively could be allowed to mint new tokens.

At the core will be the claim function that takes in the user address, the amound and the Merkle proof. The Merkle root was initially stored upon deploying the contract.

Inside claim we now how to verify

  1. that indeed the original Merkle tree contained a leaf with the values matching the account address and amount
  2. that the user hasn't already claimed the tokens.

The first part is exactly done with the Merkle proof verification using Openzeppelin's MerkleProof.verifyCalldata. For the second part we simply store the account in a mapping to boolean.

But now how can we create this original Merkle tree and all the proofs? This is not part of Solidity and happens off-chain. Let's explore how next.

B. Creating The Merkle Tree and Proofs

We can use merkletreejs for creating the Merkle root hashes as well as getting individual proofs.

  1. First we have to encode the addresses and parameters. Web3.js can help use with that.
  2. Then we can use keccak256 to compute a hash over both the address and amount for each balance.
  3. The result will be our leaf nodes that we can enter to create a new MerkleTree using merkletreejs.
  4. We can print the full tree using merkleTree.toString().
  5. Or we can print individual proofs or the root hash.
Merke Tree
└─ 399f97e5a31d2[...]c9f3379ff72
   ├─ dd3f64a1b692[...]38dfdd8578
   └─ 15e70077678[...]e7944f27e36

Merkle Root: 0x399f97e5[...]f37d0379ff72
Proof 1: 0x15e7001d277[...]79440b8f27e36
Proof 2: 0xdd3f64a1877[...]38df4b9dd8578

Now the original root will be stored in the contract. So you can see it's quite cheap to do an airdrop like this, only deploy a small contract and store the root hash.

And users can create their proofs individually off-chain and receive the tokens whenever they want to.

const keccak256 = require("keccak256");
const { MerkleTree } = require("merkletreejs");
const Web3 = require("web3");

const web3 = new Web3();

let balances = [
    addr: "0xb7e390864a90b7b923c9f9310c6f98aafe43f707",
    amount: web3.eth.abi.encodeParameter(
    addr: "0xea674fdde714fd979de3edf0f56aa9716b898ec8",
    amount: web3.eth.abi.encodeParameter(

const leafNodes = =>
      Buffer.from(balance.addr.replace("0x", ""), "hex"),
      Buffer.from(balance.amount.replace("0x", ""), "hex"),

const merkleTree = new MerkleTree(leafNodes, keccak256, { sortPairs: true });

console.log("Merke Tree");
console.log("Merkle Root: " + merkleTree.getHexRoot());

console.log("Proof 1: " + merkleTree.getHexProof(leafNodes[0]));
console.log("Proof 2: " + merkleTree.getHexProof(leafNodes[1]));

C. Improving Gas Costs for Merkle Airdrops

We can further improve upon this mechanism by storing the mapping for already claimed tokens as bitmap. I've explained the concept of bitmaps in Solidity previously. This optimization was taken from Uniswap

For our airdrop we can simply add the index of the balance array to the proof itself. Then, when storing the claimed status, we simply update a single bit in the new uint256 => uint256 mapping.

mapping(uint256 => uint256) private claimedBitMap;

function isClaimed(uint256 index) public view returns (bool) {
    uint256 claimedWordIndex = index / 256;
    uint256 claimedBitIndex = index % 256;
    uint256 claimedWord = claimedBitMap[claimedWordIndex];
    uint256 mask = (1 << claimedBitIndex);
    return claimedWord & mask == mask;

function _setClaimed(uint256 index) private {
    uint256 claimedWordIndex = index / 256;
    uint256 claimedBitIndex = index % 256;
    claimedBitMap[claimedWordIndex] = claimedBitMap[claimedWordIndex] | (1 << claimedBitIndex);

function claim(uint256 index, address account, uint256 amount, bytes32[] calldata merkleProof) external {
    require(!isClaimed(index), 'MerkleDistributor: Drop already claimed.');
NFT Meme

2. Launching NFTs

In a similar way to airdropping ERC20 tokens, we can use Merkle proofs to airdrop NFTs. A simple implementation which allows for airdropping multiple NFTs to a single address is shown on the right.

  • We first verify the claim just like for ERC20 airdrops.
  • Then we mint one new NFT for each single amount that should be airdropped.

This is an incomplete example, but the idea here should be clear. You may also combine it with the bitmap trick from before to save even more gas.

function _mint(
    address to, 
    uint256 amount, 
    bytes32[] calldata merkleProof
) internal virtual {
    require(!minted[to] && _verifyClaim(to, amount, merkleProof));
    minted[to] = true;

    uint256 newId = currentId;
    balanceOf[to] += amount;

    for (uint256 i; i < amount; i++) {
        _ownerships[newId] = to;

    currentId = newId;

function _verifyClaim(
    address who,
    uint256 amount,
    bytes32[] memory merkleProof
) internal view returns (bool) {
    bytes32 node = keccak256(
        abi.encodePacked(account, amount)
    return MerkleProof.verify(merkleProof, MERKLE_ROOT, node);

4. Creating Proofs Inside The Contract

I'm not sure what a use case would be for creating proofs inside a contract directly, but it's of course possible. You can use murky for this.

