Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   1018

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.

Opera Mobile to be Add Crypto Purchase Option

Together with Wyre, in USA Opera will add Apple Pay to the iOS apps and integrate of debit cards for the Android version to purchase crypto
17 March 2020   282

Opera added the ability to purchase ETH and BTC for US residents through Apple Pay and credit cards in mobile versions of the browser on iOS and Android.

In the framework of cooperation with the startup Wyre, that is primarily aimed at users of mobile versions of the browser in the United States, Opera adds Apple Pay to the iOS application and the integration of debit cards for the Android version to purchase cryptocurrencies. This will give users the opportunity to make purchases of BTC and ETH worth up to $ 250 per day for $ 0.3, plus a transaction fee of 2.9%, said cryptocurrency director of Opera Charles Hamel.

This restriction in the purchase of cryptocurrencies is due to the fact that the new features are primarily intended for application developers and everyday users, and not for investors and speculators.

That’s not a very high ceiling, but it’s meant to appeal to dapp developers and day-to-day users, not investors and speculators looking to move well over $250 in crypto a day.

 

Charles Hamel

Opera’s Head of Crypto

The company is moving towards turning its browser into a Web 3.0 application by adding TRON support and releasing a desktop version of the browser compatible with dApps on Ethereum. In October last year, advanced functions were added to the Opera browser version for Android that allow payments in bitcoin directly from the built-in digital wallet.

Hamel said that the settlement of the transaction will take about 30 seconds, and the payment company Wyre will be engaged in the storage of crypto assets. According to a press release, in the near future it is planned to add the possibility of buying cryptocurrencies in other countries.