tl;dr
- Rayonism☀️, hacking the Merge together
- blst security advisory
- Reminder! Beacon Chain security+testing RfP
Rayonism☀️, hacking the Merge together
This week, protolambda and others released plans for Rayonism, an ambitious month-long hack to create Merge devnets based on current specs with a stretch goal of adding sharding to these devnets along with L2 rollup integrations.
The primary motivation is to unite development around a unified Merge spec to onboard all client teams firmly into the Merge design and process so that an informed decision on the Merge roadmap can be agreed upon in the coming months. That, and have a little bit of fun :)
In addition to Rayonism, Merge specs and design documents are making great progress. Huge shout-out to Mikhail and to the many reviewers and contributors pushing this along!
Read more about Rayonism here and join us in the Eth R&D discord #rayonism☀️ channel to get involved!
blst security advisory
Yesterday, Supranational released a security advistory for the blst BLS library that is currently in use in production by all beacon chain clients today.
During the course of differential fuzzing of the blst library by Guido Vranken, he discovered that blst can produce the incorrect result for some input values in the inverse function. This was patched in a blst release three weeks go and has been released into all beacon chain clients.
Although there is currently no known practical exploit of this issue, it is advised that everyone running beacon chain clients upgrade to the latest version in case an exploit is uncovered. Similarly, if you use blst in your project, we highly recommend bumping to the latest version as soon as possible.
[Note: Teku was not running an affected version of blst, but they have some juicy optimizations recently so you might as well upgrade anyway]
You can read more about this issue in the public security advisory on the blst repo.
Beacon Chain security+testing RfP
Reminder! There is an outstanding Beacon Chain security+testing RfP.
The EF is looking for any proposals that further the security and robustness of the Beacon Chain and the upcoming merge (migration from PoW to PoS). Live network analysis, formal verification, client load testing, new consensus vectors -- just to name a few potential paths.
Get creative! Given you and your team's skillset, there is likely a valuable way to contribute to the security of this system.
Proposals are due April 20th 🚀