{"id":9860,"date":"2025-03-17T13:58:36","date_gmt":"2025-03-17T12:58:36","guid":{"rendered":"https:\/\/wsj-crypto.com\/?p=9860"},"modified":"2025-03-17T13:58:36","modified_gmt":"2025-03-17T12:58:36","slug":"decoding-the-security-of-ethereum-what-you-need-to-know","status":"publish","type":"post","link":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/","title":{"rendered":"Decoding the Security of Ethereum: What You Need to Know"},"content":{"rendered":"<p><\/p>\n<div id=\"\">\n<p class=\"chakra-text css-gi02ar\">As I compose this, I\u2019m situated in the London office contemplating how to provide you with a comprehensive overview of the efforts we&#8217;ve undertaken to safeguard Ethereum\u2019s protocols, clients, and p2p-network. As you may recall, I became part of the Ethereum team at the close of last year to oversee the security evaluation. As spring transitioned into summer and multiple audits were completed, it\u2019s a suitable moment for me to convey some findings from the assessment of the world computer\u2019s machine area. \ud83d\ude09<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">It is evident that, although the delivery of clients involves a sophisticated product development procedure, it represents an exhilarating yet profoundly intricate research initiative. This complexity is why even the most meticulously planned development timelines are prone to adjustments as we uncover more about our problem area.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">The security evaluation commenced at the end of last year with the formulation of a broad strategy aimed at guaranteeing optimal security for Ethereum. As you are aware, our development process is driven by security rather than by schedules. With this perspective, we devised a multi-layered audit strategy consisting of:<!-- --><\/p>\n<p><!-- --><\/p>\n<ul role=\"list\" class=\"css-1onhfjo\">\n<li class=\"css-cvpopp\">Assessments of new protocols and algorithms conducted by established blockchain researchers and specialized software security firms<!-- --><\/li>\n<li class=\"css-cvpopp\">Comprehensive review of protocols and implementation by a top-tier security consultancy (Go followed by C++ and a basic audit for the educational Python client), in addition to<!-- --><\/li>\n<li class=\"css-cvpopp\">The <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"http:\/\/bounty.ethdev.com\">bug bounty initiative<!-- --><\/a>.<!-- --><\/li>\n<\/ul>\n<p>The assessments of the new protocols and algorithms addressed issues such as the security of:<br \/>\n<!-- --><\/p>\n<ul role=\"list\" class=\"css-1onhfjo\">\n<li class=\"css-cvpopp\">The gas economics<!-- --><\/li>\n<li class=\"css-cvpopp\">The newly developed ASIC-resistant proof of work puzzle as well as<!-- --><\/li>\n<li class=\"css-cvpopp\">The economic incentives for mining nodes.<!-- --><\/li>\n<\/ul>\n<p>The \u201ccrowd-sourced\u201d audit segment began around Christmas coinciding with our bug bounty initiative. We allocated an 11-digit satoshi amount to reward individuals who identified bugs within our code. We\u2019ve received high-quality <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"http:\/\/bounty.ethdev.com\">submissions<!-- --><\/a> to our bug bounty program, and participants received appropriate rewards. The bug bounty initiative remains ongoing, and further submissions are needed to exhaust the designated budget&#8230;<br \/>\n<!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">The initial significant security audit (covering the gas economics and PoW puzzle) by the security consultancy Least Authority commenced in January and extended until the winter\u2019s conclusion. We are pleased to confirm that we reached an agreement with most of our external auditors to make those audit reports publicly accessible once the auditing work and resolution of the findings are concluded. Thus, alongside this blog post, we are excited to present the Least Authority <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/github.com\/LeastAuthority\/ethereum-analyses\/\">audit report<!-- --><\/a> and the related <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/leastauthority.com\/blog\/least_authority_performs_incentive_analysis_for_ethereum.html\">blog post<!-- --><\/a>. Furthermore, the report includes valuable recommendations for \u00d0App developers to guarantee secure design and deployment of contracts. We anticipate the publication of additional reports as they become available.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">We have also engaged another software security firm at the start of the year to deliver audit coverage on the Go implementation. With the enhanced security that comes with multiple clients and as Gav noted in his earlier post, we have opted to initiate a lightweight security audit for the Python and C++ implementations beginning in early July. The C++ code will undergo a full audit subsequently \u2013 <!