Saturday, March 25, 2023
  • Login
EthozEdge
No Result
View All Result
  • Home
  • ETHO News
  • EVM News
    • Avalanche Network
    • Ethereum
    • Fantom Opera Chain
    • Harmony Chain
    • Huobi Eco Chain
    • Polygon Chain
  • Crypto News
    • Altcoin News
    • Bitcoin
    • Blockchain
    • Crypto Exchanges
    • Crypto Mining
    • Crypto Regulation News
    • DeFi
    • NFT
    • Metaverse
    • Scam News
    • Web 3.0
Cryptocurrency Marketcap
  • Home
  • ETHO News
  • EVM News
    • Avalanche Network
    • Ethereum
    • Fantom Opera Chain
    • Harmony Chain
    • Huobi Eco Chain
    • Polygon Chain
  • Crypto News
    • Altcoin News
    • Bitcoin
    • Blockchain
    • Crypto Exchanges
    • Crypto Mining
    • Crypto Regulation News
    • DeFi
    • NFT
    • Metaverse
    • Scam News
    • Web 3.0
No Result
View All Result
EthozEdge
No Result
View All Result
Home Crypto News Ethereum

Secured #3: Security Teams | Ethereum Foundation Blog

by ethozedge
April 14, 2022
in Ethereum
Reading Time: 4 mins read
A A
0
Share on FacebookShare on Twitter


Over the past year, the Ethereum Foundation has significantly grown its team of dedicated security researchers and engineers. Members have joined from a variety of backgrounds ranging from cryptography, security architecture, risk management, exploit development as well as having worked on red and blue teams. The members come from different fields and have worked on securing everything from the internet services we all depend on each day, to national healthcare systems and central banks.

As The Merge approaches, a lot of effort from the team is spent analyzing, auditing and researching the Consensus Layer in various ways as well as The Merge itself. A sample of the work is found below.

Client Implementation Audits 🛡️

Team members audit the various client implementations with a variety of tools and techniques.

Automated Scans 🤖

Automated scans for codebases aim to catch low hanging fruit such as dependency vulnerabilities (and potential vulnerabilities) or improvement areas in code. Some of the tools being used for static analysis are CodeQL, semgrep, ErrorProne and Nosy.

As there are many different languages used between the clients, we use both generic and language specific scanners for the codebases and images. These are interconnected through a system that analyzes and reports new findings from all tools into relevant channels. These automated scans make it possible to quickly get reports about issues that potential adversaries are likely to easily find, thus increasing the chance of fixing issues before they can be exploited.

Manual Audits 🔨

Manual audits of components of the stack are also an important technique. These efforts include auditing critical shared dependencies (BLS), libp2p, new functionality in hardforks (eg. sync committees in Altair), a thorough audit into a specific client implementation, or auditing L2s and bridges.

Additionally, when vulnerabilities are reported via the Ethereum Bug Bounty Program, researchers can cross-check issues against all clients to see if they are also affected by the reported issue.

Third Party Audits 🧑‍🔧

At times, third party firms are engaged to audit various components. Third party audits are used to get external eyes on new clients, updated protocol specifications, upcoming network upgrades, or anything else deemed high-value.

During third party audits, software developers and our team’s security researchers collaborate with the auditors to educate and assist throughout.

Fuzzing 🦾

There are many ongoing fuzzing efforts led by our security researchers, members of client teams, as well as contributors in the ecosystem. The majority of tooling is open source and runs on dedicated infrastructure. The fuzzers target critical attack surfaces such as RPC handlers, state transition and fork-choice implementations, etc. Additional efforts include Nosy Neighbor (AST based auto fuzz harness generation) which is CI based and built off of the Go Parser library.

Network level simulation and testing 🕸️

Our team’s security researchers build and utilize tools to simulate, test, and attack controlled network environmets. These tools can quickly spin up local and external testnets (“attacknets”) running under various configurations to test exotic scenarios that clients must be hardened against (eg. DDOS, peer segregation, network degradation).

