The Ethereum Foundation will be building a dedicated security team for Ethereum 2.0 to study any potential cybersecurity and crypto-economic issues in the next generation of the Ethereum network.
Justin Drake, an Eth 2.0 researcher at the foundation, announced the start of the recruitment process on his Twitter feed.
The foundation is looking to hire a variety of security and auditing professionals, both for the software and the general model of the upcoming upgrade.
Among the potential team’s tasks will be “fuzzing, bounty hunting, pager duty,” which directly relates to software security management.
Ethereum client developers have already engaged in fuzzing for the upcoming Eth 2.0 clients. The efforts were spearheaded by Sigma Prime, the developers of the Rust-based Lighthouse client.
Fuzzing is a bug searching technique that involves feeding garbage data to software in order to trigger a non-standard response. Many of the bugs found today in the web are due to improper input sanitation, where special types of inputs may be interpreted as machine code or simply produce undesired behavior. Fuzzing helps find these critical points and update the code to prevent potentially catastrophic bugs.
The security team will also be doing more theoretical work on formal verification of cryptographic algorithms. This process will seek to mathematically prove that a certain algorithm is secure. Economic modeling experts are also sought by the foundation.
Ramping up security
With the final stages of preparation for Ethereum 2.0 Phase 0 underway, heavy emphasis is now being placed on the network’s security.
Recently, the foundation launched specialized “attack networks” for bounty hunters to break. By finding issues before the mainnet launch, developers are looking to ensure a smooth transition.