Ethereum’s 2.0 specifications were audited by a tech-security firm Least Authority. Least Authority aired concerns on the possibility of spam messages on the ETH 2.0 protocol’s Peer-to-Peer message platform. Least Authority also identified the block proposer system-as another area with potential vulnerabilities.
In response to Least Authority’s claims, Buterin suggested that the ETH 2.0 team is working steadily on these problems, despite the likelihood of long term maintenance required.
Least Authority recommend the ETH 2.0 team to implement a fully BAR-resilient gossip protocol-this will be implemented to prevent spamming on the P2P protocol.
According to Buterin, spamming was present in the current ETH 1.0 network and was only avoided overtime. He anticipates the same problem to likely occur with the ETH 2.0 framework as well.
Buterin airs on Least Authority’s claims, “In general, we definitely take network security seriously,” Buterin continues, “ETH 1.0 has taken some time to harden it’s network layer and there are currently a lot of eyes on networking issues so i expect DoS issues to be mitigated over time”
Buterin also spoke on the suggested BAR-resilient gossip protocol, adding, “Regarding BAR resiliency, i expect that the approach we’ll take will be to assume altruism in the beginning and then build in better incentive properties over time; the ETH 1.0 network is also evolving in this direction,”
The second identified vulnerability was the potential for information to leak with ETH 2.0’s block proposer system.
Buterin stated that the ETH 2.0 team is taking the suggestions of Least Authority seriously, and they have made the use of a Single Secret Leader Election (SSLE) mechanism a primary concern in the development of ETH’s 2.0 framework. Buterin claims that this mechanism is included in the 5-10yr roadmap projection released by the Ethereum Foundation. SSLE is planned to be implemented in Phase 2 or later on in the roadmap.
Since the auditing process is now completed, the ETH team plans to carry out their Multi-client Testnets and a Phase 0 bug bounty program, according to project leader Danny Ryan. Multi-client Testnets will likely take place in April, according to Buterin.
Phase 0 mainnet launch is set to release after the Multi-client Testnets have been launched and only after the testnets have been running for a while without any issues. This procedure was also done back in 2015 for the ETH 1.0 framework roadmap.
Ethereum has quite a bit of work cut out for the team, but they have a long term roadmap they will be steadily improving on over time.