Attacknets provide an efficient and safe environment to quickly test different ideas/attacks in a private setting. Private attacknets cannot be monitored by potential adversaries and allow us to break things without disrupting the user experience of public testnets. In these environments, we regularly utilize disruptive techniques such as thread pausing and network partitioning to further expand the scenarios.

Client and Infrastucture Diversity Research 🔬

Client and infrastructure diversity has received a lot of attention from the community. We have tools in place to monitor the diversity from a client, OS, ISP and crawler statistics. Additionally we analyze network participation rates, attestation timing anomalies and general network health. This information is shared across multiple locations to highlight any potential risks.

Bug Bounty Program 🐛

The EF currently hosts two bug bounty programs; one targeting the Execution Layer and another targeting the Consensus Layer. Members of the security team monitor incoming reports, work to verify their accuracy and impact, and then cross-check any issues against other clients. Recently, we published a disclosure of all previously reported vulnerabilities.

Soon, these two programs will be merged into one, the general platform will be improved, and additional rewards will be provided for bounty hunters. Stay tuned for more information on this soon!

Operational Security 🔒

Operational Security encompasses many efforts at the EF. For example, asset monitoring has been setup which continually monitor infrastructure and domains for known vulnerabilities.

Ethereum Network Monitoring 🩺

A new Ethereum network monitoring system is being developed. This system works similar to a SIEM and is built to listen to and monitor the Ethereum network for pre-configured detection rules as well as dynamic anomaly detection that scans for outlier events. Once in place, this system will provide early warnings about network disruptions in progress or coming up.

Threat Analysis 🩻

Our team conducted a threat analysis focuse on The Merge to identify areas that can improved with respect to security. Within this work, we collected and audited security practices for Code Reviews, Infrastructure Security, Developer Security, Build Security (DAST, SCA and SAST built into CI, etc.), Repository Security, and more from the client teams. Additionally this analysis surveyed how to prevent misinformation, from which disasters may strike, and how the community might recover in various scenrios. Some efforts related to disaster recovery exercises are also of interest.

Ethereum Client Security Group 🤝

As The Merge approaches, we formed a security group that consists of members of client teams working on both the Execution Layer and the Consensus Layer. This group will meet regularly to discuss matters related to security such as vulnerabilities, incidents, best practices, on-going security work, suggestions, etc.

Incident Response 🚒

Blue Team efforts help bridge the gap between the Execution Layer and the Consensus Layer as The Merge moves closer. War rooms for incident response has worked well in the past where chats would spring up with relevant people during incidents, but with The Merge comes new complexity. Further work is being done to (for example) share tooling, create additional debug and triage capabilities and create documentation.

Thank you and get involved 💪

These are some of the efforts currently taking place in various forms, and we’re looking forward to share even more with you in the future!

If you think you’ve found a security vulnerability or any bug, please submit a bug report to the execution layer or consensus layer bug bounty programs! 💜🦄





Source link

Tags: bitcoin newsBlogcrypto analysiscrypto newsEthereumEthoz EdgeFoundationLatest bitcoin newslatest crypto newsSecuredSecurityTeams
Share76Tweet47

Related Posts

Des nouvelles de la gouvernance d’Ethereum France

by ethozedge
March 23, 2023
0

De nombreux sujets intéressants ont été discutés ces deux derniers mois au sein de l’association Ethereum France. Parmi eux, la...

Maybe you miss these Breaking News 07/03

by ethozedge
March 23, 2023
0

TL;DR Voyager sold 1,449 $ETH via Wintermute and received 2.25M $USDC $XRP Ledger Developers Unveil Proposal That Could ‘Significantly Expand’...

🦄 uniswap-universal-router-decoder ✨ v0.8.0 ✨ has just been released !!

by ethozedge
March 18, 2023
0

Uniswap Universal Router Codec v0.8.0 is a major upgrade for this open source 🐍 Python 🐍 coder and encoder for...

MIT Bitcoin Club Hackathon and Conference (Open to ALL – Free for Students)

by ethozedge
March 17, 2023
0

Hi, I'm Bleet and I'm helping to run the 10th Annual MIT Bitcoin Expo Hackathon April 21-23! Meet students and...