Create a new Merkle contract and you can call getProof on it. That's it!

Now what would be a use case? I'm not sure, let me know in the comments please.

// Initialize
Merkle m = new Merkle();
// Toy Data
bytes32[] memory data = new bytes32[](4);
data[0] = bytes32("0x0");
data[1] = bytes32("0x1");
data[2] = bytes32("0x2");
data[3] = bytes32("0x3");
// Get Root, Proof, and Verify
bytes32 root = m.getRoot(data);
bytes32[] memory proof = m.getProof(data, 2); 

5. Proving Ethereum Smart Contract State

A more advanced and very powerful use case is proving smart contract state! With that we can essentially prove to a smart contract that any smart contract had a specific state in the past. Powerful stuff.

However it only works for the past 256 blocks. The reason is that the EVM can only access the block root hash of the last 256 blocks. And this root hash will be required to verify the proof. So this allows for proving state up to roughly one hour in the past.

To verify such a proof is a little more complex and requires an understanding of

  • Merkle-Patricia-Tries: State trees in Ethereum are not just a plain Merkle tree, instead Merkle-Patricia-Tries are used. They allow quickly calculating the new tree root after an update without recomputing the entire tree. The main idea is that the key under which a value is stored is encoded into the “path” that you have to take down the tree.
  • RLP-Encoding: Recursive Length Prefix (RLP) serialization is a space-efficient format for encoding data in Ethereum. You don't have to understand all its details. Since fortunately there is a Solidity RLP library you can use.

A Merkle proof works differently in a Merkle-Patricia-Trie, but you can find a full Solidity example here.

Proving smart contract state can be broken down to proving single smart contract storage slots. Combined with the RLP encoding, this is shown on the right. You can read about the storage slot concept in the Solidity docs.

And there is an RPC method since EIP-1186 called eth_getProof that helps to create such a proof.

You can find the full Solidity example here.

function extractSlotValueFromProof(
    bytes32 _slotHash,
    bytes32 _storageRootHash,
    RLPReader.RLPItem[] memory _proof
    internal pure returns (SlotValue memory)
    bytes memory valueRlpBytes = MerklePatriciaProofVerifier.extractProofValue(

    SlotValue memory value;

    if (valueRlpBytes.length != 0) {
        value.exists = true;
        value.value = valueRlpBytes.toRlpItem().toUint();

    return value;

6. Optimistic Rollups

Optimistic rollups are building on top of the previously mentioned state proving. We've explained them in detail previously, but the main idea here is

  • Represent smart contract states as Merkle tree
  • Run all transactions only on the Optimism chain
  • Continuously (optimistically) update the state roots on Ethereum layer 1
  • Optimism chain has low security, but through the state roots on Ethereum, they enable fraud proofs
    • When relayer submits malicious state root and it's contested, they loose their bond.
    • Fraud proofs quite gas expensive, so they really are not meant to actually be done regularly.
    • Run whole transaction which is contested with prover submit any required state as state Merkle proofs.

This is where the scaling comes from, you only run transactions on layer 1 that are contested with a fraud proof. That’s the gain. Running a transaction for a fraud proof is actually more expensive than just running it on layer 1 directly.

So the scaling advantage comes solely from the fact that you won’t run 99.9% of transactions on layer 1.

Bright future meme

The Future = Verkle Trees?

An improvement for Merkle Trees could be Verkle Trees. They are very new and not yet used in Ethereum. The main idea behind them is to reduce the proof size dramatically. Recall that a Merkle proof consists of all sibling nodes at each level going down from root to leaf. This can be a lot of data, especially for wide trees.

Verkle Trees don't require that you provide the siblings in the proof my making use of polynomial commitments. They will allow you to prove the inclusion of some data zi in a list [z0, z1, z2...]. The list here are of course the hashes of all siblings in the same level and all we care about is that our current hash is indeed a part of it. Combine it with a technique that allows multiproofs through random evaluation, and you get even more efficient Verkle Trees.

Read Vitalik's post on Verkle Trees for more details.

Ethereum has plans to upgrade their Merkle-Patricia-Tries to them in the third upgrade stage called 'The Verge'.

  1. The Merge is Proof of Stake.
  2. The Surge is sharding.
  3. The Verge is Verkle trees.
  4. The Purge is things like state expiry and deleting old history.
  5. The Splurge is all of the other fun stuff.
The end meme

Markus Waas

Solidity Developer

More great blog posts from Markus Waas

  • Arbitrum Nitro

    How Ethereum scales with Arbitrum Nitro and how to use it

    A blockchain on a blockchain deep dive

    Have you heard of Arbitrum Nitro? The new WAVM enables Plasma but for smart contracts in a super efficient way! It enables having a side chain with guarantees of the Ethereum mainnet chain. Arbitrum has already been one of the most successful Layer 2s so far, and the new Nitro is a major upgrade...

