A general guide to learning Solidity, Defi, and blockchain technologies.
🔖 = bookmark

🔖 Remix - tool for testing smart contracts
Ethereum unit converter

🔖 Solidity Documentation and Cheatsheet
🔖 Solidity Best practices
🔖 Solidity By example

ERC20 Docs via OpenZeppelin library
Zero-Knowledge Proofs

🔖 Solidity Contract Layout

1. Patrick Collins Courses:

• Harhat Course - Youtube and Github
• Foundry Course - Youtube and Github

2. Smart Contract Programmer: Youtube (one of the creators of Solidity by example)

3. HashLips NFT: Youtube and Github

🔖 Secureum Mind Map

Blockchain Developer Roadmap - more detailed (tons on Twitter)
Blockchain 101 (video)
How Bitcoin Works (video)
Whiteboard Crypto Youtube Channel
Why Hexadecimal and 256 Bit Computing

🔖 Andy Li - interviews
Johnny Time - interviews
Blockchain and Money (MIT Fall 2018) ...taught by Gary Gensler...

• Conceptual idea of contracts with Harvard Prof. Lawrence Lessig

Campbell Harvey (Prof. Duke) author of DeFi and the Future of Finance
Berkeley -- Berkeley DeFi class (for the AMA’s) and subscribe to RDI
Ethereum Engineering Group (Peter Robinson - Head of Blockchain at Immutable X)

Mastering Ethereum - essential guide both general and technical (FREE)
Mastering Bitcoin - bit more technical (and perhaps duller) than Mastering Ethereum (FREE)
Deconstructing Solidity - breaks down Solidity to its byte code

The Infinite Machine - historical context how Ethereum started, think The Social Network meets Silicon Valley
The Art of Invisibility - (David M) about online anonymity
Tracers in the Dark by Andy Greenberg - covers transparency of Bitcoin and cybercrime - 10/10 recommend!

• How to Peel a Million: Validating and Expanding Bitcoin Clusters - Sarah Meiklejohn and team

How to DeFi: Beginner and/or Advanced
DeFi and the Future of Finance - particularly Chapter 6: deep dive

Matt Levine: Bloomberg Opinion Columnist per Dan Robinson
Blockchain Threat Intelligence - blog

Bankless Podcast
Unchained podcast
Scraping Bits Podcast

🔖 Ethernaut Challenges via OpenZeppelin

• Solved in Foundry
• D-Squared's Channel and DeFiDeveloperAcademy's Channel

🔖 Damn Vulnerable DeFi
Crypto Zombies (old)
Speed Run Ethereum via Austin Griffith
Teachyourselfcrypto.com
Exercises via JumpCryptoHQ

• 10 Solidity Questions
• 40 Solidity Questions
• 100 Solidity Questions

How storage works; Patrick Collins visual walkthrough; sample contract FunWithStorage
How Storag Works
Storage vs Memory
Foundry Debugger 7:01:10
Ethernaut Lvl 19 MagicNumber

🔖 Opcodes Updated vs. - Old Git and video
🔖 Ethereum Signature Database or Open Chain
🔖 EVM Storage

Play with opcodes

Not invented here: meaning the security risk is often greater than improvement value

address - holds a 20 byte value (size of an Ethereum address)

A transaction costs a base of 21,000 gas; each computational step costs ~2-10 gas (usually); each byte of data costs 16 gas (4 if zero byte); editing a storage slot costs 5,000 gas (20,000 if not yet filled)

• check != 0 rather than >

• struct packing - using a smaller-sized uint when possible will allow Solidity to pack these variables together

• cluster identical data types together

• strings, arrays, and loops are computationally expensive

• custom errors - more gas efficient, denoted with __ two underscores: error FundMe__NotOwner();

• constant - naming convention ALL_CAPS; more gas efficient

• immutable - set inside the constructor but cannot be modified after, more gas efficient: i_owner, i meaning immutable

