- Least Authority has completed the audit of ETH 2.0 specifications recently and found the specs to be well-structured.
- However, it highlighted two areas of potential security vulnerabilities: the block proposer system and the P2P messaging system.
Ethereum 2.0 recently underwent a preliminary audit of the protocol’s specifications, which was conducted by Least Authority. The auditors worked closely with the ETH 2.0 team to comprehend the protocol and find any limitations in the design. According to the final audit report, the auditors found the specs to be “very well thought out and comprehensive.” However, they noted that there hasn’t been any real-world example of a large-scale protocol using Proof of Stake and sharding. This makes it difficult for authorities to assess ETH 2.0’s long-term stability.
The report said:
It is one of the first Proof of Stake (PoS)/sharded protocol projects planned for production. As a result, there has been minimal opportunity to study the impacts of design decisions on real-world uses of such blockchain implementations, and none at the same scale. The long term stability of PoS blockchains is an area of active research that will need to be monitored over time as they are used in production.
The report highlighted the lack of documentation related to the protocol’s peer-to-peer (P2P) networking layer and the Ethereum node records (ENR) system.
We found that the Peer-to-peer (P2P) networking layer and the ENR system are underrepresented,” the report said. “These may be elaborated on in later phases, but their significance suggests that Phase 0 would be a good starting point for laying the foundation of a strong network layer.
Furthermore, two potential security risks were pointed out by the report – the block proposer system and the P2P messaging system. Both of these features were found to have attack vectors. The report noted that these issues might be addressed in later phases of the project.
ETH 2.0 was initially set to release in January 2020 but due to some delays in implementation, it is now expected to release in July 2020. The testnet has been live since December 2019 and node clients have made progress since then.