The audit focused on reviewing the Phase 0 specifications of the new Ethereum version. It concluded that, although the network enjoys robust security, it can suffer DDoS attacks.
In recent months, the founder of ConsenSys, Joseph Lubin, stated that Ethereum 2.0 would be ready for the year 2020. Even though the fulfillment of this forecast is not yet certain, the new Ethereum version undergoes an audit and gives the first hints of its performance.
The startup Least Authority conducted a review of the Ethereum 2.0 specifications for the initial activation stage, known as “Phase 0”. They also audited technical details of the Beacon Chain and the upcoming hard fork. The research ended in a security report, where the experts noted that there are problems in the Ethereum 2.0 P2P network and its system of validators.
None of these vulnerabilities affect the network that the Ethereum community currently uses. It is a new protocol that will work with a Proof of Stake (PoS) algorithm and is being developed in parallel. In this way, users will migrate to this new blockchain to enjoy greater scalability and programming capacity.
To allow the migration and activation of the blockchain to occur successfully, the experts recommend reviewing the choice system of proponents of the Ethereum 2.0 block. These entities are in charge of proposing the blocks so that the network validators certify them. Therefore, they play an important role in the registration of transactions and can become targets of attack.
For instance, a malicious participant can connect multiple nodes to the network and overshadow the functions of the proponents. On the other hand, they can perform a distributed denial-of-service (DDoS) attack to disable their functionality. For this reason, they recommend that the choice of proponents should be as reserved as possible to avoid revealing their IP.
There Are Not Always Good Intentions
The Least Authority report notes that Ethereum 2.0 is a robust and secure network, concluding that “security has been an important consideration during the design phase.” However, in the specifications on the P2P messaging system, the analysts said that the lack of documentation does not allow them to conclude how secure it can be.
This leads them to continue monitoring the behavior of this sector and its future development when the network is already working for the public. They added that this type of platform can work very well when it is in the hands of altruistic users. However, Ethereum expects this network to be in massive use but, as its operation becomes increasingly collective, setbacks may occur.
For example, they consider that malicious or selfish users can attack it, working against the proper functioning of the network and generating “spam”. For that reason, they suggested applying a BAR system that is resistant to these attacks and limits harmful behavior on the network. They highlighted that this type of attack would delay or even stop the network processing for as long as it takes place.
Ethereum 2.0 is one of the releases that the community following this network, specialized in smart contracts, has awaited the most. Recognized developer Vitalik Buterin noted that the new network will make transactions on Ethereum more secure and increase scalability.
By Alexander Salazar