  • TheGraph

    The New Decentralized The Graph Network

    What are the new features and how to use it

    Quite some time has passed since my last post about The Graph. If you don't know what it is and why it's useful, go and read the post. It's still relevant and explains in detail why it's needed and how to use it with the centralized hosted service. But the tl;dr is: Events on a blockchain are a...

  • zkSync

    zkSync Guide - The future of Ethereum scaling

    How the zero-knowledge tech works and how to use it

    Have you heard of zkSync and its new zkEVM? The new zkSync EVM enables Zero-knowledge proofs for any smart contract executions. What does that mean? Well read on later. But what it enables is having a side chain with similar (not not exact) guarantees of the Ethereum mainnet chain. How cool is...

  • Exploring the Openzeppelin CrossChain Functionality

    What is the new CrossChain support and how can you use it.

    For the first time Openzeppelin Contracts have added CrossChain Support. In particular the following chains are currently supported: Polygon: One of the most popular sidechains right now. We've discussed it previously here. Optimism: A Layer 2 chain based on optimistic rollups. We discussed the...

  • Hedera Preview

    Deploying Solidity Contracts in Hedera

    What is Hedera and how can you use it.

    Hedera is a relatively new chain that exists since a few years, but recently added token service and smart contract capabilities. You can now write and deploy Solidity contracts to it, but it works a little differently than what you might be used to. Let's take a look! What is the Hedera Network?...

  • Foundry Forge

    Writing ERC-20 Tests in Solidity with Foundry

    Blazing fast tests, no more BigNumber.js, only Solidity

    Maybe you are new to programming and are just starting to learn Solidity? One annoyance for you might have been that you were basically required to learn a second language (JavaScript/TypeScript) to write tests. This was undoubtedly a downside which is now gone with the new foundry framework. But...

  • Saving Money ERC-4626

    ERC-4626: Extending ERC-20 for Interest Management 

    How the newly finalized standard works and can help you with Defi

    Many Defi projects have an ERC-20 token which represents ownership over an interest generating asset. This is for example the case for lending/borrowing platforms (money markets) like Compound and Aave. As a lender you will receive aDAI or cDAI. And since lenders receive interest payments for...

  • ERC721-Permit

    Advancing the NFT standard: ERC721-Permit

    And how to avoid the two step approve + transferFrom with ERC721-Permit (EIP-4494)

    There's a new standard in the making. To understand how this really works, I recommend you take a look at my tutorials on: ERC721 ERC20-Permit ecrecover incl EIP712 But we'll try to cover the basics here also. You might be familiar already with ERC20-Permit (EIP-2612). It adds a new permit...

  • Moonbeam

    Moonbeam: The EVM of Polkadot

    Deploying and onboarding users to Moonbeam or Moonriver

    We've covered several Layer 2 sidechains before: Polygon xDAI Binance Smart Chain Evmos Aurora (NEAR) But Moonbeam is unique since it's a parachain of the Polkadot ecosystem. It only just launched which means you are now able to deploy smart contracts to the chain. Being able to deploy EVM...

  • Trading

    Advanced MultiSwap: How to better arbitrage with Solidity

    Making multiple swaps across different decentralized exchanges in a single transaction

    If you want maximum arbitrage performance, you need to swap tokens between exchanges in a single transaction. Or maybe you just want to save gas on certain swaps you perform regularly. Or maybe you have your own custom use case for swapping between decentralized exchanges. And of course maybe you...

  • Solana Solidity

    Deploying Solidity Smart Contracts to Solana

    What is Solana and how can you deploy Solidity smart contracts to it?

    Solana is a new blockchain focusing on performance. It supports smart contracts like Ethereum which they call Programs. You can develop those in Rust, but there's also a new project now to compile Solidity to Solana. In other words you can deploy your contracts written in Solidity now to Solana!...

  • People making fun

    Smock 2: The powerful mocking tool for Hardhat

    Features of smock v2 and how to use them with examples

    We’ve covered mocking contracts before as well as the first version of the new mocking tool Smock 2. It simplifies the mocking process greatly and also gives you more testing power. You’ll be able to change the return values for functions as well as changing internal contract storage directly!...

  • Evmos

    How to deploy on Evmos: The first EVM chain on Cosmos

    Deploying and onboarding users to Evmos

    We've covered several Layer 2 sidechains before: Polygon xDAI Binance Smart Chain Aurora Chain (NEAR) Optimism But this time we will do into the exciting new world of Cosmos. Many of the most interesting projects are currently building in the ecosystem and you can expect a lot to happen here in...

  • Diamonds

    EIP-2535: A standard for organizing and upgrading a modular smart contract system.

    Multi-Facet Proxies for full control over your upgrades

    The EIP-2535 standard has several projects already using it, most notably Aavegotchi holding many millions of dollars. What is it and should you use it instead of the commonly used proxy upgrade pattern? What is a diamond? We're not talking about diamond programmer hands here of course. A diamond...