Guide to the Layer 2 Landscape – A Simple Explanation

by ethozedge
March 17, 2023
0

Layer 2's Layer 2’s are called that because they’re built on top of Ethereum (the Layer 1). They are extensions...

Load More
  • Trending
  • Comments
  • Latest

🔴 Bank of America Bets on Crypto

April 11, 2022

Pomelo Launches Family Credit Cards to Combine Credit and International Money Transfer

August 16, 2022

How to Add Polygon (MATIC) to Your MetaMask Wallet

May 28, 2022

The Sandbox Price Prediction 2022-2030: HODL or DUMP?

May 25, 2022

Successful Beta Service launch of SOMESING, ‘My Hand-Carry Studio Karaoke App’

0

At least 54 apes were stolen in BAYC Instagram hack

0

Binance Introduces New Crypto Card for Ukrainian Refugees

0

55,000 Meta Cricket League NFTs sell out in nine minutes

0

Crypto Trader Maps Path Forward for Aptos and Chainlink, Predicts Altcoins Will Fly Once Bitcoin Cools Off

March 25, 2023

Billionaire VC Tim Draper Tells Businesses To Keep Payroll In Bitcoin

March 25, 2023

Why We Opened The Belgrade Bitcoin Hub

March 25, 2023

Bitcoin Was a Winner During the U.S. Banking Crisis, but Illiquidity Prevents It From Being a USD Hedge

March 25, 2023
Facebook Twitter LinkedIn Tumblr RSS
EthozEdge

Find the latest Bitcoin, Ethereum, blockchain, crypto, Business, Fintech News, interviews, and price analysis at EthozEdge

CATEGORIES

  • Altcoin News
  • Avalanche Network
  • Binance Smart Chain
  • Bitcoin
  • Blockchain
  • Crypto Exchanges
  • Crypto Mining
  • Crypto Regulation News
  • DeFi
  • Ethereum
  • EVM News
  • Fantom Opera Chain
  • Harmony Chain
  • Huobi Eco Chain
  • Metaverse
  • NFT
  • Polygon Chain
  • Scam News
  • Web 3.0
  • XDai Chain

SITE MAP

  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Copyright © 2022 - EthozEdge.
EthozEdge The Crypto is not responsible for the content of external sites.

No Result
View All Result
  • Home
  • ETHO News
  • EVM News
    • Avalanche Network
    • Ethereum
    • Fantom Opera Chain
    • Harmony Chain
    • Huobi Eco Chain
    • Polygon Chain
  • Crypto News
    • Altcoin News
    • Bitcoin
    • Blockchain
    • Crypto Exchanges
    • Crypto Mining
    • Crypto Regulation News
    • DeFi
    • NFT
    • Metaverse
    • Scam News
    • Web 3.0

