An audit of the ETH 2.0 specifications highlighted the need to address potential vulnerabilities with the protocol’s peer-to-peer (P2P) networking layer and block proposer system, according to the published findings.
At the Ethereum Foundation’s request, technology security firm Least Authority started its review of ETH 2.0 specs in January and worked closely with the Foundation throughout the process.
According to the final audit report, Least Authority has found the specs to be "very well thought out and comprehensive." However, the team argued that there hasn’t been any real-world example of a large-scale protocol utilizing Proof of Stake and sharding. In that sense, it is hard to assess ETH 2.0’s long-term stability at the moment.
"It is one of the first Proof of Stake (PoS)/sharded protocol projects planned for production," the report said. "As a result, there has been minimal opportunity to study the impacts of design decisions on real-world uses of such blockchain implementations, and none at the same scale. The long term stability of PoS blockchains is an area of active research that will need to be monitored over time as they are used in production."
The report highlighted the lack of documentation when it comes to the protocol’s peer-to-peer (P2P) networking layer and the Ethereum node records (ENR) system.
"We found that the Peer-to-peer (P2P) networking layer and the ENR system are underrepresented," the report said. "These may be elaborated on in later phases, but their significance suggests that Phase 0 would be a good starting point for laying the foundation of a strong network layer."
Additionally, the report pointed out two areas with potential security risks: the block proposer system and the P2P messaging system. Both require long-term research efforts and might be addressed in the project’s later phases, the report said.
Notably, the Ethereum Foundation had previously informed the auditing team that the Phase 0 mainnet launch would take place in April 2020, Least Authority told The Block. However, the April timeline was meant to help inform the audit schedule and Least Authority could not confirm whether it is the actual launch date.
Indeed, ETH 2.0 project lead Danny Ryan announced in a Tuesday tweet that the next steps for the ETH 2.0 team would be to carry out multi-client testnets and a Phase 0 bug bounty program.
As The Block previously explained, developers would need to implement a major multi-client testnet and run it for at least two months before the Phase 0 mainnet launch can take place. Therefore, it is unlikely that the launch will happen in the upcoming weeks.
Ethereum co-founder Vitalik Buterin confirmed to The Block that launch will have to follow a successful multiclient testnet, which will likely take place in April.
"First we need a multiclient test net, then we wait for that testnet to run for some time without issues, and if it does then we launch," said Buterin. "This is a similar procedure to what we did back in 2015 for eth1. So it is not easy to predict when mainnet will happen, though we absolutely expect multiclient test nets very soon; April seems very likely."
Potential information leak with ETH 2.0's block proposer system
ETH 2.0 marks a transition from a Proof of Work (PoW) to a Proof of Stake (PoS) system. With PoW, the process of electing a winning block is straightforward and no observer can predict who will be the first to solve the puzzle. With PoS, however, there needs to be a block proposer to decide which block will go into the chain. This process, the report explained, opens up the risk of information leak.
In order to mitigate this risk, the report recommended using a Single Secret Leader Election (SSLE) mechanism to conceal the selection process. At the same time, the chosen block proposer would be able to communicate its identity to others.
"With the information leak patched, the block proposer remains as protected as it would be in PoW chains, but without the computational overhead," said the report's authors.
"The Ethereum 2.0 team acknowledged the suggested mitigation," they continued. "However, SSLE is still very much an active area of research. As a result, we expect more information and updates around these vectors to emerge as research on SSLE continues and Ethereum 2.0 reaches the Phase 1 and 2 milestones."
Buterin claimed that SSLE is a major research focus for the ETH 2.0 team and included it as a part of his personal roadmap revealed on March 18.
'Spam problem' with ETH 2.0's P2P messaging system
The second potential vulnerability concerns the "spam problem" in the protocol’s P2P messaging system.
Without a centralized entity judging nodes' actions, a dishonest node can spam the network with an unlimited number of old block messages without much penalty. Such attacks will flush out legitimate messages. Similarly, nodes can also send out an unlimited number of slashing messages and create unnecessary traffic on the blockchain.
"This type of attack would slow down or potentially halt network processing for the duration it was carried out," the report said.
To address this problem, Least Authority suggested the implementation of a fully BAR-resilient gossip protocol to prevent malicious gossiping. According to the report, technology research firm Protocol Labs is currently looking into BAR-resilient peer-sampling techniques.
"In general, we definitely take network security anti-spam seriously," said Buterin regarding the identified vulnerability. "Eth1 has taken some time to harden its network layer and there are currently a lot of eyes on networking issues so I expect DoS issues to be mitigated over time."
"Regarding BAR resiliency, I expect that the approach we'll take will be to assume altruism at the beginning and then build in better incentive properties over time; the eth1 networking is also evolving in this direction," he said.