After passing other audits, a recent review of Ethereum 2.0 discovered possible defects that could cause difficulty for the developers.
The highly expected Ethereum 2.0 upgrade audit had initially shown positive results on its structure and codebase. Despite general reviews giving accreditation for the design, there are still some security defects that make it susceptible to attacks.
Security consultant, Least Authority, conducted this latest audit. They, however, gave praise where it was due, lauding Ethereum 2.0 (ETH 2.0) for its “well thought out” specs. Their appraisal also showed that its in-depth security designs were worthy of emphasis.
Are the expectations as promised?
Co-founder of Ethereum, Vitalik Buterin, had earlier said that the ETH 2.0 design would provide users with added capacity, through sharding, scaling, and privacy features.
Besides, the phase 0 audit shows that ETH 2.0 is one of the first Proof-of-Stake (PoS) networks to consider spreading the load on the Ethereum blockchain. It aims to do so through the application of a dividing technique and this refers to sharding.
Least Authority announced the wrap up of the audit via a tweet recently.
We just wrapped up the #phase0 audit of the #eth2 specs!
Big thanks to @dannyryan and the @ethereum team.Check out our blog post + full report here: https://t.co/3cFb41ML6H#ethereum #security #audit pic.twitter.com/nuHrkJJSmv
— Least Authority (@LeastAuthority) March 24, 2020
Incidentally, ETH 2.0 passed all initial tests such as its testnet on smartphones. However, it is clear that Least Authority finds the lack of a comparable sharding system a challenge.
The report released by the auditor reads: “Since no other large-scale implementations of a PoS system currently exist in production, auditing the Ethereum 2.0 Specifications presented our team with certain challenges and made this review particularly interesting.”
Possible attack vectors in ETH 2.0
In a marked departure from the excellent general reviews, Least Authority has highlighted some possible attack vectors. These vectors are likely to arise from vulnerabilities in the peer-to-peer networking layer and in the block proposer mechanism.
However, point to note is that the possible attack vectors are theoretical rather than particular to ETH 2.0. This is borne by the report’s claim that the general review was based on a specification rather than a coded implementation.
In light of this, developers of Ethereum are working tirelessly with the auditors towards the need for further review of the design. An earlier report has shown that ETH 2.0 will go through a six-phase launch. The developers would thus have more time to work on any difficulty or design flaws.
The ETH 2.0’s Phase 0 has its tentative launch date set for July, after a few false starts.
