Recent Ethereum 2.0 Security Audit Discloses Potential Vulnerabilities

An audit of the Ethereum 2.0 specifications showed that there are potential vulnerabilities with the protocol’s peer-to-peer (P2P) networking layer and block proposer system, according to the published report.

At the Ethereum Foundation’s request, technology security company Least Authority began its examination of ETH 2.0 specs in January and cooperated closely with the team throughout the process.

In the final audit report, Least Authority stated that the specs are “very well thought out and comprehensive.” However, the team noted that there has not been any real-world example of a large-scale protocol using Proof of Stake and sharding. This means, that it is difficult to be definite about ETH 2.0’s long-term stability now:

“It is one of the first Proof of Stake (PoS)/sharded protocol projects planned for production. As a result, there has been minimal opportunity to study the impacts of design decisions on real-world uses of such blockchain implementations, and none at the same scale. The long term stability of PoS blockchains is an area of active research that will need to be monitored over time as they are used in production.”

The report also noted the lack of documentation regarding the protocol’s peer-to-peer (P2P) networking layer and the Ethereum node records (ENR) system:

“We found that the Peer-to-peer (P2P) networking layer and the ENR system are underrepresented. These may be elaborated on in later phases, but their significance suggests that Phase 0 would be a good starting point for laying the foundation of a strong network layer.”

In addition, the report outlined two Ethereum 2.0 areas where potential security vulnerabilities may reside: the block proposer system and the P2P messaging system. Both need long-term investigation and may be improved during the project’s later phases, the report stated.

Least Authority said that the Ethereum Foundation informed their team about the Phase 0 mainnet launch scheduled for April 2020. However, the April timeframe was intended to assist with creating the audit schedule and Least Authority could not confirm whether it is the actual launch date.

Indeed, Ethereum 2.0 project lead Danny Ryan tweeted on March 25, that the next steps for the ETH 2.0 team include multi-client testnets and a Phase 0 bug bounty program.

Developers will have to implement a major multi-client testnet and run it for at least two months before the Phase 0 mainnet launch. Thus, the launch probably will not happen in the next couple of weeks.

Potential information leak with ETH 2.0’s block proposer system

Ethereum 2.0 is about transition from a Proof of Work (PoW) to a Proof of Stake (PoS) algorithm. With PoW, the process of selecting a winning block is straightforward, and no one can predict who will be the first to solve the task. With PoS, though, there is a need for a block proposer to define which block will join the chain. This process, according to the report, presents the risk of information leak.

In order to decrease the risk, the report suggested utilizing a Single Secret Leader Election (SSLE) mechanism to hide the selection process. At the same time, the chosen block proposer would be able to reveal its identity to others.

“With the information leak patched, the block proposer remains as protected as it would be in PoW chains, but without the computational overhead,” the report noted, adding:

“The Ethereum 2.0 team acknowledged the suggested mitigation. However, SSLE is still very much an active area of research. As a result, we expect more information and updates around these vectors to emerge as research on SSLE continues and Ethereum 2.0 reaches the Phase 1 and 2 milestones.”

“Spam problem” with ETH 2.0’s P2P messaging system

Another potential vulnerability in Ethereum 2.0 concerns the “spam problem” found in the protocol’s P2P messaging system.

When there is no centralized entity reviewing nodes’ actions, a dishonest node can spam the network with an unlimited number of old block messages without much penalty. Such attacks will sweep away legitimate messages. Likewise, nodes can also send out an unrestricted number of slashing messages, thus generating unnecessary traffic on the blockchain:

“This type of attack would slow down or potentially halt network processing for the duration it was carried out.”

To solve this problem, Least Authority proposed the implementation of a fully BAR-resilient gossip protocol to prevent malicious gossiping. The report states that technology firm Protocol Labs is now researching BAR-resilient peer-sampling methods.