Ethereum 2.0 Moves Closer to Launch with Quantstamp Audit of Prysm

July 16, 2020
Quantstamp Announcements

Quantstamp has recently completed its audit of Ethereum 2.0 as implemented by Prysmatic Labs. 

“Ethereum 2.0 is a major upgrade of Ethereum, with a large number of fundamental changes to the way it works,” noted Raul Jordan, Co-founder of Prysmatic Labs. “We chose Quantstamp as they’re one of the few firms capable of auditing a project of this scale. They’ve thoroughly analyzed everything we threw at them, communicating clearly with us the whole way. We are lucky to have chosen such a great partner.”

“Over 28 billion USD worth of Ether and other digital assets are potentially riding on the transition to proof-of-stake,” noted Richard Ma, CEO of Quantstamp. “The migration of Ether and the DeFi ecosystem to Ethereum 2.0 is a high stakes process. 10 engineers, including 7 PhDs, audited Prysm to facilitate a safe foundation and timely launch.”  

Ethereum 2.0 transforms Ethereum from a Proof-of-Work blockchain to a Proof-of-Stake blockchain with a sharded architecture. This is designed to improve the incentive model of the platform while also increasing scalability. This radical change to the consensus mechanism and architecture of Ethereum is being rolled out over three phases.

Prysm 

Prysm currently implements Ethereum 2.0 Phase 0, the first phase of the Ethereum 2.0 rollout. Phase 0 focuses on the testing and launch of the Beacon Chain, the Proof-of-Stake blockchain that serves as Ethereum 2.0’s spine.  The Beacon Chain is run by validator clients like Prysm which are responsible for executing the Proof-of-Stake protocol, overseeing validators and their stakes, and eventually validating shard chain data (coming in Phase 1). 

Validators are the core consensus providers for Ethereum 2.0. Users who run Prysm and stake 32 Ether to help validate the Ethereum 2.0 blockchain earn rewards for doing so. 

Quantstamp’s audit of Prysmatic Labs ETH 2.0 client involved ten engineers who examined the entire codebase over the course of two months. They examined the beacon node logic, validator client, slasher logic, libp2p networking layer, gRPC API, client database, account management and key storage, client synchronization, and more. 
Vulnerabilities found by Quantstamp engineers and addressed by Prysmatic Labs included:

The full list of issues and their fixes can be seen on Prysm’s issue tracking page.

Besides high and medium severity vulnerabilities, Quantstamp also provided low and informational severity guidance which improve code quality and readability. In general we found the code was well-written and documented.

About Prysmatic Labs

Prysmatic Labs currently builds technical infrastructure for the Ethereum blockchain. Our mission is to increase adoption through better tooling for users and developers of the Ethereum ecosystem through our expertise. Prysmatic is one of the several teams implementing Ethereum 2.0. Their client, Prysm, is written in the popular Go programming language.

About Quantstamp

Quantstamp is a leader in blockchain security, having performed over 140 audits and secured over $1 billion of value. Top crypto and enterprise companies including MakerDAO, Chainlink, eToro, and World Economic Forum choose Quantstamp to secure their blockchain applications. 

Quantstamp Announcements
July 16, 2020

Quantstamp has recently completed its audit of Ethereum 2.0 as implemented by Prysmatic Labs. 

“Ethereum 2.0 is a major upgrade of Ethereum, with a large number of fundamental changes to the way it works,” noted Raul Jordan, Co-founder of Prysmatic Labs. “We chose Quantstamp as they’re one of the few firms capable of auditing a project of this scale. They’ve thoroughly analyzed everything we threw at them, communicating clearly with us the whole way. We are lucky to have chosen such a great partner.”

“Over 28 billion USD worth of Ether and other digital assets are potentially riding on the transition to proof-of-stake,” noted Richard Ma, CEO of Quantstamp. “The migration of Ether and the DeFi ecosystem to Ethereum 2.0 is a high stakes process. 10 engineers, including 7 PhDs, audited Prysm to facilitate a safe foundation and timely launch.”  

Ethereum 2.0 transforms Ethereum from a Proof-of-Work blockchain to a Proof-of-Stake blockchain with a sharded architecture. This is designed to improve the incentive model of the platform while also increasing scalability. This radical change to the consensus mechanism and architecture of Ethereum is being rolled out over three phases.

Prysm 

Prysm currently implements Ethereum 2.0 Phase 0, the first phase of the Ethereum 2.0 rollout. Phase 0 focuses on the testing and launch of the Beacon Chain, the Proof-of-Stake blockchain that serves as Ethereum 2.0’s spine.  The Beacon Chain is run by validator clients like Prysm which are responsible for executing the Proof-of-Stake protocol, overseeing validators and their stakes, and eventually validating shard chain data (coming in Phase 1). 

Validators are the core consensus providers for Ethereum 2.0. Users who run Prysm and stake 32 Ether to help validate the Ethereum 2.0 blockchain earn rewards for doing so. 

Quantstamp’s audit of Prysmatic Labs ETH 2.0 client involved ten engineers who examined the entire codebase over the course of two months. They examined the beacon node logic, validator client, slasher logic, libp2p networking layer, gRPC API, client database, account management and key storage, client synchronization, and more. 
Vulnerabilities found by Quantstamp engineers and addressed by Prysmatic Labs included:

The full list of issues and their fixes can be seen on Prysm’s issue tracking page.

Besides high and medium severity vulnerabilities, Quantstamp also provided low and informational severity guidance which improve code quality and readability. In general we found the code was well-written and documented.

About Prysmatic Labs

Prysmatic Labs currently builds technical infrastructure for the Ethereum blockchain. Our mission is to increase adoption through better tooling for users and developers of the Ethereum ecosystem through our expertise. Prysmatic is one of the several teams implementing Ethereum 2.0. Their client, Prysm, is written in the popular Go programming language.

About Quantstamp

Quantstamp is a leader in blockchain security, having performed over 140 audits and secured over $1 billion of value. Top crypto and enterprise companies including MakerDAO, Chainlink, eToro, and World Economic Forum choose Quantstamp to secure their blockchain applications. 

Learn about our Audits
Quantstamp Audits
Learn about our Audits
Quantstamp Audits
Quantstamp Announcements

June Security Beat: Keys Over Code

$75.32M was lost across 32 crypto incidents in June, up from May's $59.52M. No coordinated campaign carried the month, but one targeted operation did. A targeted social-engineering attack against Humanity Protocol reached the keys behind the $H token and drained $32M, roughly 42% of every dollar lost in June. Quantstamp led the independent investigation and traced the tooling to a phishing campaign previously seen targeting macOS users. Offchain, a fresh npm supply chain wave hit Red Hat's packages on the first day of the month, and a PeopleSoft zero-day was exploited for two weeks before Oracle said a word. Here's the month in security 👇

Read more
Quantstamp Announcements

May 2026 Security Beat

$59.52M was lost across 29 crypto incidents, down sharply from April's ~$635M. No single hack carried the month. The bigger story happened off-chain, where a self-propagating npm worm called Mini Shai-Hulud kept resurfacing in new waves through the month, ultimately spanning more than 1,000 malicious package versions across the npm ecosystem.

Read more
Quantstamp Announcements

April 2026 Security Beat: Same Actors, New Targets

April was undoubtedly a rocky month in security. $635M was lost across 28 crypto incidents. The Axios npm package was compromised on day one, exposing an estimated 600,000 installs in three hours. Vercel was breached through a third party. Three major CVEs under active exploitation. Here's the month in security 👇

Read more