Ethereum Challenges Hackers to Attack Proposed 2.0 Networks
The Ethereum Foundation has launched public “attack networks” for Ethereum 2.0 based on existing stable clients.
The networks are designed to give security researchers a sandbox environment where they can try to break Ethereum 2.0’s networks by exploiting potential issues in the clients. Currently, there are two “beta-0” attack networks based on the Lighthouse and Prysm clients, built respectively by Sigma Prime and Prysmatic Labs.
According to the announcement released on Monday, the attack networks are “real networks,” though they present some limitations. Notably, only four nodes have been deployed to the network with 128 validators, versus the thousands expected for Ethereum 2.0.
Deposits are also not enabled, which means that hackers will need to “try non-validator based attacks for this run.”
The goal for the attackers is to "prevent finality for 16 consecutive epochs” on a single network “by any means necessary.” What this means is that the exploit will need to make the Ethereum 2.0 network unusable and unsafe for at least 102 minutes, or 1 hour and 42 minutes.
Each epoch consists of 32 slots during which blocks may be proposed. Each slot lasts for 12 seconds and is roughly equivalent to block time under optimal conditions. At the end of each epoch, the validators are reshuffled to maintain the network’s security.
Individual hackers and specific groups will be entitled to a $5,000 bounty for successfully breaking the network in this way. Each network has its own bounty, though a single entity can only receive one.
Ethereum 2.0 continues progress
In recent months, progress on Ethereum 2.0's Phase 0 has picked up, with the teams recently launching a new multiclient testnet on the newer 0.12.1 specification, called Altona. The testnet promises to be the last major “devnet” primarily run by developers ahead of a full-scale testnet for the general public.
The attack networks are an important part of that transition, as they incentivize others to find potential vulnerabilities and issues that simple testing likely would not reveal.
However, other factors may temper public optimism. For example, some client developer teams seem to be lagging behind, and their nodes are unable to join the shared testnets.
Furthermore, the community has to decide on what makes Ethereum 2.0 ready for mainnet, with potentially months of further waiting as the systems continue being battle tested.
Justin Drake, an Ethereum 2.0 researcher, posited that the most likely launch date for the mainnet is January 2021, given several months of testing and accounting for holidays. However, Vitalik Buterin, Ethereum’s co-founder, disagreed with that timeline and argued that Phase 0 should launch in 2020, even if sacrificing some of the cautiousness.