The information security company Least Authority, upon request of the Ethereum Foundation, audited the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.
Least Authority reported that developers need to address vulnerabilities in peer-to-peer (P2P) network level communication as well as in the block offering system. The auditor noted, however, that the specifications were "very well thought out and competent". However, at the moment there is no large ecosystem in the world built on PoS and using sharding, so it is impossible to accurately assess the prospects of system stability.
Also specialists in information security emphasized that the specifications do not pay enough attention to the description of the P2P network level and the system of records about the Etherium nodes. Vulnerability risks are also observed in the block offer system and the messaging system between nodes.
Specialists said that in block committees working on PoS, the choice of a new block is simple and no one can predict who will get a new block. In PoS systems it is the block offer system that decides whose block will get to the block, and this leads to the risk of data leakage. To solve the problem, the auditors suggested using the mechanism of "Only Secret Leader Selection" (SSLE).
As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that evaluates the actions of other nodes, so the "malicious" node can spam the whole network with different messages without much punishment. The solution to this problem could be to use special protocols to exchange messages between hosts.
We would like to remind you that in February, Vitalik Butterin, the co-founder of Etherium, spoke about the plans to deploy Etherium 2.0 and explained that the main development priority during this year remains the launch of Phase 0.
Comments
Post a Comment