A recent audit of the Ethereum 2.0 specifications has revealed some potential vulnerabilities with the protocol’s P2P networking layer and block proposer system.
The Ethereum Foundation had requested technology security firm, Least Authority, to start its review of ETH 2.0 specifications in January. Both parties have been working together closely throughout the whole review process.
In the published final report by Least Authority, it acknowledged that the specs are well thought out and comprehensive. However, the security firm argued that there has not been real-world example of a large-scale protocol utilizing Proof-of-Stake (PoS) and sharding. Least Authority claims this will make it difficult to assess the protocol’s long-term stability at the moment.
The report stated that, ETH 2.0 is one of the first PoS/sharded protocol projects planned for production. Hence, the reported said there has been limited opportunity to study the impacts of design decisions on real-world uses of such blockchain implementations. The report recommended that the long term stability of PoS blockchains is an area of active research that needs to be monitored over time, as they are used in production.
The report also highlighted that the P2P networking layer and the ENR system are underrepresented. According to the report, these may be elaborated on in later phases. However, it claims their significance suggests that Phase 0 would be a good starting point for laying the foundation of a strong network layer.
Furthermore, two other areas with potential security risks were highlighted in the report. These are the block proposer system and the P2P messaging system. the report noted that they both require long-term research efforts and might be addressed in the project’s later phases.
Notably, the Ethereum Foundation had earlier given the auditing firm an April timeline, to help inform the audit schedule. However, the firm could not confirm whether it is the actual launch date.
Featured Image Courtesy of Shutterstock