- Least Authority has completed the audit of the Ethereum 2.0 Phase 0 specifications, marking another important step towards the launch.
- In total, the company identified seven issues with the Eth 2.0 Phase 0 specification.
Danny Ryan, the Ethereum 2.0 project coordinator, and Least Authority announced that the audit of the Ethereum 2.0, Phase 0 specifications has been successfully completed. The latter were in charge of auditing the specification (as opposed to a coded implementation). As Ryan announced via Twitter, the next step for Ethereum is now to launch multi-client test networks and a phase 0 bug bounty program.
Thank you! It was a pleasure to work with @LeastAuthority on this 🙂
Now time for multi-client testnets and our Phase 0 bug bounty program. More details very soon https://t.co/ng9wHqTE0V
— dannyryan (@dannyryan) March 24, 2020
Least Authority identifies 7 issues with Ethereum 2.0 phase 0
Ethereum 2.0, Eth2 or Serenity, will be the most significant upgrade to date, introducing Proof of Stake (PoS), Sharding and a new virtual machine (eWASM) as well as many other technical innovations. The launch is planned in 6 phases with phase 0 to be launched this summer, while phases 1 and 2 will be implemented in mainnet in 2020 and 2021 respectively.
Phase 0 provides the basic functionality for the Beacon Chain, the validators and the coordination of Shards. Phase 1 builds on this by introducing Sharding, while phase 2 adds the execution environment, thereby “upgrading Eth2 from a robust database to a fully distributed computing platform”.
Least Authority’s team conducted the audit of Phase 0’s specification to the very end. As the team noted in a blog post, pure Proof of Stake consensus protocols are a relatively unexplored field. Currently, there are no large-scale implementations of a PoS system in a mainnet. Therefore, Least Authority’s audit focused on potential attack vectors.
Overall, the company identified seven problems in the Eth 2.0 phase 0 specification and made three suggestions for best practices. In the published audit report, Least Authority focused on two core areas, the peer-to-peer (P2P) network layer and the ENR system.
Two issues identified concerned the block proposal system, which is designed to keep the Single Secret Leader Election (SSLE) secret and prevent information leakage, while providing a quick way for the selected block proposer to verify to others that they are indeed the proposer. To solve this, Least Authority wrote:
With the information leak patched, the block proposer remains as protected as it would be in PoW chains, but without the computational overhead. The Ethereum 2.0 team acknowledged the suggested mitigation, however, SSLE is still very much an active area of research. As a result, we expect more information and updates around these vectors to emerge as research on SSLE continues and Ethereum 2.0 reaches the Phase 1 and 2 milestones.
In addition, three attack vectors have been found in the P2P messaging system field. The gossip protocol used, as the researchers found, generally suffers the spam problem. Checking whether a message is legitimate or spam is a fundamental problem, which was also found in the Ethereum 2.0 phase 0 specifications:
We identified an issue where a dishonest node is capable of sending an unlimited amount of older block messages to the rest of the network with minimal penalty, allowing them to overwhelm the network and block legitimate messages.
In addition, Least Authority found “a small loophole” that allows a node to send an unlimited amount of so-called “slashing messages” with minimal penalty. As a result, the company recommends implementing a fully BAR-compliant gossip protocol. However, as Least Authority also notes, all problems are not errors, but active areas of research:
As with SSLE, this is an active area of research. The lack of specification here does not represent a deficiency in the Ethereum 2.0 design, but an opportunity for further improvement and application of a general best practice recommendation for these types of systems.
For the launch of Ethereum 2.0, phase 0, the core developers are currently targeting July 30, the fifth anniversary of Ethereum 1.0. However, so far this date has not been set in stone.
Last Updated on