• batch minting

• in testing it's common to prepend storage variables with s_

• Hardhat gas reporter

• Foundry Snapshot

• Yul and Huff (lower level bytecode languages]

• Huff starter Kit

🔖 Rekt News
🔖 Vulnerabilities types via Kadenzipfel

Top 10 Vulnerabilities In Web3
Attacks via Consensys Best Practices

• Reetrancy - relies on a certain order of operations; a reentrant procedure can be interrupted in the middle of its execution. Following the interruption, the procedure can be called again (“reentered”) before its previous invocations complete execution; exploits “fallback”; A Historical Collection of Reentrancy Attacks
• Sandwich Attack - a form of front-running and back-running simultaneously, with the original pending transaction sandwiched in between
• Flash loans
• Front Running
• Double spending - 51% is one of the most commonly cited attacks
• Denial of service (DoS; DDoS attack)
• Oracle Manipulation - Awesome-oracle-manipulation
• Replay attack - a replay of a transaction primarily taken place while a hard fork is being implemented; a delay or intercept data transmission that occurs over a network. This information can then be processed and repeated numerous times to effectively duplicate transactions
• Vulnerabilities walkthrough
• Ethernaut Denial while true fallback gas attack

What is an audit? - security focused code review; it is a best effort endeavor, not a guarantee
Audit Techniques & Tools 101 by Secureum
What are the Actual Flaws in Important Smart Contracts

🔖 The Solcurity Standard audit checklist
Reports

• 🔖 Solodit
• 🔖 Code4rena
• Report Blog and Bowtie's blog

1. solidity/evm oriented bugs, this include bugs based on compiler version or certain evm specific bugs
2. Logical bugs, this is arguably the biggest surface for attacks as it can be very project-specific
3. Ecosystem oriented bugs, includes projects explicit and implicit interaction with whole blockchain: frontrunning/sandwiching, oracle manipulations, incorrect integrations, flashloan attacks, all go here

Most auditor discussions are on Twitter.

• Christoph Michel (#1 auditor on Code4Arena) and blog mentions Khan A. for Finance)

• Tincho

• Pashov

• Andy Li's road map

• 0kage.eth road map

• Jackson Kelley

• Patrick Collins - How to Audit a Smart Contract and Lesson 13: Aave liquidationCall()

• Chainlink Auditing 101

• Owen Thurm's Channel

• Blue Alder - Wallet Mining Walkthrough

• Dacian's blog

• Volodya's Blog

• The Auditooor Grindset blog

• 5 Solidity Code Smells

Simple-security-toolkit

High - leads to a loss of a significant portion (>10%) of assets in protocol, or significant harm to a majority of users.
Medium - global losses <10% or losses to only a subset of users, but still unacceptable.
Low - losses will be annoying but bearable--applies to things like griefing attacks that can be easily repaired or even gas inefficiencies.
informational - findings to improve efficiency
gas efficiencies - findings to improve efficiency

Mapping contracts with Surya and video (old/deprecated/)

Makefile for Foundry
CEI - checks, effects, (external) interactions
Arrange - set up, Act - action, Assert

Invariant testing 3:23:40
Foundry Testing 3:27:25

• depth — number of calls in a run

Test types: 28:43

• Unit
  • Using modifiers 1:21:05
• Integration
• Forked
• Staging

Decoding calldata
Named imports

• Code4rena
• Immunefi
• Sherlock
• Code Hawks

Capture The Flag (CTF) Games:

• Ethernaut

🔖 Layer2 Beat
🔖 Defi Llama

Uniswap - exchange video

• Auto router
• Client side router

Curve - exchange
Compound - lending
Aave - lending video (Finnish for ghost, alludes to anonymity of transactions)

• Aave Tesnet
• LTV - Loan To Value
• APY - annual percentage yield
• Build a liquidation - bot

Lido - staking

Collateral swaps
Concentrated liquidity
MEV - MAXIMAL EXTRACTABLE VALUE
Flashbots.net

Types
1.
2.

