- Least Authority has completed the audit of ETH 2.0 specifications recently and found the specs to be well-structured.
- However, it highlighted two areas of potential security vulnerabilities: the block proposer system and the P2P messaging system.
Ethereum 2.0 recently underwent a preliminary audit of the protocol’s specifications, which was conducted by Least Authority. The auditors worked closely with the ETH 2.0 team to comprehend the protocol and find any limitations in the design. According to the final audit report, the auditors found the specs to be "very well thought out and comprehensive." However, they noted that there hasn’t been any real-world example of a large-scale protocol using Proof of Stake and sharding. This makes it difficult for authorities to assess ETH 2.0’s long-term stability.
The report said:
It is one of the first Proof of Stake (PoS)/sharded protocol projects planned for production. As a result, there has been minimal opportunity to study the impacts of design decisions on real-world uses of such blockchain implementations, and none at the same scale. The long term stability of PoS blockchains is an area of active research that will need to be monitored over time as they are used in production.
The report highlighted the lack of documentation related to the protocol’s peer-to-peer (P2P) networking layer and the Ethereum node records (ENR) system.
We found that the Peer-to-peer (P2P) networking layer and the ENR system are underrepresented," the report said. "These may be elaborated on in later phases, but their significance suggests that Phase 0 would be a good starting point for laying the foundation of a strong network layer.
Furthermore, two potential security risks were pointed out by the report - the block proposer system and the P2P messaging system. Both of these features were found to have attack vectors. The report noted that these issues might be addressed in later phases of the project.
ETH 2.0 was initially set to release in January 2020 but due to some delays in implementation, it is now expected to release in July 2020. The testnet has been live since December 2019 and node clients have made progress since then.
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.
However, it highlighted two areas of potential security vulnerabilities: the […]