In May 2021, the Ethereum Foundation selected Taurus to lead a security review of Ethereum beacon clients, which are the applications powering the "Ethereum 2.0" updates, in collaboration with Tomsk University (Russia) and UCL (UK). After 3 months of work and intense scrutiny of Ethereum's code and specification, today we finally publish our results.
Our report covers the four main beacon clients: Lighthouse (in Rust), Nimbus (in Nim), Prysm (in Go), and Teku (in Java), and describes more than 35 security improvements and bugs, most of which have already been addressed by the application developers after receiving our reports. Apart from security features related to cryptography and networking, we analysed Ethereum's software susceptibility to so-called supply-chain attacks, or sabotage risks leveraging the large number of dependencies in modern software.
We're happy to contribute to the security of Ethereum, the leading blockchain platform, and a vibrant community designing and deploying innovating techniques for scalability and security. We would like to thank the Ethereum Foundation for supporting this project.
Download the report PDF, and read a related post we co-authored.