Dai - MakerDAO

Stablecoin Trilemma: scalable, decentralized, stable.

Rebase — adding tokens
Debase — removing tokens

seigniorage - Revenue or a profit taken from the minting of coins; the difference between the face value of money, such as a $10 bill or a quarter coin, and the cost to produce it. In other words, the cost of producing a currency within a given economy or country is lower than the actual exchange value, which generally accrues to governments that mint the money.

Spot price - the current price in the marketplace at which a given asset—such as a security, commodity, or currency—can be bought or sold for immediate delivery
Spot Price Manipulation - A smart contract needs to determine the price of an asset, e.g., when a user deposits ETH into its system. To achieve this price discovery, the protocol consults its respective Uniswap pool as a source. Exploiting this behavior, an attacker can take out a flash loan to drain one side of the Uniswap pool. Due to the lack of data source diversity, the protocol's internal price is directly manipulated, e.g., to 100 times the original value. The attacker can now perform an action to capture this additional value. For example, an arbitrage trade on top of the newly created price difference or an advantageous position in the system can be gained.

Nomi Prins - Collusion: How Central Bankers Rigged the World
Susanne Trimbath - Naked, Short and Greedy: Wall Street's Failure to Deliver
Michael Lewis - Flash Boys and The Big Short

• Quote stuffing
• Spoofing
• Glass Steagall
• RegSho
• Regulatory capture

• Alchemy
• Etherscan
• echidna
• Slither
  • Static Analyzer
  • JohnnyTime article
• Foundry
  • Cheat Codes
• Inline bookmarks // @audit this code seems vulnerable here
• Ethers
• Hardhat
  • Forking mainnet
  • Import “hardhat/console.sol”; allows for console.log in Solidity contracts
• Wagmi
• Web3.js
• Surya

Rabby Wallet
Metamask

• Chainalysis
• Chainlink
• Consensys
• Cyfrin
• Secureum
• Spearbit
• Trail of Bits
• YAcademy
• Zellic

Bitcoin whitepaper
Ethereum whitepaper (periodically updated)
Uniswap V3 whitepaper

Merkle Trees

Improving the Efficiency and Reliability of Digital Time-Stamping
Secure Names for Bit-Strings
Anonymous Payments Lecture

Academic Smart_Contract_Papers

More Resources from Patrick Collins

• ERC-20 - Token contract for fungible assets. [Ethereum Request for Comment]
• ERC-721 - Token standard for non-fungible assets.
• ERC-1155 - Multi Token Standard to take the best from previous standards to create a fungibility-agnostic and gas-efficient token contract.
• ERC-918 - Mineable Token Standard.
• ERC-165 - Creates a standard method to publish and detect what interfaces a smart contract implements.
• ERC-725 - A standard interface for a simple proxy account.
• ERC-173 - A standard interface for ownership of contracts.
• ERC-2981 - standardized way to retrieve royalty payment information across all NFT marketplaces and ecosystem participants
• ERC-1155 - multi coin staking; Video

NFT's and Atomic NFT's lecture with Ari Juels of whom with Sergey Nazarov co-authored a white paper introducing the Chainlink protocol.

Aave - decentralised non-custodial liquidity market protocol where users can participate as suppliers or borrowers. Suppliers provide liquidity to the market to earn a passive income, while borrowers are able to borrow in an overcollateralised (perpetually) or undercollateralised (one-block liquidity) fashion; Stani Kulechov interview by Haseeb Qureshi -- Aave website

ABI - application binary interface specifies set of functions that can be accessed outside of smart contract; similar to a JSON; Abi.encodePacked - breaks down, via cheatsheet; Abi.decode; Great Patrick Collins section 22:16:31 and ABI encoding and difference between encoding

address - (Ethereum; other blockchains will be different) 42-character hexadecimal address derived from the last 20 bytes of the public key controlling the account with 0x appended in front 0x0cE446255506E92DF41614C46F1d6df9Cc969183