  • MultiTrade

    MultiSwap: How to arbitrage with Solidity

    Making multiple swaps across different decentralized exchanges in a single transaction

    If you want maximum arbitrage performance, you need to swap tokens between exchanges in a single transaction. Or maybe you just want to save gas on certain swaps you perform regularly. Or maybe you have your own custom use case for swapping between decentralized exchanges. And of course maybe you...

  • Optimism Ethereum

    The latest tech for scaling your contracts: Optimism

    How the blockchain on a blockchain works and how to use it

    Have you heard of Optimism? The new Optimistic VM enables Plasma but for smart contracts! What does that mean? Well read on. But what it enables is having a side chain with guarantees of the Ethereum mainnet chain. How cool is that? And you can already use it for several apps on mainnet....

  • Aurora NEAR Protocol

    Ultimate Performance: The Aurora Layer2 Network

    Deploying and onboarding users to the Aurora Network powered by NEAR Protocol

    We've covered several Layer 2 sidechains before: Polygon xDAI Binance Smart Chain But today might be the fastest of them all. On top it's tightly connected to the NEAR protocol ecosystem, a PoS chain with a scalable sharding design. And of course they have a bridge to Ethereum! What is the Aurora...

  • ecrecover

    What is ecrecover in Solidity?

    A dive into the waters of signatures for smart contracts

    Ever wondered what the hell the deal is with the ecrecover command in Solidity? It's all about signatures and keys... What is ecrecover ? You may have seen ecrecover in a Solidity contract before and wondered what exactly the deal with this was. Well you came across the EVM precompile ecrecover....

  • Binance Smart Chain

    How to use Binance Smart Chain in your Dapp

    Deploying and onboarding users to the Binance Smart Chain (BSC)

    Defi has been a major contributor to the Binance Smart Chain taking off recently. Along with increasing gas costs on Ethereum mainnet which are actually at one of the lowest levels since a long time at the time of this writing, but will likely pump again at the next ETH price pump. So how does...

  • Using the new Uniswap v3 in your contracts

    What's new in Uniswap v3 and how to integrate Uniswap v3

    If you're not familiar with Uniswap yet, it's a fully decentralized protocol for automated liquidity provision on Ethereum. An easier-to-understand description would be that it's a decentralized exchange (DEX) relying on external liquidity providers that can add tokens to smart contract pools and...

  • London

    What's coming in the London Hardfork?

    Looking at all the details of the upcoming fork

    The Berlin Hardfork only just went live on April 14th after block 12,224,00. Next up will be the London Hardfork in July which will include EIP-1559 and is scheduled for July 14th (no exact block decided yet). So let's take a look at the new changes and what you need to know as a developer....

  • Computer Deployment Terminal

    The Ultimate Ethereum Mainnet Deployment Guide

    All you need to know to deploy to the Ethereum mainnet

    We all love Ethereum, so you've built some great smart contracts. They are tested intensely with unit-tests and on testnets. Now it's finally time to go to mainnet. But this is a tricky business... 1. What exactly is a deployment transaction? First let's quickly discuss what a contract deployment...

  • Sushi

    SushiSwap Explained!

    Looking at the implementation details of SushiSwap

    You've probably heard of SushiSwap by now. The Uniswap fork brought new features like staking and governance to the exchange. But how exactly are the contracts behind it working? It's actually not too difficult. Knowing how this works in detail will be a great way to learn about Solidity and...

  • Solidity Overview

    Solidity Fast Track 2: Continue Learning Solidity Fast

    Continuing to learn Solidity fast with the advanced basics

    Previously we learned all of the basics in 20 minutes. If you are a complete beginner, start there and then come back here. Now we'll explore some more advanced concepts, but again as fast as possible. 1. Saving money with events We all know gas prices are out of control right now, so it's more...

  • Berlin

    What's coming in the Berlin Hardfork?

    Looking at all the details of the upcoming fork

    The Berlin Hardfork is scheduled for April 14th after block 12,224,00. Later to be followed by the London Hardfork in July which will include EIP-1559. So let's take a look at the new changes and what you need to know as a developer. EIP-2929: Increased gas costs for state access EIP-2929 will...

  • Gas

    Using 1inch ChiGas tokens to reduce transaction costs

    What are gas tokens and example usage for Uniswap v2

    Gas prices have been occasionally above 1000 Gwei in the past in peak times. Given an ETH price of over 1000 USD, this can lead to insane real transaction costs. In particular this can be a pain when using onchain DEX's like Uniswap, resulting in hundreds of dollars transaction fees for a single...

  • Zeppelin

    Openzeppelin Contracts v4 in Review

    Taking a look at the new Openzeppelin v4 Release

    The Openzeppelin v4 contracts are now available in Beta and most notably come with Solidity 0.8 support. For older compiler versions, you'll need to stick with the older contract versions. The beta tag means there still might be small breaking changes coming for the final v4 version, but you can...

