Full Report
This article goes through the entire process of sending a single DAI to the creator of Ethereum. It's interesting seeing the small nuances of every part of the eco-system. If you have never read anything about Ethereum, this is an awesome article!
Analysis Summary
# Research: What happens when you send 1 DAI
## Metadata
- **Authors:** Notonlyowner (Security Researcher)
- **Institution:** Independent / Notonlyowner.com
- **Publication:** Notonlyowner Technical Blog
- **Date:** July 19, 2022 (Updated August 05, 2022)
## Abstract
This research provides a comprehensive, bottom-up technical decomposition of a single ERC-20 token transfer on the Ethereum blockchain. By tracing the lifecycle of a move of 1 DAI to a specific address (vitalik.eth), the article deconstructs the abstraction layers of web3 wallets, Ethereum Virtual Machine (EVM) execution, peer-to-peer (P2P) networking, and consensus mechanisms.
## Research Objective
The study aims to demystify the "black box" of blockchain transactions, addressing the question: *What are the specific, granular computational and cryptographic steps required to update a ledger state for a smart-contract-based asset?*
## Methodology
### Approach
The researcher utilizes a "slow-motion replay" pedagogical approach, performing a longitudinal analysis of a transaction from initiation to finality. The methodology involves code-level inspection of Ethereum node implementations and smart contract bytecode.
### Dataset/Environment
- **Network:** Ethereum Mainnet.
- **Asset:** DAI (ERC-20 stablecoin).
- **Target Address:** `0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045`.
- **Primary Codebase:** Go-Ethereum (Geth) and the MakerDAO DAI smart contract.
### Tools & Technologies
- **Wallets:** MetaMask (UI abstraction).
- **Languages:** Solidity (High-level), EVM Opcodes (Low-level), Go (Client-side).
- **Standards:** EIP-1559 (Transaction typing), ERC-20 (Token standard).
## Key Findings
### Primary Results
1. **Multi-Layered Serialization:** Transactions are not "sent" as objects but as RLP-encoded hex strings, signed via ECDSA to prove ownership without private key exposure.
2. **EVM Determinism:** The "transfer" of DAI is not a movement of coins but a state change in a specific database (the DAI contract's `balanceOf` mapping), executed by an interpreter.
3. **Gas Dynamics:** The complexity of EIP-1559 gas pricing and the "access list" (EIP-2930) significantly affects how nodes prioritize and execute the transaction.
### Novel Contributions
- **Full-Stack Deconstruction:** Unlike documentation that focuses solely on one layer (e.g., Solidity or Networking), this work connects the wallet UI directly to the underlying Geth Go code and EVM opcodes.
- **Transparency Advocacy:** The research highlights the "radical transparency" of decentralized finance compared to traditional banking's "black box" capital controls.
## Technical Details
The execution phase is broken down into the **Function Dispatcher** logic. When the EVM receives the transaction, it doesn't "know" it's a transfer. It takes the first 4 bytes of the data field (`0xa9059cbb`), compares it against a list of known function selectors in the DAI contract using a series of `PUSH`, `EQ`, and `JUMPI` opcodes, and only then routes execution to the transfer logic.
## Practical Implications
### For Security Practitioners
- **Calldata Validation:** Understanding how the EVM validates input sizes prevents "short address" attacks and similar input-manipulation vulnerabilities.
- **Logic Visibility:** Reminds practitioners that "Security through Obscurity" is impossible on Ethereum, as every opcode is auditable.
### For Defenders
- **Mempool Monitoring:** Insight into the "Reception" and "Propagation" phases shows how defenders can monitor the mempool to detect malicious transactions before they are included in a block.
### For Researchers
- **Complexity Management:** Provides a framework for mapping high-level user intent to low-level state transitions.
## Limitations
- **Client Specificity:** The analysis focuses primarily on the Go-Ethereum (Geth) implementation; other clients (Erigon, Besu) may handle internal processing differently.
- **Layer 2 Omission:** The research stays on Ethereum Layer 1, not accounting for the additional complexities found in Optimistic or ZK-Rollups.
## Comparison to Prior Work
This work differs from the *Ethereum Yellow Paper* by being accessible to humans rather than purely mathematical, and it differs from "Beginner Guides" by refusing to skip the highly technical "how" of the EVM interpreter.
## Real-world Applications
- **Educational Auditing:** Can be used as a training manual for junior smart contract auditors.
- **Debugging:** Assists developers in understanding why transactions might fail at the "Interpreter" level (e.g., out-of-gas errors or stack overflows).
## Future Work
- Analysis of "Account Abstraction" (ERC-4337) and how it changes the "Building the Transaction" phase.
- Deep dive into the "Merge" and how Proof of Stake specifically changes the "Sealing the Block" section.
## References
- [h]ttps://github.com/ethereum/go-ethereum
- [h]ttps://ethereum.org/en/developers/docs/evm/
- [h]ttps://makerdao.world/en/learn/Dai/