AMM - Automated Market Maker; underlying protocol that powers all decentralized exchanges (DEXs), DEXs help users exchange cryptocurrencies by connecting users directly, without an intermediary; autonomous trading mechanisms that eliminate the need for centralized exchanges; drawback: susceptible to front running because of publicity in mempool

Application-specific integrated circuit or ASIC - The most powerful computer has the greatest chance of solving the puzzle, and so ASIC mining was created to maximize the possibility of mining; see also GPU

arrays - fixed [2] length of 2 elements and dynamic [] arrays with no fixed size; can also create an array of structs or 2D array

assertEQ - Assert a is equal to b

atomic swap - an exchange of cryptocurrencies from separate blockchains; the term "atomic state" in which a state has no substates; it either happens or it doesn't—there is no other alternative. investopedia

Beacon Chain - a separate chain from the original Ethereum Mainnet, running side-by-side; withdrawals

blob - binary large object is a collection of data of an arbitrary size. Blobs do not have to follow a given format or have any metadata associated with them. They are a series of bytes, with each byte made up of 8 bits (a 1 or a 0, hence the "binary" descriptor). Any type of data can go in a blob; efficient and cheap transaction.

block.timestamp - convert a uint of the number of seconds in that length of time. So 1 minutes is 60, 1 hours is 3600 (60 seconds x 60 minutes), 1 days is 86400 (24 hours x 60 minutes x 60 seconds), find on cheatsheet

bridges - a blockchain bridge: and Youtube connects two blockchain ecosystems. Bridges facilitate communication between blockchains through the transfer of information and assets.

Byzantine fault or Byzantine generals problem - a condition of a computer system, particularly distributed computing systems, where components may fail and there is imperfect information on whether a component has failed; thus the reason for Proof of Work

CFMM - Constant Function Market Makers: article

clustering - tracing bitcoin via blockchain analysis; tracing Bitcoin user wallets by tracking wallet “change” creation; using tags; peel chains How to Peel a Million: Validating and Expanding Bitcoin Clusters Sarah Meiklejohn and team; also A Fistful of Bitcoins: Characterizing Payments Among Men with No Names

codecopy - copying code from one place to another is handled by the opcode codecopy, see article

Compound - a DeFi lending protocol that allows users to earn interest on their cryptocurrencies by depositing them into one of several pools

coinbase transaction - the first transaction in a block. Miners use it to collect the block reward, and any additional transaction fees.

constant - naming convention ALL_CAPS; more gas efficient

constructor - called once when contract is deployed

creation code - only executed by the EVM once during the transaction that creates the contract. gets executed in a transaction, which returns a copy of the runtime code, which is the actual code of the contract. The contract’s constructor is part of the creation code; it will not be present in the contract’s code once it is deployed.

custom errors - declared at top, more gas efficient

DAI - stablecoin on the Ethereum blockchain whose value is pegged to $US

dark forest - “all people with nodes on major blockchains grinding on mempool transactions” - 9:40 Andrew Miller AMA and later mentions David Chaum Dan Robinson’s blog post

data Locations - Storage, Memory and Calldata

1. storage - variable is a state variable (store on blockchain)
2. memory - variable is in memory and it exists while a function is being called
3. calldata - special data location that contains function arguments

delegatcall - identical to a message call apart from the fact that the code at the target address is executed in the context; a contract can dynamically load code from a different address at runtime. Storage, current address and balance still refer to the calling contract, only the code is taken from the called address. Pattick Collins explanation 1:05:07:37; shorter video

describe () - function in Jasmine framework used for testing

deterministic algorithm - an algorithm that, given a particular input, will always produce the same output, with the underlying machine always passing through the same sequence of states

dutch auction - a descending price auction; an auctioneer starts with a very high price, incrementally lowering the price until someone places a bid

elliptic curve - elliptic curve cryptography with fastecdsa library

enums - useful to model choice and keep track of state/can be declared outside of a contract