-- --><b>our aim with this strategy is to ensure multiple audited clients are available as early as possible during the release timeline.<!-- --><\/b><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">We commenced this most thorough audit for the Go client, also known as the \u201cend-to-end audit\u201d, in February with a one-week workshop that would be succeeded by regular check-in calls and weekly audit reports. The audit was integrated within a detailed process for bug tracking and resolution, managed and meticulously <!-- --><a target=\"_blank\" rel=\"noopener\" class=\"chakra-link css-ug8vf0\" href=\"https:\/\/github.com\/ethereum\/go-ethereum\/issues?page=1&amp;q=is%3Aissue+SEC&amp;utf8=%E2%9C%93\">tracked on Github<!-- --><\/a> by Gustav with Christoph and Dimitry developing the corresponding necessary tests.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">As the name suggests, the end-to-end audit was designed to encompass \u201ceverything\u201d (from networking to the Ethereum VM to syncing layer to PoW) ensuring that at least one auditor verified the various core layers of Ethereum. One consultant recently articulated the scenario quite succinctly: \u201cTo be honest, the testing needs of Ethereum are more complex than anything I\u2019ve encountered before.\u201d As Gav reported in his <!-- --><a class=\"chakra-link css-ug8vf0\" href=\"https:\/\/blog.ethereum.org\/2015\/06\/15\/another-ethereum-dev-update\">most recent blog post<!-- --><\/a>, due to the substantial alterations in the networking and syncing strategies, we ultimately resolved to commission further audit work for Go \u2013 which we are on the verge of completing this week. The kickoff for the end-to-end C++ and basic Python audits is taking place now.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">The audit tasks along with subsequent bug fixing and regression testing, as well as related refactoring and redesign (of networking and syncing layers), constitute the majority of work currently occupying the developers. Similarly, the resolution of findings, redesign, and regression testing are the reasons for delays in delivery. Additionally, the Olympic testing phase has provided us with significant insights regarding resiliency under various circumstances, such as slow connections, problematic peers, erratic behaving peers, and outdated peers. The most significant challenge thus far has been addressing and recovering from forks. We have gained much knowledge from the recovery attempts concerning the necessary processes for managing these types of scenarios and incidents.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">It may not be surprising that the various audits represent a considerable investment \u2013 which we believe is money well spent.<!-- --><\/p>\n<p><!-- --><\/p>\n<p class=\"chakra-text css-gi02ar\">As we approach the release, security and dependability are increasingly prominent in our considerations, especially given the handful of critical issues identified in the Olympic test release. We are exceedingly appreciative of the enthusiasm and meticulous work all auditors have dedicated thus far. Their contributions have aided us in refining the specifications within the Yellow Paper, removing ambiguities, addressing several subtle concerns, and identifying a number of implementation bugs.<!-- --><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/blog.ethereum.org\/en\/2015\/07\/07\/know-ethereum-secure\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As I compose this, I\u2019m situated in the London office contemplating how to provide you with a comprehensive overview of the efforts we&#8217;ve undertaken to safeguard Ethereum\u2019s protocols, clients, and p2p-network. As you may recall, I became part of the Ethereum team at the close of last year to oversee the security evaluation. As spring<\/p>\n","protected":false},"author":3,"featured_media":8282,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[1739],"class_list":["post-9860","post","type-post","status-publish","format-standard","has-post-thumbnail","category-ethereum","tag-return-a-list-of-comma-separated-tags-from-this-title-how-do-you-know-ethereum-is-secure"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Decoding the Security of Ethereum: What You Need to Know - WSJ-Crypto<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Decoding the Security of Ethereum: What You Need to Know - WSJ-Crypto\" \/>\n<meta property=\"og:description\" content=\"As I compose this, I\u2019m situated in the London office contemplating how to provide you with a comprehensive overview of the efforts we&#8217;ve undertaken to safeguard Ethereum\u2019s protocols, clients, and p2p-network. As you may recall, I became part of the Ethereum team at the close of last year to oversee the security evaluation. As spring\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/\" \/>\n<meta property=\"og:site_name\" content=\"WSJ-Crypto\" \/>\n<meta property=\"article:published_time\" content=\"2025-03-17T12:58:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"2100\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"wsjcrypto\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"wsjcrypto\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/\",\"url\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/\",\"name\":\"Decoding the Security of Ethereum: What You Need to Know - WSJ-Crypto\",\"isPartOf\":{\"@id\":\"https:\/\/wsj-crypto.