  • Loan

    EIP-3156: Creating a standard for Flash Loans

    A new standard for flash loans unifying the interface + wrappers for existing ecosystems

    As we've discussed last week, flash loans are a commonly used pattern for hacks. But what exactly are they and how are they implemented in the contracts? As of right now each protocol has its own way of implementing flash loans. With EIP-3156 we will get a standardized interface. The standard was...

  • Zero A story of anonymity and zk-SNARKs

    What is, how to use it and the future

    With the recent Yearn vault v1 hack from just a few days ago, we can see a new pattern of hacks emerging: 1. Get anonymous ETH via 2. Use the ETH to pay for the hack transaction(s). 3. Use a flash loan to decrease capital requirements. 4. Create some imbalances given the large...

  • Roulette Game

    High Stakes Roulette on Ethereum

    Learn by Example: Building a secure High Stakes Roulette

    It's always best to learn with examples. So let's build a little online casino on the blockchain. We'll also make it secure enough to allow playing in really high stakes by adding a secure randomness generator. Let's discuss the overall design first. Designing the contract Before we program...

  • Meta Transaction

    How to implement generalized meta transactions

    We'll explore a powerful design for meta transactions based on 0x

    Enabling meta transactions inside your contract is a powerful addition. Requiring users to hold ETH to pay for gas has always been and still is one of the biggest user onboarding challenges. Who knows how many more people would be using Ethereum right now if it was just a simple click? But...

  • Map

    Utilizing Bitmaps to dramatically save on Gas

    A simple pattern which can save you a lot of money

    As you may know the most expensive operation in Ethereum is storing data (SSTORE). So you should always look for ways to reduce the storage requirements. Let's explore a particularly useful one: Bitmaps. How to implement a simple Bitmap Let's assume we want to store 10 boolean values. Usually you...

  • Uniswap

    Using the new Uniswap v2 as oracle in your contracts

    How does the Uniswap v2 oracle function and how to integrate with it

    We've covered Uniswap previously here. But let's go through the basics first again. What is UniSwap? If you're not familiar with Uniswap yet, it's a fully decentralized protocol for automated liquidity provision on Ethereum. An easier-to-understand description would be that it's a decentralized...

  • People making fun

    Smock: The powerful mocking tool for Hardhat

    Features of smock and how to use them with examples

    We’ve covered mocking contracts before, but now there’s an additional great tool available: smock. It simplifies the mocking process greatly and also gives you more testing power. You’ll be able to change the return values for functions as well as changing internal contract storage directly! How...

  • 721 Insurance

    How to build and use ERC-721 tokens in 2021

    An intro for devs to the uniquely identifying token standard and its future

    The ERC-721 standard has been around for a while now. Originally made popular by blockchain games, it's more and more used for other applications like Defi. But what exactly is it? A non-fungible token (NFT) is a uniquely identifying token. The word non-fungible implies you cannot just replace...

  • Set Protocol

    Trustless token management with Set Protocol

    How to integrate token sets in your contracts

    With Set Protocol you can create baskets of tokens that give users different levels of exposure to underlying assets (currently only ERC-20 tokens). Set Protocol and their TokenSet functionality is the perfect example for making use of the new paradigm of Defi and composability. You can let...

  • Solidity 0.8

    Exploring the new Solidity 0.8 Release

    And how to upgrade your contracts to Solidity 0.8

    We are getting closer to that Solidity 1.0 release (unless of course after 0.9 comes 0.10). Now Solidity 0.8 has been released only 5 months after the 0.7 release! Let's explore how you can migrate your contracts today... New features & how to use them Let's look at the two big new features which...

  • Multi Currency

    How to build and use ERC-1155 tokens

    An intro to the new standard for having many tokens in one

    ERC-1155 allows you to send multiple different token classes in one transactions. You can imagine it as transferring Chinese Yuan and US Dollars in a single transfer. ERC-1155 is most commonly known for being used in games, but there are many more use cases for it. First of all though, what are...

  • RSK

    Leveraging the power of Bitcoins with RSK

    Learn how RSK works and how to deploy your smart contracts to it

    I'm always interested in what other ways one can use their blockchain and Solidity skills. While many projects are still only in the planning or in testnet status, with Rootstock (RSK) you can transfer mainnet Bitcoins to an EVM sidechain and vice-versa already today. Utilizing the power of the...

  • Solidity Overview

    Solidity Fast Track: Learn Solidity Fast

    'Learn X in Y minutes' this time with X = Solidity 0.7 and Y = 20

    You might be familiar with the Learn X in Y minutes. For example you could learn JavaScript in 20 minutes at Unfortunately there is no equivalent for Solidity, but this is about to change. Do you have 20 minutes to learn all of the basics? We even...

  • Decentralized Etherscan

    Sourcify: The future of a Decentralized Etherscan

    Learn how to use the new Sourcify infrastructure today

    We all love Etherscan. It's a great tool to interact with contracts, read the source codes or just see the status of your transactions. But unfortunately as great as it is, we should not forget that it's a centralized service. The website could be taken down any day. This kind of defeats the...