EIP - (Ethereum Improvement Proposal) a formal proposal to alter some element of the Ethereum network

EOA - Externally Owned Account; in general, there are two types of accounts: externally owned accounts, controlled by private keys, and contract accounts, controlled by their contract code

events - allow logging to the Ethereum blockchain; Use cases for events are: Listening for events and updating user interface; cheap form of storage

EVM - Ethereum is a stack based architecture, single threaded.

fallback - special function executed either when a function that does not exist is called or Ether is sent directly to a contract but receive() does not exist or msg.data is not empty; fallback has a 2300 gas limit when called by transfer or send

flashbots - independent project which extends execution clients with a service allowing searchers to submit MEV transactions to validators without revealing them to the public mempool; prevents transactions from being frontrun by generalized frontrunners; video

• How to build flashbots

flash-swap - all trades must occur during single transaction: opportunity for arbitragers

flooding - routing

fork - investopedia "To fork or not to fork? - a radical change to a network's protocol that makes previously invalid blocks and transactions valid, or vice-versa. A hard fork requires all nodes or users to upgrade to the latest version of the protocol software; twitter status

function selector - first 4 bytes of the function signature: ex: 0xa9059cbb; excellent Patrick Collins section 22:46:43; shorter video; there can be function selector clashes
function signature - string that defines function name & parameters: ex: “transfer(address, uint256)”

fuzzing - or fuzz testing involves providing invalid, unexpected, or random data as inputs in an attempt to break/crash the system

gas - transactions with higher gas price have higher priority to be included in a block;

genesis block- the first block mined on a blockchain

hashcash - a proof-of-work system invented by Adam Back in 1997 as a way to prevent email spam precursor to Bitcoin

Hashed Timelock Contract or (HTLC) reduces counterparty risk by creating a time-based escrow that requires a cryptographic passphrase for unlocking via investopedia

Howey Test - refers to the U.S. Supreme Court case for determining whether a transaction qualifies as an "investment contract," and therefore would be considered a security; (per Infinite Machine Chp. White-Shoe Lawyers) Ether presale was classified as a utility, a function of ethereum and therefore not a security; manner distribution of a product and not as a speculative investment; essentially a utility token

immutable - can be set inside the constructor but cannot be modified afterwards, more gas efficient: i_owner - i meaning immutable

impermanent loss - a temporary loss of funds occurring when providing liquidity; occurs when the mathematical formula adjusts the asset ratio in a pool to ensure they remain at 50:50 in terms of value and the liquidity provider loses out on gains from a deposited asset that outperforms; whiteboard crypto video

interface - a list of function definitions without implementation. In other words, an interface is a description of all functions that an object must have for it to operate; convention preface I as in IERC721; video

internal - same as private, except it's accessible to contracts that inherit

interoperability - the ability of independent distributed ledger networks to communicate with each other, exchange and make use of data; ability to move a digital asset between two or more blockchains while maintaining the state and uniqueness of the asset consistent throughout the process

invariant - invariant a computer programming construct consisting of a set of invariant properties that remain uncompromised regardless of the state of the object; a property of a system that should always hold

• Stateless fuzzing: where the state of the previous run is discarded for every new run
• Stateful fuzzing: fuzzing where final state of previous run is the starting state of the next run

IPFS - InterPlanetary File System (IPFS) a set of composable, peer-to-peer protocols for addressing, routing, and transferring content-addressed data in a decentralized file system; see also Swarm

it() - defined by the jasmine testing framework, to declare the expected output and have a fair check if it matches the coded conditions

import path resolution - name import

Keccak256 - SHA-3/Secure Hash Algorithm; using it in a contract

Know Your Customer or KYC - guidelines and regulations in financial services that require professionals to verify the identity, suitability, and risks involved with maintaining a business relationship with a customer; providing documents AML (anti money laundering)

layer 0 - the underlying infrastructure upon which multiple Layer 1 blockchains can be built; a network framework running beneath the blockchain. It is made up of protocols, connections, hardware, miners, and more that forms the foundation of the blockchain ecosystem. Layer: 0, 1, 2, 3 etc.

