The safety of the Ethereum protocol is regularly being improved, and one current effort is the exterior safety evaluation of the Pectra System Contracts.
The outcomes of this evaluation might be discovered within the audits repository, and the TL;DR is that every one found points deemed related or essential from these critiques have been addressed.
Audit Scope and Methodology
The Pectra System Contracts embody a number of EIPs (EIP-2935, EIP-7002, and EIP-7251), and critiques have been primarily completed to:
Consider the contracts for potential assault vectors.Be certain that the contract logic precisely implements the meant performance as per the EIP specs.
A multi-phase strategy was taken, with every audit constructing upon the findings of earlier ones:
Blackthorn AuditDedaub Audits
PlainShift AuditSigma Prime Audit
Between every evaluation, code enhancements have been made earlier than continuing to the subsequent spherical of audits.
Formal Verification
Along with the safety critiques listed above, a16z carried out a Formal Verification utilizing Halmos.
They used Halmos to formally confirm the practical correctness of those contracts. This particularly centered on whether or not the bytecode aligned with the spec, somewhat than evaluating the safety of the spec itself towards potential abuse or malicious use. This separation of considerations permits auditors and the group to evaluation the spec with out worrying about low-level bytecode implementation particulars.
Subsequent Steps
The complete experiences might be discovered within the Pectra System Contracts Audits repository.
A bug bounty competitors is at the moment working on Cantina has rewards of as much as $2,000,000 for findings associated to Pectra.
As all the time, the safety of the Ethereum ecosystem is a collective effort. We prolong our gratitude to all of the auditors and contributors who’ve performed an essential half on this course of!
Discussion about this post