Baseline Protocol to be Announced

Solutiuon, created by ConsenSys, EY and Microsoft will allow enterprises to access DeFi, ETH-backed services without private data disclosure
05 March 2020   241

Ethereum-studio ConsenSys and audit firm EY entered into a partnership to launch the corporate project Baseline Protocol. He was supported by 12 companies and organizations, including Microsoft, AMD, Chainlink and MakerDAO. About it writes The Block.

The Baseline Protocol will allow corporate users to access decentralized finance (DeFi) services on the Ethereum blockchain without the need to disclose their private data.

ConsenSys explained that systems like ERP and CRM have difficulty synchronizing data with their peers. Blockchain is a potential solution to this problem, but many companies do not want to take the risks of revealing business secrets to other network participants - potential competitors.

Baseline Protocol will isolate data from other participants in the system, to which, under certain circumstances, such data may be provided. To do this, developers use digital signatures, a zero-disclosure evidence algorithm, and other technologies. Thus, various teams will gain access to the information necessary at the current stage of work, however, all other information will be hidden from them.

The ultimate goal of the project is to improve the quality of products of enterprise systems suppliers, developers of individual solutions and cloud providers. The code will be made publicly available through the non-profit OASIS standardization organization.

To date, work has been completed in three quarters. The project also includes Core Convergence, Duke University, Envision Blockchain, Neocava Splunk, HniBright, Provide and W3BCLOUD.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   224

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.