linting - the process of running a program that will analyze code for potential errors (verifying code quality) [eslint(https://eslint.org/)

magic number wiki unique value with unexplained meaning or multiple occurrences which could (preferably) be replaced with a named constant

memepool - or memory pool is a dynamic staging area in front of the blockchain that enables transaction ordering, fee prioritization, and general block construction; a list of pending transactions waiting for validation from a node before it is committed to a block on the blockchain

MEV - maximal (formerly miner) extractable value; referred to as an “invisible tax” that miners can collect from users – essentially, the maximum value a miner can extract from moving around transactions when producing a block on a blockchain network; video

mocking- creating objects that simulate the behaviour of real objects; primarily used in unit testing

modifier - _; check requirements prior to execution code that can be run before and/or after a function call

1. Restrict access
2. Validate inputs
3. Guard against reentrancy hack

msg.sender - there will always be a msg.sender; one who call contract

NatSpec - Ethereum Natural Language Specification Format @title and @author are straightforward; @notice explains the contract function does; @dev is for explaining extra details to developers; @param and @return are for describing what each parameter and return value of a function are for

Nick Szabo - Nick Szabo coined the phrase and concept of "smart contracts"

node - blockchains are decentralized, immutable, digital ledgers shared across a peer-to-peer network. Acting as a database, transaction data is permanently recorded, stored and encrypted onto the “blocks” that are then “chained” together. The physical, electronic devices (a computer, typically) that maintain copies of the chains webbing a network together, keeping the blockchain operational, are called nodes

• lightweight nodes - are downloaded wallets connected to full nodes for validating the data stored on the blockchain. Simple Payment Verification (SPV) node or lightweight node is used in day-to-day crypto operations.

nonce - transaction code for this account starting with 0; makes transactions unique; important regarding concurrency; If the account is an externally owned account, this number represents the number of transactions sent from the account’s address. If the account is a contract account, the nonce is the number of contracts created by the account; short video

Omner blocks - previously Uncle, it's possible for two blocks to be created simultaneously by a network. When this happens, one block will be left out. This leftover block is called an ommer block. In the past, they were called uncle blocks, referring to the familial relationships used to describe block positions within a blockchain

Opcode - operation code; the portion of a machine language instruction that specifies the operation to be performed; see gas Opcode

oracle - entities that connect blockchains to external systems, thereby enabling smart contracts to execute based upon inputs and outputs from the real world; a way for the decentralized ecosystem to access existing data sources, legacy systems, and advanced computations (blockchain middleware); also oracle manipulation via flash loans etc...

ownable - an owner who has special privileges

permission vs permissionless - comparison permissioned blockchains are distributed ledger technology (DLT) that sacrifice some degree of decentralization and anonymity to better suit business needs as well as achieve higher network speed and efficiency.

PII - personal Identifying information.

proof of concept - piece of code that demonstrates the vulnerability is exploitable; 100Proof's sample

private functions - it's convention to start private function names with an underscore (_): function _functionname() private {}

private relayers - "flashbots protect; no one sees transaction and can't front run it" per 32:50 of Dan Robinson AMA (e.g., Flashbots, Bloxroute, Ethermine, Eden)

Proxies - abstract contract implementing the core delegation functionality (upgrading a smart contract with a new one via delegatecall) dangers include: storage clashes and function selector clashes; Patrick Collins sample 1:05:16:02; shorter video

• implementation contract
• proxy contract --> points to correct implementation
• the user makes calls to proxy
• the admin decides which contract to upgrade etc

pure - static, does not effect or modify state, more computational [free function]

revert - gives back gas but loses some in process

remote procedure call or RPC - when a computer program causes a procedure (subroutine) to execute in a different address space (commonly on another computer on a shared network), which is written as if it were a normal (local) procedure call, without the programmer explicitly writing the details for the remote interaction

safeMath - before 0.8.0. there were overflow and underflow issues; prior to that version, solidity's "+" operator wouldn't check for overflows, leading to type(uint256).max + 1 = 0, and the safeMath library would avoid it. Now, type(uint256).max + 1 reverts with Panic(0x11), and safeMath isnt needed.