Copyright © 2022 - EthozEdge.
EthozEdge The Crypto is not responsible for the content of external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • JDBJDB(JDB)$0.021575-0.61%
  • bitcoinBitcoin(BTC)$27,725.00-0.50%
  • ethereumEthereum(ETH)$1,759.150.36%
  • USDEXUSDEX(USDEX)$1.07-0.47%
  • tetherTether(USDT)$1.010.30%
  • binancecoinBNB(BNB)$326.101.69%
  • usd-coinUSD Coin(USDC)$1.010.08%
  • rippleXRP(XRP)$0.4631319.75%
  • cardanoCardano(ADA)$0.359761-1.62%
  • dogecoinDogecoin(DOGE)$0.0751840.94%
  • staked-etherLido Staked Ether(STETH)$1,756.610.58%
  • matic-networkPolygon(MATIC)$1.100.90%
  • binance-usdBinance USD(BUSD)$1.010.08%
  • solanaSolana(SOL)$20.841.73%
  • polkadotPolkadot(DOT)$6.02-0.44%
  • litecoinLitecoin(LTC)$92.782.18%
  • shiba-inuShiba Inu(SHIB)$0.0000111.57%
  • tronTRON(TRX)$0.0645501.68%
  • avalanche-2Avalanche(AVAX)$16.79-1.23%
  • daiDai(DAI)$1.000.06%
  • uniswapUniswap(UNI)$5.83-1.98%
  • wrapped-bitcoinWrapped Bitcoin(WBTC)$27,780.00-0.23%
  • chainlinkChainlink(LINK)$7.10-2.44%
  • cosmosCosmos Hub(ATOM)$11.260.49%
  • leo-tokenLEO Token(LEO)$3.39-1.81%
  • ToncoinToncoin(TON)$2.111.10%
  • moneroMonero(XMR)$164.864.67%
  • ethereum-classicEthereum Classic(ETC)$20.291.00%
  • okbOKB(OKB)$42.33-1.96%
  • Aerarium FiAerarium Fi(AERA)$7.15-13.10%
  • stellarStellar(XLM)$0.0924554.33%
  • bitcoin-cashBitcoin Cash(BCH)$126.342.12%
  • filecoinFilecoin(FIL)$5.55-0.29%
  • AptosAptos(APT)$11.89-3.10%
  • true-usdTrueUSD(TUSD)$1.01-0.05%
  • hedera-hashgraphHedera(HBAR)$0.0608851.23%
  • quant-networkQuant(QNT)$123.170.81%
  • lido-daoLido DAO(LDO)$2.07-2.89%
  • crypto-com-chainCronos(CRO)$0.0690801.09%
  • nearNEAR Protocol(NEAR)$1.95-0.86%
  • vechainVeChain(VET)$0.0230330.92%
  • ArbitrumArbitrum(ARB)$1.25-3.78%
  • apecoinApeCoin(APE)$4.163.25%
  • algorandAlgorand(ALGO)$0.2107270.12%
  • internet-computerInternet Computer(ICP)$4.990.75%
  • blockstackStacks(STX)$0.95-6.74%
  • fantomFantom(FTM)$0.450762-1.46%
  • eosEOS(EOS)$1.14-2.74%
  • the-graphThe Graph(GRT)$0.141141-0.41%
  • the-sandboxThe Sandbox(SAND)$0.630.50%
  • decentralandDecentraland(MANA)$0.591.18%
  • elrond-erd-2MultiversX(EGLD)$42.470.49%
  • fraxFrax(FRAX)$1.00-0.16%
  • tezosTezos(XTZ)$1.13-0.20%
  • aaveAave(AAVE)$72.23-1.73%
  • theta-tokenTheta Network(THETA)$1.021.19%
  • flowFlow(FLOW)$0.97-0.90%
  • axie-infinityAxie Infinity(AXS)$8.401.50%
  • immutable-xImmutableX(IMX)$1.06-6.43%
  • kucoin-sharesKuCoin(KCS)$8.78-0.53%
  • neoNEO(NEO)$12.13-2.33%
  • havvenSynthetix Network(SNX)$2.49-1.20%
  • paxos-standardPax Dollar(USDP)$1.01-0.13%
  • rocket-poolRocket Pool(RPL)$38.700.75%
  • BitDAOBitDAO(BIT)$0.52-0.02%
  • WhiteBIT TokenWhiteBIT Token(WBT)$5.123.08%
  • gatechain-tokenGate(GT)$5.18-1.48%
