Consulting company Least Authority unveiled the long-awaited audit specifications Ethereum 2.0. In his report, the auditor noted the «reasonableness» of the presented work, however, pointed to a number of items which, according to him, require further attention.
We just wrapped up the #phase0 audit of the #eth2 specs!
Big thanks to @dannyryan and the @ethereum team.
Check out our blog post + full report here: https://t.co/3cFb41ML6H#ethereum #security #audit pic.twitter.com/nuHrkJJSmv
— Least Authority (@LeastAuthority) March 24, 2020
«Because currently there is no other PoS-systems at the production stage, the audit specifications Ethereum 2.0 has made some difficulties for our team and made our work particularly interesting,» writes the company.
In particular, she mentions the potential vectors of attacks that occur because of the vulnerabilities of the mechanism of production units and principles of message transfer in the network.
«With the elimination of the problem of information leakage issue of units remains as safe as in a PoW-circuits, but without the extra costs in the form of computing resources. Team Ethereum 2.0 approved the proposed method, however, the mechanism of the secret choice of the manufacturer of the unit is still an area of active research. Thus, we expected additional information with regards to this mechanism to the transition Ethereum 2.0 in first and second phase of development,» the company wrote.
In the mechanism of peer-to-peer messaging, identified three potential attack vector. This applies, for example, the possibility of the spam attacks:
«We identified a problem where a malicious node can send unlimited number of messages from older units the rest of the network with the minimum punishment, which enables it to harm the network, and restrict full»message.
The developers plan to launch the zero phase of the second version of the Protocol on July 30 – the fifth anniversary of Ethereum. These plans still require final approval.