self destruct - leaves a blank account; costs negative gas, does not remove transaction history: only can be self destructed if contract has self destruct programmed in
slippage - the difference between the value of an asset at order placement and the value at order fulfilment. It can be found when buying or selling assets, and can result in either a loss or a gain (higher invariants lead to less slippage; Uniswap)

smart contract - programs stored on a blockchain that run when predetermined conditions are met; a transaction protocol intended to automatically execute, control or document events and actions according to the terms of a contract or an agreement; Ethereum contracts are essentially single threaded machine

• hybrid smart contracts - combine code running on the blockchain (on-chain) with data and computation from outside the blockchain (off-chain) provided by decentralized oracle networks. chainlink

Solc - the solidity compiler to byte code

source lines of code (SLOC) - software metric used to measure the size of a computer program by counting the number of lines

staking - the act of depositing 32 ETH to activate validator software. As a validator you’ll be responsible for storing data, processing transactions, and adding new blocks to the blockchain.

state variables - variables stored permanently on the blockchain

stateless fuzzing - where the state of the previous run is discarded for every new run
stateful fuzzing - fuzzing where final state of previous run is the starting state of the next run

storageroot - a hash of the root node of a Merkle Patricia tree which encodes the hash of the storage contents of this account, and is empty by default

struct - useful for grouping related data, can be declared outside of a contract and imported in another contract

sybil attack a type of attack on a computer network service in which an attacker subverts the service's reputation system by creating a large number of pseudonymous identities and uses them to gain a disproportionately large influence. It is named after the subject of the book Sybil, a case study of a woman diagnosed with dissociative identity disorder; also sybil resistance

timelock - locks functionality on an application until a certain amount of time has passed; video

topics - indexed parameters for ‘logged’ events allow you to search for these events using the indexed parameters as filters; at most 3 parameters can receive the property indexed

TPS - transactions per second chart

transfer vs. transferFrom (aka delegatedTransfer) -

tumbler - a service that mixes potentially identifiable or "tainted" cryptocurrency funds with others, so as to obscure the trail back to the fund's original source: Tornado cash; Zcash and Zk-SNARK's?

TVL - total value locked: includes all coins deposited in all functions that protocol offers: Staking, Lending, Liquidity pools

tx - "transaction": tx.origin, txn.gasprice; don't use tx.origin

unchecked - instead of SafeMath can be more gas efficient if you know your math won’t reach top or bottom limits

Uniswap - decentralized cryptocurrency exchange that uses a set of smart contracts (liquidity pools) to execute trades on its exchange; whitepaper and billion dollar algorithm ticklower and tickupper via Tick Uniswap

UTXO -  an unspent transaction output (UTXO) represents some amount of digital currency which has been authorized by one account to be spent by another. UTXOs use public key cryptography to identify and transfer ownership between holders of public/private key pairs

URI - unique sequence of characters that identifies a logical or physical resource used by web technologies.

• https://ethereum.stackexchange.com/questions/147899/why-is-it-called-tokenuri-instead-of-tokenurl

witness - cryptography solution to puzzle; unspent transaction output, any solution to unlock UTXO; see also Segregated Witness

Yul - yul an intermediate language between Solidity and EVM bytecode.

Zcash - cryptocurrency using zk-SNARKs to provide enhanced privacy; either in a transparent pool or a shielded pool

zero address - contract creation; sometimes sent in an intentional ether burn

zero padding — (big-endian) for taking up entire memory; if your data type is uint8 or uint32 it is still managed as uint256 values (occupies 32bytes)

zkSNARK - succinct non interactive argument of knowledge