Cryptocurrency

A new Ethereum 2.0 audit reveals potential security vulnerabilities




An audit of the ETH 2.0 specifications shows the need to remedy potential vulnerabilities with the peer-to-peer (P2P) network layer and in the block suggestion system of the protocol, according to the published results.

At the request of the Ethereum Foundation, the technology security company Least Authority began reviewing the ETH 2.0 specifications in January and worked closely with the foundation throughout the process.

According to the final audit report , Least Authority found the specifications to be “very well thought out and comprehensive”. However, the team argued that there has been no example of a far-reaching protocol that uses sharding and proof of stake. In this sense, it is currently difficult to assess the long-term stability of ETH 2.0.Fellow Finance Banner 300x250

“It is one of the first Proof of Stake (PoS) / Sharded protocol projects to be scheduled for production,” the report said. “As a result, there have been few opportunities to investigate the impact of design decisions on the real use of such blockchain implementations, and none to the same extent. The long-term stability of PoS blockchains is an area of ​​active research that needs to be monitored over a longer period of time when used in production, ”the report said.

The report emphasized the lack of documentation when it comes to the protocol’s peer-to-peer (P2P) network layer and the Ethereum Node Records (ENR) system.Foyer Global Health Insurance Foyer EN

“We found that the peer-to-peer (P2P) network layer and the ENR system are under-represented,” the report said. “These can be worked out in later phases, but their importance suggests that phase 0 would be a good place to start building the foundation for a strong network layer.

In addition, the report identified two areas of potential security risk: the block suggestion system and the P2P messaging system. Both require long-term research efforts and could be addressed in the later phases of the project, the report said.

It is noteworthy that the Ethereum Foundation had previously informed the review team that the launch of the phase 0 main network would take place in April 2020, Least Authority told the crypto online magazine ” The Block “. However, the April timeframe should help to schedule the exam schedule. Least Authority could not confirm whether the actual start date was.

In fact, ETH 2.0 project manager Danny Ryan announced in a tweet on Tuesday that the next steps for the ETH 2.0 team would be to run multi-client test networks and a phase 0 bug bounty program.

As The Block explained earlier, the developers would have to implement a large multi-client test network and run it for at least two months before the phase 0 mainnet could start. Therefore, it is unlikely that the launch will take place in the coming weeks.

Potential information leak with the ETH 2.0 block suggestion system

ETH 2.0 marks the transition from a proof of work (PoW) to a proof of stake (PoS) system. With PoW, the process of choosing a winning block is simple and no observer can predict who will be the first to solve the puzzle. In the PoS system, however, a block proposer must decide which block is to be included in the chain. This process, the report says, poses a risk of information leakage.

To mitigate this risk, the report recommended the use of a Single Secret Leader Election (SSLE) to disguise the selection process. At the same time, the selected block proposer can share his identity with others.

“With the patched information leak, the block applicant remains as protected as in the PoW chains, but without the computational effort,” said the authors of the report.

“The Ethereum 2.0 team recognized the proposed remedy,” the authors continued. “However, the SSLE is still a very active research area. Therefore, we expect more information and updates on these vectors as SSLE research continues and Ethereum 2.0 reaches Phase 1 and 2 milestones.

Spam problem ‘with the P2P messaging system from ETH 2.0

The second potential vulnerability concerns the “spam problem” in the protocol’s P2P messaging system.

Without a centralized authority that assesses the actions of the nodes, a dishonest node can overload the network with an unlimited number of old block messages (spam) without being severely punished. Such attacks will flush out legitimate messages. Similarly, nodes can also send an unlimited number of slashing messages and generate unnecessary traffic on the blockchain.

“This type of attack would slow or potentially stop network processing while it was running,” the report said.

To solve this problem, Least Authority proposed implementing a fully BAR-resistant Gossip protocol to prevent malicious Gossip. According to the report, technology research company Protocol Labs is currently investigating BAR-insensitive peer sampling techniques.

Source: The Block

In order to support and motivate the CryptoTicker team, especially in times of Corona, to continue to deliver good content, we would like to ask you to donate a small amount. Independent journalism can only survive if we stick together as a society. Thank you

Nexo – Your Crypto Banking Account

Instant Crypto Credit Lines™ from only 5.9% APR. Earn up to 8% interest per year on your Stablecoins, USD, EUR & GBP. $100 million custodial insurance.


Ad

This post may contain promotional links that help us fund the site. When you click on the links, we receive a commission – but the prices do not change for you! 🙂

Disclaimer: The authors of this website may have invested in crypto currencies themselves. They are not financial advisors and only express their opinions. Anyone considering investing in crypto currencies should be well informed about these high-risk assets.

Trading with financial products, especially with CFDs involves a high level of risk and is therefore not suitable for security-conscious investors. CFDs are complex instruments and carry a high risk of losing money quickly through leverage. Be aware that most private Investors lose money, if they decide to trade CFDs. Any type of trading and speculation in financial products that can produce an unusually high return is also associated with increased risk to lose money. Note that past gains are no guarantee of positive results in the future. 


Posted By

Prasanna


Prasanna is the editor-in-chief of CryptoTicker English. He has a huge knowledge of the cryptocurrency market. He is an extremely accomplished technical analyst having vast experience in the crypto domain.


You might also like


More from Ethereum


Ethereum Feb 2020 Stats Released By ConsenSys

ConsenSys the leading blockchain company and Ethereum’s accelerator released the blockchain’s statistics for the month of February 2020. As expected …



Ethereum Statistics – Top 100 Accounts Are Stockpiling More ETH

In an unsurprising move, the top 100 Ethereum holders have been reported to accumulate even more ETH tokens, likely because …



Chainlink And DMM New Platform To Bridge Digital/Real World Assets

Crypto adoption and its penetration into the mainstream market got a major boost today with Chainlink and DeFi Money Market …





Source link