As always, numerous developments are occurring on the eth2 front. Beyond written communication (take a look at the State of Eth2 article below) and various public summaries, client teams, contributors, and community members/potential validators have been quite occupied!
Today, we will delve into some noteworthy deposit contract updates, alongside major advances toward the deployment of spec version v0.12.
tl;dr
Solidity deposit contract and formal validation
Today, we are excited to announce a new, more secure iteration of the eth2 deposit contract crafted in Solidity! This contract preserves the same public interface (with the addition of an EIP 165 supportsInterface function) thus making it an entirely transparent transition for all current client and developer tools. In fact, the Solidity code is mainly a line-by-line conversion of the original Vyper contract designed to facilitate review and formal verification.
In recent months, the eth2 deposit contract was restructured in Solidity by Alex Beregszaszi, evaluated by a small group of Solidity professionals, and formally verified by Runtime Verification largely employing the K-spec that was originally created for the Vyper edition of the contract.
Although the prior Vyper contract underwent extensive testing, reviews, and formal verification, concerns linger regarding the reliability of the Vyper compiler as it currently stands. During the initial Vyper bytecode verification process, numerous compiler bugs were identified (and resolved). In addition to the formal verification, Suhabe Bugrara (ConsenSys R&D) performed a review of the Vyper deposit contract and formal verification, which led to several enhancements in the formal specification (ultimately aiding the re-verification process of the Solidity contract). Although the verification was deemed sound, Suhabe could not endorse the bytecode as secure while it relied on the Vyper compiler.
At the same time, ConsenSys Diligence and Trail of Bits conducted investigative security assessments on the Vyper compiler, uncovering a multitude of additional bugs and raising alarms about underlying issues within the compiler codebase.
Despite these discoveries, Vyper remains a highly promising language. The compiler, based on Python, continues to evolve, and several contributors are focused on formalizing the language and exploring alternative compilers.
While we are confident in the formally verified bytecode, the challenges identified in the Vyper compiler fostered a substantial dependency on the bytecode verification process. It is preferable to begin with a compiler that is widely accepted as secure and to verify bytecode from that point onward, rather than starting with a compiler known to have issues and subsequently verifying that none of those aforementioned (or unforeseen) problems manifest in the bytecode.
To eliminate any doubt regarding the safety of this critical contract, we recommend utilizing the new Solidity contract for the eth2 mainnet, and we invite Solidity contract and EVM bytecode experts to review the contract and corresponding formal verification. Any issues uncovered will be eligible for the Eth2 Phase 0 Bounty Program.
A brief note — The new contract has not yet been integrated into the spec repository. I will be incorporating the new Solidity contract this week and releasing it as a minor version update shortly. I felt it necessary to announce immediately so the community could have ample time for review.
Altona v0.12 testnet
Since the launch of spec version v0.12, client teams have been diligently updating and testing their codebases in anticipation of public testnets.
I’ve observed numerous enquiries from the community (on Discord, Reddit, etc.) asking why what seemed to be a relatively minor update has required a significant amount of time to finalize. While each client’s codebase and associated challenges vary, teams are approaching v0.12 very earnestly. Even though the update in specification was not excessively burdensome, additional time has been dedicated to enhancing security, optimizing functionality, and generally fortifying the clients ahead of what is intended to be the final significant version of the spec prior to launch.
The moment is nearly upon us for the inaugural public, multi-client testnet of v0.12 — Altona, expected to launch within the next week. This network will commence entirely under the management of the constituent client teams (planned Lighthouse, Nimbus, Prysm, and Teku), Afri, and select EF team members. Following the initial launch, the deposit contract address will be disclosed to permit open, public participation.
Similar to the previous multi-client testnets, Altona is designed more as a devnet than a user-centric testnet. To clarify, Altona is primarily for client teams to verify v0.12 software in a live environment and for eth2 engineers in general to resolve any issues that may surface exclusively in a multi-client context. Nonetheless, we invite you to engage and enhance Altona over time. Following that, the subsequent phase (given the overall success of Altona) is a larger, community-oriented testnet featuring the mainnet configuration of at least 16,384 validators to kick off.
Oh! and Altona will implement the new Solidity deposit contract mentioned earlier. As I stated, this is a fully transparent modification to eth2 client software since the public interface remains unchanged. Eager to trial it in a production environment nonetheless.
Grant for Sigma Prime’s beacon-fuzz
We’re thrilled to announce an ongoing grant for Sigma Prime’s multi-client differential fuzzing initiative — beacon-fuzz. Thus far, this endeavor has already achieved significant success, identifying bugs in all clients involved in the system.
You can visit the Sigma Prime blog to keep updated on progress. Stay alert for the anticipated “fuzzing at home” extension of beacon-fuzz to participate and potentially discover a bug on your own machine!
My lengthy eth2 blog article
If you haven’t had the opportunity to check out my blog article from a few weeks back, it’s not too late! Take a look at The State of Eth2, June 2020 to gain a comprehensive overview and insight into the current status of the eth2 project and its relation to Ethereum as a whole 🚀