The highly anticipated Ethereum 2.0 upgrade has successfully passed an audit of its framework and codebase. However, while the review generally approved the design, some potential attack vectors remain.
The auditor—security consultant Least Authority—praised ETH 2.0 for its "well thought out" specifications, placing a particular emphasis on its comprehensive security designs.
ETH 2.0 will be among the first Proof-of-Stake (PoS) networks to employ sharding—a partitioning technique devised to spread the load on the Ethereum blockchain. As such, while ETH 2.0 may have passed the initial acid test, the lack of a comparable sharding system proved to be a challenge for Least Authority’s audit.
We just wrapped up the #phase0 audit of the #eth2 specs!
Big thanks to @dannyryan and the @ethereum team.Check out our blog post + full report here: https://t.co/3cFb41ML6H#ethereum #security #audit pic.twitter.com/nuHrkJJSmv
— Least Authority (@LeastAuthority) March 24, 2020
"Since no other large-scale implementations of a PoS system currently exist in production, auditing the Ethereum 2.0 Specifications presented our team with certain challenges and made this review particularly interesting," reads the report.
Inherent attack vectors
While the review was optimistic in the main, the auditor did highlight some attack vectors arising from vulnerabilities in the block proposer mechanism, and the peer-to-peer networking layer.
However, the report caveats that review was based on a specification rather than a coded implementation—implying that the aforementioned attack vectors were theoretical rather than particular to ETH 2.0.
Nevertheless, Ethereum developers working alongside Least Authority conceded the need for further review.
ETH 2.0 will have a staggered 6-phase launch. After a few false starts, phase 0 is tentatively set for launch in July—giving devs a few months to iron out any remaining snags.