  • 0x Contracts

    Integrating the 0x API into your contracts

    How to automatically get the best prices via 0x

    How can you add 0x to your contracts to automatically convert between tokens? We have done this in a similar fashion before with Uniswap and Balancer. The 0x API has a bit of a twist. Let's take a look why... Why you want 0x in your contracts? It's simple: Okay, but seriously. Let's see why the...

  • 777

    How to build and use ERC-777 tokens

    An intro to the new upgraded standard for ERC-20 tokens

    The new upgraded standard for ERC-20 tokens is becoming more and more popular. It's fully backwards compatible, you can easily create one using the Openzeppelin contracts and there are many interesting new features not available in ERC-20. Should you upgrade from ERC-20? Well let's look into what...

  • Compound Governance

    COMP Governance Explained

    How Compound's Decentralized Governance is working under the hood

    You might have heard about the COMP token launch. With a current market cap of over 350 million USD, the token has accumulated massive value. But what is the actual utility of COMP? It's a governance token. Compound being a fully decentralized system (or at least on the way towards it), has a...

  • Stuck Car

    How to prevent stuck tokens in contracts

    And other use cases for the popular EIP-165

    Do you remember the beginning of the Dark Forest story? If not, let's look at it again: Somebody sent tokens to a smart contract that was not intended to receive tokens. This perfectly illustrates one of the issues not only with ERC-20 tokens, but generally with smart contracts. How can we find...

  • Automated Security Tools

    Understanding the World of Automated Smart Contract Analyzers

    What are the best tools today and how can you use them?

    As we all know, it's very difficult writing a complex, yet fully secure smart contract. Without the proper methods, chances are you will have many security issues. Automated security testing tools already exist and can be a great help. One of the main challenges for these tools is to maximize...

  • Long Way

    A Long Way To Go: On Gasless Tokens and ERC20-Permit

    And how to avoid the two step approve + transferFrom with ERC20-Permit (EIP-2612)!

    It's April 2019 in Sydney. Here I am looking for the Edcon Hackathon inside the massive Sydney university complex. It feels like a little city within a city. Of course, I am at the wrong end of the complex and I realize to get to the venue hosting the Hackathon I need to walk 30 minutes to the...

  • Waffles

    Smart Contract Testing with Waffle 3

    What are the features of Waffle and how to use them.

    Waffle has been a relatively recent new testing framework, but has gained a lot of popularity thanks to its simplicity and speed. Is it worth a try? Absolutely. I wouldn't run and immediately convert every project to it, but you might want to consider it for new ones. It's also actively being...

  • xDai

    How to use xDai in your Dapp

    Deploying and onboarding users to xDai to avoid the high gas costs

    Gas costs are exploding again, ETH2.0 is still too far away and people are now looking at layer 2 solutions. Here's a good overview of existing layer 2 projects: Today we will take a closer look at xDai as a solution for your Dapp. What are...

  • 15 Stacks

    Stack Too Deep

    Three words of horror

    You just have to add one tiny change in your contracts. You think this will take you only a few seconds. And you are right, adding the code took you less than a minute. All happy about your coding speed you enter the compile command. With such a small change, you are confident your code is...

  • Chainlink Thumbnail

    Integrating the new Chainlink contracts

    How to use the new price feeder oracles

    By now you've probably heard of Chainlink. Maybe you are even participating the current hackathon? In any case adding their new contracts to retrieve price feed data is surprisingly simple. But how does it work? Oracles and decentralization If you're confused about oracles, you're not alone. The...

  • TheGraph

    TheGraph: Fixing the Web3 data querying

    Why we need TheGraph and how to use it

    Previously we looked at the big picture of Solidity and the create-eth-app which already mentioned TheGraph before. This time we will take a closer look at TheGraph which essentially became part of the standard stack for developing Dapps in the last year. But let's first see how we would do...

  • truffle buidler typescript

    Adding Typescript to Truffle and Buidler

    How to use TypeChain to utilize the powers of Typescript in your project

    Unlike compiled languages, you pretty much have no safeguards when running JavaScript code. You'll only notice errors during runtime and you won't get autocompletion during coding. With Typescript you can get proper typechecking as long as the used library exports its types. Most Ethereum...

  • Balance Rope

    Integrating Balancer in your contracts

    What is Balancer and how to use it

    What is Balancer? Balancer is very similar to Uniswap. If you're not familiar with Uniswap or Balancer yet, they are fully decentralized protocols for automated liquidity provision on Ethereum. An easier-to-understand description would be that they are decentralized exchanges (DEX) relying on...

  • mousetrap

    Navigating the pitfalls of securely interacting with ERC20 tokens

    Figuring out how to securely interact might be harder than you think

    You would think calling a few functions on an ERC-20 token is the simplest thing to do, right? Unfortunately I have some bad news, it's not. There are several things to consider and some errors are still pretty common. Let's start with the easy ones. Let's take a very common token: ... Now to...

