tl;dr
Rayonism☀️, collaborating on the Merge
This week, protolambda and others unveiled plans for Rayonism, an ambitious month-long initiative aimed at developing Merge devnets based on current specifications, with an additional goal of incorporating sharding in these devnets alongside L2 rollup integrations.
The main objective is to consolidate development around a standardized Merge spec to bring all client teams thoroughly into the Merge design and workflow, ensuring that a well-informed decision regarding the Merge roadmap can be reached in the upcoming months. Additionally, it’s about enjoying the process a little! 🙂
Besides Rayonism, Merge specifications and design documents are advancing well. A massive shout-out to Mikhail and the numerous reviewers and contributors who are driving this forward!
Discover more about Rayonism here and join us in the Eth R&D discord #rayonism☀️ channel to participate!
blst security announcement
Yesterday, Supranational issued a security advisory for the blst BLS library, which is currently utilized in production by all beacon chain clients today.
During the differential fuzzing process of the blst library conducted by Guido Vranken, it was found that blst could yield incorrect outcomes for certain input values within the inverse function. This issue was addressed in a blst release that came out three weeks ago and has been incorporated into all beacon chain clients.
While there is no known practical exploit of this issue currently, it is recommended that all running beacon chain clients upgrade to the latest version in case any exploit is found. Similarly, if you are utilizing blst in your project, we strongly advise updating to the latest version as soon as feasible.
[Note: Teku was not utilizing a compromised version of blst, but they have recently implemented some valuable optimizations, so you should consider upgrading regardless]
Additional details regarding this issue can be found in the public security advisory available on the blst repository.
Beacon Chain security+testing Request for Proposal
Reminder! There is a current Beacon Chain security+testing Request for Proposal.
The EF is seeking any submissions that enhance the security and resilience of the Beacon Chain and the impending merge (transition from PoW to PoS). Live network assessments, formal verification, client load evaluation, new consensus mechanisms — just to mention a few potential avenues.
Get inventive! Given your and your team’s expertise, there is likely a significant way to contribute to the security of this system.
Proposals are due April 20th 🚀