  • terra-lunaTerra Luna Classic(LUNC)$0.0001241.33%
  • usddUSDD(USDD)$1.000.09%
  • bitcoin-cash-svBitcoin SV(BSV)$37.212.08%
  • curve-dao-tokenCurve DAO(CRV)$0.931.94%
  • mina-protocolMina Protocol(MINA)$0.82-0.31%
  • klay-tokenKlaytn(KLAY)$0.2282330.44%
  • optimismOptimism(OP)$2.23-0.50%
  • pancakeswap-tokenPancakeSwap(CAKE)$3.731.19%
  • conflux-tokenConflux(CFX)$0.317721-3.67%
  • dashDash(DASH)$59.49-2.04%
  • chilizChiliz(CHZ)$0.1206961.32%
  • sapphireSapphire(SAPP)$0.7035.32%
  • CloutContractsCloutContracts(CCS)$52.461,000.00%
  • makerMaker(MKR)$671.440.92%
  • ecasheCash(XEC)$0.0000311.21%
  • gmxGMX(GMX)$70.04-0.42%
  • huobi-tokenHuobi(HT)$3.691.06%
  • bittorrentBitTorrent(BTT)$0.0000012.00%
  • iotaIOTA(MIOTA)$0.208185-0.79%
  • Bitget TokenBitget Token(BGB)$0.3979801.07%
  • frax-shareFrax Share(FXS)$7.800.30%
  • xdce-crowd-saleXDC Network(XDC)$0.0398674.70%
  • singularitynetSingularityNET(AGIX)$0.449469-7.88%
  • compound-ethercETH(CETH)$35.28-1.09%
  • EdgecoinEdgecoin(EDGT)$1.010.07%
  • pax-goldPAX Gold(PAXG)$2,006.830.16%
  • trust-wallet-tokenTrust Wallet(TWT)$1.213.01%
  • Tokenize XchangeTokenize Xchange(TKX)$6.21-1.52%
  • tether-goldTether Gold(XAUT)$1,993.210.18%
  • binaryxBinaryX(BNX)$165.94-5.94%
  • Halo CoinHalo Coin(HALO)$0.057352-0.04%
  • zilliqaZilliqa(ZIL)$0.0273130.42%
  • compound-usd-coincUSDC(CUSDC)$0.0229420.17%
  • osmosisOsmosis(OSMO)$0.800.78%
  • loopringLoopring(LRC)$0.3529503.16%
  • FlareFlare(FLR)$0.0354148.67%
  • mask-networkMask Network(MASK)$5.50-5.25%
  • radixRadix(XRD)$0.042004-0.07%
  • render-tokenRender(RNDR)$1.17-4.01%
  • 1inch1inch(1INCH)$0.510.64%
  • nexoNEXO(NEXO)$0.755.82%
  • thorchainTHORChain(RUNE)$1.401.13%
  • arweaveArweave(AR)$8.141.07%
  • Rocket Pool ETHRocket Pool ETH(RETH)$1,881.840.39%
  • oec-tokenOKC Token(OKT)$22.46-0.57%
  • kavaKava(KAVA)$0.881.62%
  • gemini-dollarGemini Dollar(GUSD)$1.00-0.11%
  • cdaicDAI(CDAI)$0.0222630.14%
  • convex-financeConvex Finance(CVX)$5.151.36%
  • enjincoinEnjin Coin(ENJ)$0.3895401.01%
  • fetch-aiFetch.ai(FET)$0.3686410.67%
  • btse-tokenBTSE Token(BTSE)$2.38-0.08%
  • casper-networkCasper Network(CSPR)$0.0359062.00%
  • zcashZcash(ZEC)$35.840.18%
  • DeFiChainDeFiChain(DFI)$0.56-0.68%
  • EthereumPoWEthereumPoW(ETHW)$3.410.59%
  • dydxdYdX(DYDX)$2.35-2.66%
  • DogechainDogechain(DC)$0.001787-24.98%
  • basic-attention-tokenBasic Attention(BAT)$0.239360-1.07%
  • FLOKIFLOKI(FLOKI)$0.0000361.85%
  • nemNEM(XEM)$0.0391410.35%
  • ethereum-name-serviceEthereum Name Service(ENS)$13.28-0.53%
  • WEMIXWEMIX(WEMIX)$1.39-0.91%
  • Nexus MutualNexus Mutual(NXM)$49.33-1.23%
  • baby-doge-coinBaby Doge Coin(BABYDOGE)$0.000000-0.10%
  • BeldexBeldex(BDX)$0.06340413.55%
  • qtumQtum(QTUM)$3.13-1.54%