  • Aave

    Why you should automatically generate interests from user funds

    How to integrate Aave and similar systems in your contracts

    If you're writing contracts that use, hold or manage user funds, you might want to consider using those funds for generating free extra income. What's the catch? That's right, it's basically free money and leaving funds unused in a contract is wasting a lot of potential. The way these...

  • Matic Logo

    How to use Polygon (Matic) in your Dapp

    Deploying and onboarding users to  Polygon  to avoid the high gas costs

    Gas costs are exploding again, ETH2.0 is still too far away and people are now looking at layer 2 solutions. Here's a good overview of existing layer 2 projects: Today we will take a closer look at Polygon (previously known as Matic) as a...

  • Migrating from Truffle to Buidler

    And why you should probably keep both.

    Why Buidler? Proper debugging is a pain with Truffle. Events are way too difficult to use as logging and they don't even work for reverted transactions (when you would need them most). Buidler gives you a console.log for your contracts which is a game changer. And you'll also get stack traces...

  • Factory

    Contract factories and clones

    How to deploy contracts within contracts as easily and gas-efficient as possible

    The factory design pattern is a pretty common pattern used in programming. The idea is simple, instead of creating objects directly, you have an object (the factory) that creates objects for you. In the case of Solidity, an object is a smart contract and so a factory will deploy new contracts for...

  • IPFS logo

    How to use IPFS in your Dapp?

    Using the interplanetary file system in your frontend and contracts

    You may have heard about IPFS before, the Interplanetary File System. The concept has existed for quite some time now, but with IPFS you'll get a more reliable data storage, thanks to their internal use of blockchain technology. Filecoin is a new system that is incentivizing storage for IPFS...

  • tiny-kitten

    Downsizing contracts to fight the contract size limit

    What can you do to prevent your contracts from getting too large?

    Why is there a limit? On November 22, 2016 the Spurious Dragon hard-fork introduced EIP-170 which added a smart contract size limit of 24.576 kb. For you as a Solidity developer this means when you add more and more functionality to your contract, at some point you will reach the limit and when...


    Using EXTCODEHASH to secure your systems

    How to safely integrate anyone's smart contract

    What is the EXTCODEHASH? The EVM opcode EXTCODEHASH was added on February 28, 2019 via EIP-1052. Not only does it help to reduce external function calls for compiled Solidity contracts, it also adds additional functionality. It gives you the hash of the code from an address. Since only contract...

  • Uniswap

    Using the new Uniswap v2 in your contracts

    What's new in Uniswap v2 and how to integrate Uniswap v2

    Note : For Uniswap 3 check out the tutorial here. What is UniSwap? If you're not familiar with Uniswap yet, it's a fully decentralized protocol for automated liquidity provision on Ethereum. An easier-to-understand description would be that it's a decentralized exchange (DEX) relying on external...

  • Continuous Integration

    Solidity and Truffle Continuous Integration Setup

    How to setup Travis or Circle CI for Truffle testing along with useful plugins.

    Continuous integration (CI) with Truffle is great for developing once you have a basic set of tests implemented. It allows you to run very long tests, ensure all tests pass before merging a pull request and to keep track of various statistics using additional tools. We will use the Truffle...

  • Devcon 6

    Upcoming Devcon 2021 and other events

    The Ethereum Foundation just announced the next Devcon in 2021 in Colombia

    Biggest virtual hackathon almost finished First of all, the current HackMoney event has come to an end and it has been a massive success. One can only imagine what kind of cool projects people have built in a 30 days hackathon. All final projects can be seen at:...

  • ERC-2020

    The Year of the 20: Creating an ERC20 in 2020

    How to use the latest and best tools to create an ERC-20 token contract

    You know what an ERC-20 is, you probably have created your own versions of it several times (if not, have a look at: ERC-20). But how would you start in 2020 using the latest tools? Let's create a new ERC-2020 token contract with some basic functionality which focuses on simplicity and latest...

  • hiring

    How to get a Solidity developer job?

    There are many ways to get a Solidity job and it might be easier than you think!

    You have mastered the basics of Solidity, created your first few useful projects and now want to get your hands on some real-world projects. Getting a Solidity developer job might be easier than you think. There are generally plenty of options to choose from and often times not a lot of...

  • People making fun

    Design Pattern Solidity: Mock contracts for testing

    Why you should make fun of your contracts

    Mock objects are a common design pattern in object-oriented programming. Coming from the old French word 'mocquer' with the meaning of 'making fun of', it evolved to 'imitating something real' which is actually what we are doing in programming. Please only make fun of your smart contracts if you...

  • React and Ethereum

    Kickstart your Dapp frontend development with create-eth-app

    An overview on how to use the app and its features

    Last time we looked at the big picture of Solidity and already mentioned the create-eth-app. Now you will find out how to use it, what features are integrated and additional ideas on how to expand on it. Started by Paul Razvan Berg, the founder of sablier, this app will kickstart your frontend...

