The Ethereum Foundation Is Building a Dedicated Eth 2.0 Security Team
The Ethereum Foundation will be building a dedicated security team for Ethereum 2.0 to study any potential cybersecurity and crypto-economic issues in the next generation of the Ethereum network.
Justin Drake, an Eth 2.0 researcher at the foundation, announced the start of the recruitment process on his Twitter feed.
The foundation is looking to hire a variety of security and auditing professionals, both for the software and the general model of the upcoming upgrade.
Among the potential team’s tasks will be “fuzzing, bounty hunting, pager duty,” which directly relates to software security management.
Ethereum client developers have already engaged in fuzzing for the upcoming Eth 2.0 clients. The efforts were spearheaded by Sigma Prime, the developers of the Rust-based Lighthouse client.
Fuzzing is a bug searching technique that involves feeding garbage data to software in order to trigger a non-standard response. Many of the bugs found today in the web are due to improper input sanitation, where special types of inputs may be interpreted as machine code or simply produce undesired behavior. Fuzzing helps find these critical points and update the code to prevent potentially catastrophic bugs.
The security team will also be doing more theoretical work on formal verification of cryptographic algorithms. This process will seek to mathematically prove that a certain algorithm is secure. Economic modeling experts are also sought by the foundation.
Ramping up security
With the final stages of preparation for Ethereum 2.0 Phase 0 underway, heavy emphasis is now being placed on the network’s security.
Recently, the foundation launched specialized “attack networks” for bounty hunters to break. By finding issues before the mainnet launch, developers are looking to ensure a smooth transition.
This approach has proven to be successful, with several confirmed exploits being patched. A multi-client attack net has been launched today following the program’s success.
The Ethereum Medalla testnet, the first to be fully maintained by the community, is due for launch on Tuesday after locking in the required number of validators ahead of deadline.
Mainnet launch will follow at an unspecified date when developers feel confident with the network’s stability.
Drake anticipated earlier that this may only happen in 2021, though some, like Ethereum co-founder Vitalik Buterin, are more optimistic for a launch this year.