Cryptocurrency enthusiasts are awaiting the launch of Eth2, but the complexity of the protocol has called into question the attainability of Ethereum security. Will the new project emerge unassailable in the blockchain space?
The release of Ethereum 2.0 (commonly known as Eth2), is a much anticipated event in the blockchain tech space. The project, which is entirely different from its predecessor, will mark the first time we will see the Proof-of-Stake (PoS) mechanism for blockchain transactions both implemented and validated at scale.
We have also seen its launch date pushed from the first quarter of 2020 to the third. Anticipated sometime in July, its founder, Vitalik Buterin, has been hesitant to provide an definitive time of arrival. Meanwhile, the interest in Ethereum has grown substantially: In the past three months, the market cap of Ethereum has increased from over $12 billion to over $25 billion.
Still, many investors are holding their positions in hopes to make gains post-launch. Another contributing factor has been the use of ETH in the decentralized finance (DeFi) sector. These investments have increased exponentially in the past year. ConsenSys reported that in Q1 of 2020, the value ETH and ERC-20 tokens locked in DeFi smart contracts reached $1 billion USD. The same quarter also saw the most ETH ever (over 3 million to be exact) stored in DeFi contracts.
With the stakes for Ethereum being as high as ever, it’s worthwhile to look at the features baked into its blockchain to help protect investors and users. Unfortunately, this component of the Ethereum network has experienced security breaches in the past. It is useful, therefore, to briefly analyze this history before discussing the updates and vulnerabilities we can expect with Eth2.
Ethereum Security: Past Breaches and Attacks
Those who are new to the blockchain and cryptocurrency space will naturally compare Ethereum to Bitcoin, and debate over which one is more valuable or secure. Bitcoin, as of now, is the undisputed king. Not only is it stable, but it does one thing (and one thing really well): It lets you exchange value in a secure and decentralized fashion. But Ethereum and other protocols mirror real life ecosystems. With more complexity comes the likelihood of software bugs and attack vectors. This is the importance of the Eth2 Proof-of-Stake mechanism.
In fact, no other digital asset can attribute its formation to a security breach in the same way as Ethereum. The original network split into Ethereum and Ethereum Classic after the decentralized autonomous organization (DAO) attack on June 17, 2016. Originally a project of tech company Slock, the DAO required users to invest if they wanted to become members. A hacker, unfortunately, would eventually make off with around $60 million in Ether, the network’s native currency. This was done with the assistance of a recursive, or repeating function, which allowed the exchange of DAO tokens for more Ether than the cryptocurrency’s actual use value, as well as before each transaction could be registered.
Smart Contract Hacks
The primary concern surrounding Ethereum and its system security is directly tied to smart contracts. The following are two (2) examples of smart contract hacks that have occurred on the Parity Ethereum blockchain, which was developed by Parity Technologies as an open-source alternative to the Geth Ethereum client.
The Parity Hacks are comprised of two (2) main incidents. The first one occurred in 2017 when someone hacked into the company’s multi-signature wallet to steal around 150,000 Ether. These “multisigs,” as they are often called, are smart contracts which require the consent of multiple wallet owners. According to news.bitcoin.com, the vulnerability was in a multisig contract called “wallet.sol” and wound up costing users around $30 million USD.
The second incident was the result of a user-triggered event. A software bug in a smart contract ended up blocking over 513,770 ETH. According to Parity, the vulnerability was present in the “library” smart contract code, which is present in all multisig wallets deployed after July 20, 2017. After discovering it, the attacker was able to exploit it by setting him/herself as the owner of the contract. This user then destroyed the component which resulted in a freezing of 587 wallets.
The Rubixi Hack is best described as a smart contract Ponzi scheme. But the root of this exploit can be traced back to its programming logic. Initially, the name of this contract was not Rubixi. It’s name was changed but it’s constructor (also known as a sub-routine) was not properly updated. As a result, it could be triggered by any user to make themselves the owner. This vulnerability was exploited several times by simply invoking the previous name of the smart contract and withdrawing the fees generated by other participants.
The Constantinople update for Ethereum was delayed after an auditing firm known as ChainSecurity discovered a flaw in the proposal that would place existing smart contracts at risk of a reentrancy attack.
