The safety of the Ethereum protocol is regularly being improved, and one current effort is the exterior safety assessment of the Pectra System Contracts.
The outcomes of this assessment might be discovered within the audits repository, and the TL;DR is that every one found points deemed related or vital from these opinions have been addressed.
Audit Scope and Methodology
The Pectra System Contracts embody a number of EIPs (EIP-2935, EIP-7002, and EIP-7251), and opinions had been primarily executed to:
- Consider the contracts for potential assault vectors.
- Be sure that the contract logic precisely implements the supposed performance as per the EIP specs.
A multi-phase method was taken, with every audit constructing upon the findings of earlier ones:
- Blackthorn Audit
- Dedaub Audits
- PlainShift Audit
- Sigma Prime Audit
Between every assessment, code enhancements had been made earlier than continuing to the following spherical of audits.
Formal Verification
Along with the safety opinions listed above, a16z performed a Formal Verification using Halmos.
They used Halmos to formally confirm the useful correctness of those contracts. This particularly targeted on whether or not the bytecode aligned with the spec, slightly than evaluating the safety of the spec itself in opposition to potential abuse or malicious use. This separation of issues permits auditors and the neighborhood to assessment the spec with out worrying about low-level bytecode implementation particulars.
Subsequent Steps
The total stories might be discovered within the Pectra System Contracts Audits repository.
A bug bounty competitors is presently operating on Cantina has rewards of as much as $2,000,000 for findings associated to Pectra.
As all the time, the safety of the Ethereum ecosystem is a collective effort. We prolong our gratitude to all of the auditors and contributors who’ve performed an vital half on this course of!