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\",\"datePublished\":\"2025-03-17T12:58:36+00:00\",\"author\":{\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\"},\"breadcrumb\":{\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/#primaryimage\",\"url\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\",\"contentUrl\":\"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg\",\"width\":2100,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wsj-crypto.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Decoding the Security of Ethereum: What You Need to Know\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/wsj-crypto.com\/#website\",\"url\":\"https:\/\/wsj-crypto.com\/\",\"name\":\"WSJ-Crypto\",\"description\":\"Just Another Crypto News Website\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/wsj-crypto.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7\",\"name\":\"wsjcrypto\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g\",\"caption\":\"wsjcrypto\"},\"url\":\"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Decoding the Security of Ethereum: What You Need to Know - WSJ-Crypto","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/","og_locale":"it_IT","og_type":"article","og_title":"Decoding the Security of Ethereum: What You Need to Know - WSJ-Crypto","og_description":"As I compose this, I\u2019m situated in the London office contemplating how to provide you with a comprehensive overview of the efforts we&#8217;ve undertaken to safeguard Ethereum\u2019s protocols, clients, and p2p-network. As you may recall, I became part of the Ethereum team at the close of last year to oversee the security evaluation. As spring","og_url":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/","og_site_name":"WSJ-Crypto","article_published_time":"2025-03-17T12:58:36+00:00","og_image":[{"width":2100,"height":900,"url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","type":"image\/jpeg"}],"author":"wsjcrypto","twitter_card":"summary_large_image","twitter_misc":{"Scritto da":"wsjcrypto","Tempo di lettura stimato":"5 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/","url":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/","name":"Decoding the Security of Ethereum: What You Need to Know - WSJ-Crypto","isPartOf":{"@id":"https:\/\/wsj-crypto.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/#primaryimage"},"image":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/#primaryimage"},"thumbnailUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","datePublished":"2025-03-17T12:58:36+00:00","author":{"@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7"},"breadcrumb":{"@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/#primaryimage","url":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","contentUrl":"https:\/\/wsj-crypto.com\/wp-content\/uploads\/2025\/02\/eth-org.jpeg","width":2100,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/wsj-crypto.com\/index.php\/2025\/03\/17\/decoding-the-security-of-ethereum-what-you-need-to-know\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wsj-crypto.com\/"},{"@type":"ListItem","position":2,"name":"Decoding the Security of Ethereum: What You Need to Know"}]},{"@type":"WebSite","@id":"https:\/\/wsj-crypto.com\/#website","url":"https:\/\/wsj-crypto.com\/","name":"WSJ-Crypto","description":"Just Another Crypto News Website","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/wsj-crypto.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Person","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/88a93723b30416db1a352d5a0096c4a7","name":"wsjcrypto","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/wsj-crypto.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/86fe8af82ea089646d6639ca2f87e0243d8688d957bd8e3ec22ec3c457cc16d4?s=96&d=mm&r=g","caption":"wsjcrypto"},"url":"https:\/\/wsj-crypto.com\/index.php\/author\/wsjcrypto\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/9860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/comments?post=9860"}],"version-history":[{"count":2,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/9860\/revisions"}],"predecessor-version":[{"id":9862,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/posts\/9860\/revisions\/9862"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media\/8282"}],"wp:attachment":[{"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/media?parent=9860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/categories?post=9860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wsj-crypto.com\/index.php\/wp-json\/wp\/v2\/tags?post=9860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}