Security at Ethereum Protocol is constantly improving, and one recent effort is an external security review of the Pectra system agreement.
The results of this review are Audit Repositoryand TL;DR is that all issues found from these reviews are addressed that are considered relevant or important.
Audit scope and methodology
The Pectra System Agreement includes several EIPs (EIP-2935, EIP-7002, and EIP-7251), and reviews were primarily made below.
- Evaluate potential attack vector contracts.
- Ensure that the contract logic implements the intended functionality accurately according to the EIP specification.
A multiphase approach was adopted, with each audit being built on previous findings.
- Blackthorn Audit
- dedaub audit
- Plain Shift Audit
- Sigma Prime Audit
Between each review, code improvements were made before proceeding to the next round of audits.
Formal verification
In addition to the security review above, the A16Z is Formal verification using Halmos. They used Halmos We formally verify the functional correctness of these contracts. This focused specifically on whether bytecodes lined up with specs rather than assessing the security of the specs themselves against potential abuse or malicious uses. This separation of concerns allows auditors and the community to check the specifications without worrying about the implementation details of low-level bytecode.
Next Steps
The full report is available at Pectra System contracts audit repository.
Currently running a bug bounty competition Cantina You will receive a maximum of $2,000,000 for survey results related to Pectra.
As always, security in the Ethereum ecosystem is a collective effort. Thank you to all auditors and contributors who played an important role in this process!
