Devcon3: what to expect?

The biggest conference of Ethereum developers started in Mexico
02 November 2017   4211

From 1 to 4 November in Cancun, Mexico the third Ethereum developer conference will be held. The Ethereum Foundation event will be the largest ever event for the Ethereum ecosystem.

Devcon3
Devcon3 

In total, over the next four days Devcon3 will host more than 120 presentations and speeches by key industry players. Each of them potentially has an important role to play in the development of a project, both from a technology perspective and from a market perspective.

Key speakers:

  • Vitalik Buterin - co-founder of Ethereum;
  • Vlad Zamfir is a researcher and developer of the Ethereum Foundation;
  • Joseph Pun is a developer of Lightning Network;
  • Sergey Lonshakov - CEO of Airalab;
  • Patrick McCorry is a research fellow at University College London, a specialist in cryptography;
  • Marley Gray is Microsoft Business Development and Strategy Director;
  • Daniel Nagi is one of the developers of the Ethereum core, currently specializing in the Swarm system;
  • Peter Zhilagi - developer of the Ethereum Foundation and other well-known representatives of the blockchain industry

The event is supported by well-known organizations and projects, including Microsoft, Enterprise Ethereum Alliance, Hyperledger, ShapeShift, Status, Zcash Foundation, Polychain Capital, etc.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   229

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.