Have some fun announcements for y'all this week :)
Other than the items below, client teams continue to move toward production. More on that next week!
tl;dr
- Least Authority Phase 0 audit complete
- Phase 0 Pre-Launch Bounty Program š
- Unification of eth1+eth2 communications in the Eth R&D discord server
Least Authority Phase 0 audit complete
As discussed many months ago, we engaged with Least Authority to conduct a full audit of the Phase 0 specifications. The audit was comprehensive with a deep look at potential DoS attacks, misuse of resources, unintended forks/chains, and attacks impacting funds.
The audit is now complete and available for public review š.
The Least Authority audit helped us patch a few DoS vectors in gossip messages with additional validation conditions (Issues A & B), highlighted a known concern about the public block proposer leader election (Issues C & D), and spurred further investigation into potential DoS attacks using libp2p gossipsub control messages (Issue G).
Beyond these concrete issues, the audit made some suggestions for cleaning up the p2p spec, investigating techniques for tightening up gossip, and getting the core consensus papers/proofs peer reviewed.
A big thank you to Least Authority. It was a pleasure to work with their many auditors on this project!
Phase 0 Pre-Launch Bounty Program
We're excited to announce the Phase 0 Pre-Launch Bounty Program!
This program is designed to incentivize you (rewards up to $10k!) to find and report bugs in the core Eth2 Phase 0 specs prior to mainnet launch š.
The Ethereum Foundation will run this program from now until just prior to the Phase 0 mainnet launch. After Phase 0 is in production, we will transition Phase 0 bounties to the standard Ethereum Bounty Program.
Read more for details about the rules, how to report, severity levels, and rewards.
To kick off the program, we're excited to award the first three bug bounties!
- Herman Junge -- critical -- validator rewards overflow bug
- Michael Sproul -- medium -- validator rewards calculation bug
- Martin Lundfall -- low -- divide by zero when extremely low validator balances
Happy š hunting!
Unification of eth1+eth2 communications
Something magical has been happening since deVcon in Osaka. Under the wrangling of Piper, the vague eth1x research initiative has blossomed into the Stateless Ethereum movement with a concrete roadmap and wide participation across the ecosystem.
This movement is complementary to the eth2 scaling efforts, and the research, specs, development, and conversation of both eth1+eth2 increasingly overlap. To aid in this collaborative effort driving the future of Ethereum, eth1+eth2 communications were recently merged into the Eth R&D discord server
Join us! You're welcome to lurk, ask questions, propose new sync protocols, prototype the eth1+eth2 unification, optimize witnesses, or otherwise just keep up to speed on the future of the Ethereum protocol š