  • woo-networkWOO Network(WOO)$0.194666-0.88%
  • Aleph ZeroAleph Zero(AZERO)$1.470.82%
  • theta-fuelTheta Fuel(TFUEL)$0.052818-0.14%
  • decredDecred(DCR)$21.591.38%
  • holotokenHolo(HOT)$0.001792-0.88%
  • injective-protocolInjective(INJ)$3.94-5.30%
  • terra-luna-2Terra(LUNA)$1.300.51%
  • MagicMagic(MAGIC)$1.46-2.31%
  • ravencoinRavencoin(RVN)$0.0259310.29%
  • kusamaKusama(KSM)$33.17-0.40%
  • galaGALA(GALA)$0.039343-1.33%
  • KaspaKaspa(KAS)$0.0169390.25%
  • celoCelo(CELO)$0.60-1.08%
  • compound-governance-tokenCompound(COMP)$42.760.93%
  • bitcoin-goldBitcoin Gold(BTG)$16.59-0.28%
  • oasis-networkOasis Network(ROSE)$0.056770-0.46%
  • olympusOlympus(OHM)$10.25-0.34%
  • Gains FarmGains Farm(GFARM2)$7,940.810.00%
  • gnosisGnosis(GNO)$108.280.62%
  • safemoonSafeMoon [OLD](SAFEMOON)$0.0000001.57%
  • Access ProtocolAccess Protocol(ACS)$0.009238-0.25%
  • yearn-financeyearn.finance(YFI)$8,346.10-0.83%
  • balancerBalancer(BAL)$6.773.30%
  • linkLINK(LN)$40.31-0.57%
  • AstarAstar(ASTR)$0.0618440.58%
  • ankrAnkr Network(ANKR)$0.032958-2.63%
  • liquity-usdLiquity USD(LUSD)$1.02-0.05%
  • audiusAudius(AUDIO)$0.2696260.44%
  • chiaChia(XCH)$38.232.36%
  • omisegoOMG Network(OMG)$1.86-6.05%
  • Bone ShibaSwapBone ShibaSwap(BONE)$1.134.94%
  • nucypherNuCypher(NU)$0.196113-1.11%
  • IdeaChainIdeaChain(ICH)$4.730.00%
  • harmonyHarmony(ONE)$0.0206870.82%
  • ftx-tokenFTX(FTT)$1.89-21.52%
  • Crypto Gladiator LeagueCrypto Gladiator League(CGL)$0.16194440.57%
  • huobi-btcHuobi BTC(HBTC)$27,762.000.46%
  • SSV NetworkSSV Network(SSV)$34.530.66%
  • AstraferAstrafer(ASTRAFER)$1.550.38%
  • stepnSTEPN(GMT)$0.383703-0.85%
  • golemGolem(GLM)$0.2406860.27%
  • convex-crvConvex CRV(CVXCRV)$0.810.99%
  • Manchester City Fan TokenManchester City Fan Token(CITY)$11.87-1.78%
  • justJUST(JST)$0.0260701.05%
  • iotexIoTeX(IOTX)$0.024490-5.43%
  • DAO MakerDAO Maker(DAO)$1.550.66%
  • world-mobile-tokenWorld Mobile Token(WMT)$0.2920233.33%
  • escoin-tokenEscoin(ELG)$2.841.15%
  • moonbeamMoonbeam(GLMR)$0.376239-0.82%
  • Meerkat SharesMeerkat Shares(MSHARE)$11,715.17-5.03%
  • tether-eurtEuro Tether(EURT)$1.090.40%
  • amp-tokenAmp(AMP)$0.0039353.04%
  • band-protocolBand Protocol(BAND)$1.796.68%
  • Staked LunaStaked Luna(STLUNA)$88.35-0.49%
  • jasmycoinJasmyCoin(JASMY)$0.004645-0.74%
  • ecomiECOMI(OMI)$0.000815-0.44%
  • BlurBlur(BLUR)$0.530.17%
  • Frax EtherFrax Ether(FRXETH)$1,757.100.43%
  • Gains NetworkGains Network(GNS)$7.13-2.90%
  • wavesWaves(WAVES)$2.150.55%
  • kadenaKadena(KDA)$0.95-3.04%
  • siacoinSiacoin(SC)$0.004035-0.05%
  • iconICON(ICX)$0.217740-0.49%
  • Ankr Staked ETHAnkr Staked ETH(ANKRETH)$1,925.73-2.13%
  • BitgertBitgert(BRISE)$0.0000018.30%
  • terrausdTerraClassicUSD(USTC)$0.0207551.88%