Blockchain ventures could not issue new code and hope that the ‘community’ will handle it. Ethereum developers know that and put enormous amounts of time into improving the Ethereum 2.0.
Let’s dig into what is currently happening with the long-awaited Ethereum 2.0 update? It appears that Phase 0 has been completed in a path towards code review. The Ethereum developer Danny Ryan and Least Authority are performing the code audit. The Least Authority is a security consultant firm. So far, they have found seven critical mistakes in ETH 2.0 codebase.
— Least Authority (@LeastAuthority) March 24, 2020
Per the report (official PDF):
“Since no other large-scale implementations of a PoS system currently exist in production, auditing the Ethereum 2.0 Specifications presented our team with certain challenges and made this review particularly interesting.”
Also, the two worrisome attack vectors were discovered during the audit. Those already raise concerns about the developer’s carefulness in general. The vulnerabilities are in the peer-to-peer relaying, as well as block proposer mechanism:
“With the information leak patched, the block proposer remains as protected as it would be in PoW chains, but without the computational overhead. The Ethereum 2.0 team acknowledged the suggested mitigation, however, SSLE is still very much an active area of research. As a result, we expect more information and updates around these vectors to emerge as research on SSLE continues and Ethereum 2.0 reaches the Phase 1 and 2 milestones.
[Also], we identified an issue where a dishonest node is capable of sending an unlimited amount of older block messages to the rest of the network with a minimal penalty, allowing them to overwhelm the network and block…