Reentrancy happens when a process, during its execution, is interrupted a ran again. Although such events occur all the time in software technology, they pose a threat to exchanges and banking systems that would allow hackers to enter the same function multiple times within a network. Reentrancy attacks enable users to withdraw funds one or more times without informing users.
Although experts at ChainSecurity mentioned that it would be very difficult for hackers to take advantage of this security flaw, the Ethereum community decided to postpone another hard forking of its beloved protocol. Each improvement within Eth2 is nothing short of innovation, but a priority shared among investors and developers is Ethereum system security.
Eth2 – Phases for Achieving Ethereum Security
According to The State of Eth2, June 2020 report published on Ethereum’s Blog, the infrastructure of Eth2 is both scalable and secure. The report adds that Eth2, also called the Serenity upgrade, will take multiple years to implement.
Also mentioned in the report is Proof-of-Stake, an important and long-awaited feature in the Ethereum protocol. The Constantinople hard fork was finally implemented in early 2010 which improved the efficiency and scalability of its blockchain and other facets. This was followed by the Istanbul hard fork towards the end of 2019, which also saw improvements to scalability. The Istanbul update included reduction in costs of ZKPs (zero knowledge proofs). Combined with the autonomy of optimistic rollups, an increase in transactions per second (TPS) is realized. Vitalik Buterin reported a TPS rate of over 3000 post-Istanbul.
Building upon the success of these implementations, the Eth2 launch will consist of the following phases:
According to the aforementioned report, Phase 0 of the tentative Eth2 launch is also known as the Beacon Chain and lies at the core of the new Proof-of-Stake consensus mechanism. The miner or validator of any block transaction will be restricted by the number of ETH coins they hold. In other words, the Eth2 project directly connects the ability to validate with a user’s total currency value. This has important security implications (discussed in the PoW and PoS comparison below).
But at a macroview, it simply makes for a more secured network. Eth2 will have a minimum of ~16,000 validators. This figure will multiply to reach hundreds of thousands in two years following the launch. Each validator in the network will need to hold at least 32 ETH and the ability to run Ethereum’s light client on any consumer-grade laptop, according to Bitcoin Suisse.
PoS and PoW Security
In terms of Ethereum security, an important feature of the PoS system is that it is less susceptible to over 5o% of attacks. Investopedia, for example, explains that Ethereum’s PoS reduces the ability of a miner to assume control of over 51% of computing power. At least 51% is needed to launch an attack. And by attempting to do so without this prerequisite, attackers run the risk of possibly devaluing their assets. The distributed nature of the networks protect against the likelihood of other attacks as well.
In the Proof-of-Work (PoW) consensus system, miners can only validate a new block of transactions if other network nodes agree on the accuracy of the proofs (or block hashes) provided by the miner. A blockchain using PoW will become susceptible if an individual or group of miners obtain the majority of hash power.
In theory, “51% attacks” are more likely to occur in PoW systems. This is because in PoS systems, miners are holding the coin themselves, which means they hold a larger stake. However, in a decentralized, distributed blockchain, the overall possibility of such an attack is low, regardless of the employed consensus mechanism. It should also be noted that while miners in a PoW system may not hold the majority of currency, they will have likely invested in computing power and equipment.
Phase 1 will be about establishing multiple blockchains, also known as shard chains. Each shard chain will be similar to present-day Ethereum in complexity and the Beacon Chain will coordinate the shard chains.
Sharding is a database partitioning technique in which a blockchain is split into partitions in order to allow multiple transactions to be processed at once. Bear in mind that the complexity of sharded blockchains, which were already complex before segmentation, is needed to break up the system into smaller chunks that can be validated. In fact, sharding helps address the scalability issue of expanding networks. But how does this fare in terms of security?
In Eth2, validators will be temporarily (and randomly) selected for each shard chain. This process of delegation reduces the possibility of validators colluding with one another. However, the keyword here is “random.” Because sharding will undoubtedly affect a variety of features on the blockchain, it is important that the mechanism for selecting validators does so randomly.