  • Solidity Overview

    The big picture of Solidity and Blockchain development in 2020

    Overview of the most important technologies, services and tools that you need to know

    Now, I do not know about you, but I remember when I first started with Solidity development being very confused by all the tools and services and how they work in connection with one another. If you are like me, this overview will help you understand the big picture of Solidity development. As I...

  • Design Pattern Solidity: Free up unused storage

    Why you should clean up after yourself

    You may or may not be used to a garbage collectors in your previous programming language. There is no such thing in Solidity and even if there was a similar concept, you would still be better off managing state data yourself. Only you as a programmer can know exactly which data will not be used...

  • How to setup Solidity Developer Environment on Windows

    What you need to know about developing on Windows

    Using Windows for development, especially for Solidity development, can be a pain sometimes, but it does not have to be. Once you have configured your environment properly, it can actually be extremely efficient and Windows is a very, very stable OS, so your overall experience can be amazing. The...

  • Avoiding out of gas for Truffle tests

    How you do not have to worry about gas in tests anymore

    You have probably seen this error message a lot of times: Error: VM Exception while processing transaction: out of gas Disclaimer : Unfortunately, this does not always actually mean what it is saying when using Truffle , especially for older versions. It can occur for various reasons and might be...

  • Design Pattern Solidity: Stages

    How you can design stages in your contract

    Closely related to the concept of finite-state machines, this pattern will help you restrict functions in your contract. You will find a lot of situations where it might be useful. Any time a contract should allow function calls only in certain stages. Let's look at an example: contract Pool {...

  • Web3 1.2.5: Revert reason strings

    How to use the new feature

    A new Web3 version was just released and it comes with a new feature that should make your life easier. With the latest version 1.2.5, you can now see the the revert reason if you use the new handleRevert option. You can activate it easily by using web3.eth.handleRevert = true . Now when you use...

  • Gaining back control of the internet

    How Ocelot is decentralizing cloud computing

    I recently came across an ambitious company that will completely redefine the way we are using the internet. Or rather, the way we are using its underlying infrastructure which ultimately is the internet. While looking at their offering, I also learned how to get anonymous cloud machines, you...

  • Devcon 5 - Review

    Impressions from the conference

    I had a lot to catch up on after Devcon. Also things didn't go quite as planned, so please excuse my delayed review! This year's Devcon was certainly stormy with a big typhoon warning already on day 1. Luckily (for us, not the people in Tokyo), it went right past Osaka. Nevertheless, a lot of...

  • Devcon 5 - Information, Events, Links, Telegram

    What you need to know

    Devcon 5 is coming up soon and there are already lots of events available, information about Osaka and more. Here is a short overview: Events Events Calendar Events Google Docs Events Kickback Most events are in all three, but if you really want to see all, you will have to look at all three...

  • Design Pattern Solidity: Off-chain beats on-chain

    Why you should do as much as possible off-chain

    As you might have realized, Ethereum transactions are anything but cheap. In particular, if you are computing complex things or storing a lot of data. That means sometimes we cannot put all logic inside Solidity. Instead, we can utilize off-chain computations to help us. A very simple example...

  • Design Pattern Solidity: Initialize Contract after Deployment

    How to use the Initializable pattern

    There are a few reasons why you might want to initialize a contract after deployment and not directly by passing constructor arguments. But first let's look at an example: contract MyCrowdsale { uint256 rate; function initialize(uint256 _rate) public { rate = _rate; } } What's the advantage over...

  • Consensys Blockchain Jobs Report

    What the current blockchain job market looks like

    Consensys published their blockchain jobs report which you can checkout in their Blockchain Developer Job Kit. The most interesting aspects are Blockchain developer jobs have been growing at a rate of 33x of the previous year according to LinkedIns jobs report Typical salary is about...

  • Provable — Randomness Oracle

    How the Oraclize random number generator works

    One particularly interesting approach by Provable is the usage of a hardware security device, namely the Ledger Nano S. It uses a trusted execution environment to generate random numbers and provides a Provable Connector Contract as interface. How to use the Provable Randomness Oracle? Use the...

  • Solidity Design Patterns: Multiply before Dividing

    Why the correct order matters!

    There has been a lot of progress since the beginning of Ethereum about best practices in Solidity. Unfortunately, I have the feeling that most of the knowledge is within the circle of experienced people and there aren’t that many online resources about it. That is why I would like to start this...

  • Devcon 5 Applications closing in one week

    Devcon 5 Applications closing

    Watch out for the Devcon 5 applications. You only have one week left to apply either as Buidler Student Scholarship Press Devcon is by far the biggest and most impressive Ethereum conference in the world. And it's full of developers! I am especially excited about the cool location this year in...

  • Randomness and the Blockchain

    How to achieve secure randomness for Solidity smart contracts?

    When we talk about randomness and blockchain, these are really two problems: 1. How to generate randomness in smart contracts? 2. How to produce randomness for proof-of-stake (POS) systems? Or more generally, how to produce trusted randomness in public distributed systems? There is some overlap...