Ethereum 2.0 Moves Closer to Launch with Quantstamp Audit of Prysm

Quantstamp Announcements
July 16, 2020

Quantstamp has recently completed its audit of Ethereum 2.0 as implemented by Prysmatic Labs. 

“Ethereum 2.0 is a major upgrade of Ethereum, with a large number of fundamental changes to the way it works,” noted Raul Jordan, Co-founder of Prysmatic Labs. “We chose Quantstamp as they’re one of the few firms capable of auditing a project of this scale. They’ve thoroughly analyzed everything we threw at them, communicating clearly with us the whole way. We are lucky to have chosen such a great partner.”

“Over 28 billion USD worth of Ether and other digital assets are potentially riding on the transition to proof-of-stake,” noted Richard Ma, CEO of Quantstamp. “The migration of Ether and the DeFi ecosystem to Ethereum 2.0 is a high stakes process. 10 engineers, including 7 PhDs, audited Prysm to facilitate a safe foundation and timely launch.”  

Ethereum 2.0 transforms Ethereum from a Proof-of-Work blockchain to a Proof-of-Stake blockchain with a sharded architecture. This is designed to improve the incentive model of the platform while also increasing scalability. This radical change to the consensus mechanism and architecture of Ethereum is being rolled out over three phases.

Prysm 

Prysm currently implements Ethereum 2.0 Phase 0, the first phase of the Ethereum 2.0 rollout. Phase 0 focuses on the testing and launch of the Beacon Chain, the Proof-of-Stake blockchain that serves as Ethereum 2.0’s spine.  The Beacon Chain is run by validator clients like Prysm which are responsible for executing the Proof-of-Stake protocol, overseeing validators and their stakes, and eventually validating shard chain data (coming in Phase 1). 

Validators are the core consensus providers for Ethereum 2.0. Users who run Prysm and stake 32 Ether to help validate the Ethereum 2.0 blockchain earn rewards for doing so. 

Quantstamp’s audit of Prysmatic Labs ETH 2.0 client involved ten engineers who examined the entire codebase over the course of two months. They examined the beacon node logic, validator client, slasher logic, libp2p networking layer, gRPC API, client database, account management and key storage, client synchronization, and more. 
Vulnerabilities found by Quantstamp engineers and addressed by Prysmatic Labs included:

The full list of issues and their fixes can be seen on Prysm’s issue tracking page.

Besides high and medium severity vulnerabilities, Quantstamp also provided low and informational severity guidance which improve code quality and readability. In general we found the code was well-written and documented.

About Prysmatic Labs

Prysmatic Labs currently builds technical infrastructure for the Ethereum blockchain. Our mission is to increase adoption through better tooling for users and developers of the Ethereum ecosystem through our expertise. Prysmatic is one of the several teams implementing Ethereum 2.0. Their client, Prysm, is written in the popular Go programming language.

About Quantstamp

Quantstamp is a leader in blockchain security, having performed over 140 audits and secured over $1 billion of value. Top crypto and enterprise companies including MakerDAO, Chainlink, eToro, and World Economic Forum choose Quantstamp to secure their blockchain applications. 

Quantstamp Announcements
July 16, 2020

Quantstamp has recently completed its audit of Ethereum 2.0 as implemented by Prysmatic Labs. 

“Ethereum 2.0 is a major upgrade of Ethereum, with a large number of fundamental changes to the way it works,” noted Raul Jordan, Co-founder of Prysmatic Labs. “We chose Quantstamp as they’re one of the few firms capable of auditing a project of this scale. They’ve thoroughly analyzed everything we threw at them, communicating clearly with us the whole way. We are lucky to have chosen such a great partner.”

“Over 28 billion USD worth of Ether and other digital assets are potentially riding on the transition to proof-of-stake,” noted Richard Ma, CEO of Quantstamp. “The migration of Ether and the DeFi ecosystem to Ethereum 2.0 is a high stakes process. 10 engineers, including 7 PhDs, audited Prysm to facilitate a safe foundation and timely launch.”  

Ethereum 2.0 transforms Ethereum from a Proof-of-Work blockchain to a Proof-of-Stake blockchain with a sharded architecture. This is designed to improve the incentive model of the platform while also increasing scalability. This radical change to the consensus mechanism and architecture of Ethereum is being rolled out over three phases.

Prysm 

Prysm currently implements Ethereum 2.0 Phase 0, the first phase of the Ethereum 2.0 rollout. Phase 0 focuses on the testing and launch of the Beacon Chain, the Proof-of-Stake blockchain that serves as Ethereum 2.0’s spine.  The Beacon Chain is run by validator clients like Prysm which are responsible for executing the Proof-of-Stake protocol, overseeing validators and their stakes, and eventually validating shard chain data (coming in Phase 1). 

Validators are the core consensus providers for Ethereum 2.0. Users who run Prysm and stake 32 Ether to help validate the Ethereum 2.0 blockchain earn rewards for doing so. 

Quantstamp’s audit of Prysmatic Labs ETH 2.0 client involved ten engineers who examined the entire codebase over the course of two months. They examined the beacon node logic, validator client, slasher logic, libp2p networking layer, gRPC API, client database, account management and key storage, client synchronization, and more. 
Vulnerabilities found by Quantstamp engineers and addressed by Prysmatic Labs included:

The full list of issues and their fixes can be seen on Prysm’s issue tracking page.

Besides high and medium severity vulnerabilities, Quantstamp also provided low and informational severity guidance which improve code quality and readability. In general we found the code was well-written and documented.

About Prysmatic Labs

Prysmatic Labs currently builds technical infrastructure for the Ethereum blockchain. Our mission is to increase adoption through better tooling for users and developers of the Ethereum ecosystem through our expertise. Prysmatic is one of the several teams implementing Ethereum 2.0. Their client, Prysm, is written in the popular Go programming language.

About Quantstamp

Quantstamp is a leader in blockchain security, having performed over 140 audits and secured over $1 billion of value. Top crypto and enterprise companies including MakerDAO, Chainlink, eToro, and World Economic Forum choose Quantstamp to secure their blockchain applications. 

Learn about our Audits
Quantstamp Audits
October 20, 2020

The Status of Insurance in the Blockchain Industry

Audits do not eliminate the possibility of bugs in code. Learn how insurance can be used to mitigate this risk.

October 6, 2020

Ethereum Gas Fees Rising, But L2 Solutions Are Coming

Read about the projects developing Layer 2 scaling solutions that can scale Ethereum before ETH 2.0.

October 5, 2020

Quantstamp Community Update - September 2020

DeFi hacks, securing Binance Smart Chain, 2nd ETH2 audit in progress, hackathons, virtual summits, and more...here’s what happened at Quantstamp in September.

September 21, 2020

Chasing Yield with DeFi Aggregators

The DeFi space has seen impressive innovation and traction over the last two years. As DeFi continues to evolve, DeFi aggregators are emerging as a strong trend. As user-facing products built on decentralized infrastructure, DeFi aggregators unlock the potential for higher yields and a better user experience.