Verifiable delay functions (VDFs) are used to deliver this level of informality. As implied, VDFs work by stalling outputs after accepting arbitrary numbers (or inputs) provided by validators. This is done to ensure that all inputs are finalized, which in turn, reduces the probability of someone influencing the output. It is also worth emphasizing that VDFs are better algorithms than systems which require a non-colluding majority, as they require just a single honest actor.
It has been confirmed that the total number of shard chains in Phase 1 of Eth2 deployment will be 64.
Midway into Phase 1 will be marked by the integration of the Ethereum mainnet into Eth2 as a shard. The mainnet, which describes the Eth2 protocol deployed into a production environment, will be present alongside the 64 shard chains previously created, using PoS instead of PoW.
The final phase of the Eth2 launch involves the execution of shard chains. The rest of it, however, is still open for discussion as noted in the Eth2 report.
Least Authority’s Security Audit of Eth2
Least Authority, an organization derived from the principle of minimal privilege, performed an audit of the Eth2 – Ethereum security plan. In their report, they noted there were no examples of long-term stability in a PoS system, and therefore concluded there wasn’t any evidence of stability in such a blockchain. It remains to be seen if minimalism among system components can truly be achieved among sharded chains.
Block Prosper Election
Least Authority’s audit report also highlights specific “areas of concern” regarding the overall security of the new blockchain. One of the issues is with the block prosper election system. In Proof-of-Stake systems, the block prosper is the component that decides which block will become a part of the blockchain. Least Authority recommended the Eth2 team ensure the secretiveness of this process, which in turn, will protect it from a variety of attack vectors.
This might be achieved through the use of a Single Secret Leader Election (SSLE), which would ultimately conceal the block election system. SSLE, considered by many to be a best practice, can help mitigate the risk of distributed denial of service (DDoS) attacks and block prosper eclipse attacks. They can also help with a random sampling of blocks prospers.
By default, block prospers which are publicly known are susceptible to DDoS attacks. This, of course, is marked by the interruption of normal traffic among a system of nodes. A block prosper eclipse attack works much differently. Here, a validator creates a number of nodes for connecting to the block prosper, thereby increasing the likelihood of the blockchain encountering a malicious actor.
The SSLE scheme helps mitigates these attacks by ensuring the elected prosper is the only actor with information about elected nodes. It is also charged with proving this information to others. Attackers are hence blindsided and elected validators are safe to propose their blocks. The Eth2 team is paying close attention to the benefits of using SSLE schemes and Vitalik Buterin, himself, included it in the road map for the project.
P2P Networking Layer
Another area of concern regarding Eth2 / Ethereum security is its Peer-to-Peer (P2P) networking layer. The messaging systems of such networks are susceptible to spam. In the absence of a centralized system for reviewing nodes, malicious nodes can bombard the system with unsolicited messages to either slow it down or stop it from working altogether. Least Authority recommends the use of the BAR-resilient gossip protocol, which would remediate threats posed by peers that secretly rewrite the gossip protocol as they see fit.
Ethereum Security Considerations with Proof-of-Stake (PoS)
Besides the specific concerns and vulnerabilities outlined in Least Authority’s audit report, some general security considerations relate to the consensus mechanism in use. Attacks that can potentially occur on Proof-of-Stake systems include, but are not limited to, bribery, liveness denial and grinding attacks.
As implied, a bribery attack involves an attacker bribing validators to work on specific blocks. This is done by the attacker matching or exceeding the block reward, or amount the validator will earn in the validation process.
Liveness Denial is a type of DDoS attack. But rather than stifling network traffic in general, it targets the publishing of block transactions and is the direct result of collusion among validators.
Grinding attacks are rooted in the informality of proof-of-stake and the randomness with the election of slot leaders. Here, a bad actor assumes the role of slot elder and influences the frequency of elections for subsequent block transactions.
From scalability to security, the Eth2 update promises a lot to Ethereum’s network of investors, developers and overall enthusiasts. What this will look like (upon launch) is still very much in the works. Given the versatility of the Ethereum protocol—most notably when compared to Bitcoin and other altcoin protocols—the Eth2 development team appears to be staying abreast of security considerations. This is evident through its extensive list of users and testers. The long game is to distribute a secure and robust mainnet, as marked by the project’s multiphase implementation.