The safety of the Ethereum protocol is continuously improved, and a recent effort is the examination of external security of the Pectra system contracts.
The results of this review can be found in the Audit repositoryand the TL; Dr is that all the problems discovered deemed relevant or important of these journals have been treated.
Audit and methodology scope
The contracts of the Pectra system include several EIP (EIP-2935, EIP-7002 and EIP-7251), and journals were mainly carried out for:
- Evaluate contracts for potential attack vectors.
- Make sure that the logic of the contract accurately implements the features provided in accordance with EIP specifications.
A multiphasic approach has been adopted, each audit based on the results of the previous ones:
- Blackthorn audit
- DEDAUB audits
- Purge audit
- SIGMA PRIME AUDIT
Between each examination, code improvements have been made before switching to the next series of audits.
Formal verification
In addition to the security examinations listed above, A16z led a Formal verification using Halmos. They used Halmos To formally verify the functional accuracy of these contracts. This specifically focused on the fact that Bytecode dressed up on the specification, rather than assessing the security of the specification itself against potential abuses or malicious use. This separation of concerns allows listeners and the community to examine the specifications without worrying about the implementation of low -level bytecode.
Following steps
Complete reports can be found in the Pectra System Contraction of the REPUSTRIORE.
A bug bonus competition is currently working Cantina Awards that are up to $ 2,000,000 for the results related to Pectra.
As always, the safety of the Ethereum ecosystem is a collective effort. We extend our gratitude to all listeners and contributors who have played an important role in this process!
