How do you know Ethereum is secure?

As I write this, I’m sitting in my London office thinking about how to outline the work we’ve done to secure Ethereum’s protocol, clients, and p2p network. Masu. As you may remember, I joined the Ethereum team late last year to manage security audits. Spring has passed, summer has arrived, and several audits have been completed in the meantime, so it’s a good time to share some results from our inspections of the world’s computer machine rooms. 😉

This is clear. Customer delivery is both an elaborate product development process and an exciting but highly complex research activity. The latter is why even the best planned development schedule is subject to change as more details about the problem area become known.

The security audit began late last year with the development of a general strategy to ensure maximum security for Ethereum. As you know, we use a security-driven development process rather than a schedule-driven development process. With this in mind, we have put together a multi-layered audit approach that includes:

  • Analysis of new protocols and algorithms by established blockchain researchers and professional software security companies
  • End-to-end audit of protocols and implementations (Go followed by C++, basic audit of educational Python clients) by a world-class security specialist consultancy.
  • of bug bounty program.

Analysis of new protocols and algorithms covered topics such as the security of:

  • gas economics
  • Newly designed ASIC-resistant proof-of-work puzzles and
  • Economic incentives for mining nodes.

The “crowdsourced” audit component began around Christmas, along with a bug bounty program. We had an 11-digit SATOSHI as a reward for anyone who found a bug in the code.I have seen very high quality submission Participated in the bug bounty program and hunters received corresponding rewards. The bug bounty program is still running, but more submissions are required to use up the allocated budget…

The first major security audit (covering gas economics and PoW puzzles) by security consultancy Least Authority began in January and continued through late winter. We are very pleased to have reached an agreement with most of our external auditors to make these audit reports publicly available once the audit work and revised findings have been completed. So, with this blog post, I’m happy to introduce Least Privilege. audit report and accompanying it blog post. Additionally, this report includes recommendations to help app developers ensure secure contract design and deployment. We will publish further reports as they become available.

We also engaged another software security company earlier this year to provide an audit of our Go implementation. As Gav mentioned in his previous post, given the increased security that comes with multiple clients, starting in early July he also decided to do a lightweight security audit for Python and C++ audits. The C++ code is immediately subjected to a full audit. The goal of this approach is to make multiple audited clients available as early in the release process as possible.

We began this most comprehensive audit of our Go clients, also known as an “end-to-end audit,” in February with a one-week workshop, followed by several weeks of regular check-in calls and weekly An audit report followed. The audit was integrated into a comprehensive bug tracking and remediation process and was thoroughly managed. Track on Github Gustav, Christoph and Dimitry coded the corresponding required tests.

As the name suggests, the scope of an end-to-end audit covers “everything” (from networking to Ethereum VMs, sync layers, and PoW), so at least one auditor cross-checks the various core layers of Ethereum. It will be. One of my consultant girlfriends recently summed up the situation very succinctly. “To be honest, Ethereum’s testing needs are more complex than anything I’ve looked at so far,” as Gav reported in his article. last blog post, due to significant changes to our networking and synchronization strategy, we have finally decided to commission further audit work on Go – expected to be completed this week. End-to-end C++ and basic Python audit kickoff is happening now.

Auditing work with subsequent bug fixing and regression testing, and associated refactoring and redesign (of the network and synchronization layers), make up the bulk of the work currently keeping developers busy. Similarly, modification of findings, redesign, and regression testing are also reasons for delivery delays. Additionally, during the Olympic testing phase, we learned a lot about resiliency in different scenarios, including slow connections, bad peers, strangely behaving peers, and stale peers. The biggest challenge so far has been fighting and recovering from forks. We learned a lot from our recovery efforts regarding the processes required when dealing with these types of scenarios and incidents.

It may not be surprising that various audits represent large expenditures. And we believe that further investment is not possible.

As release approaches, security and reliability are increasingly at the forefront of our minds, especially considering some of the major issues found in the Olympic test release. I would like to express my gratitude to all the auditors for their enthusiasm and thorough work. Their work helped clarify the Yellow Paper’s specifications, remove ambiguities, and correct some subtle issues. It also helped identify a number of bugs in the implementation.

Related Article


Leave a Comment