Open in app

Sign in

Write

Sign in

Prysm, a Leading Ethereum client, Successfully Passes SlowMist Security Audit

SlowMist
3 min readFeb 24, 2023

The Ethereum consensus layer client Prysm has recently completed an official security audit by SlowMist.

It’s well known that the Ethereum network relies on client software to regulate the behavior of nodes, making client diversity critical to its overall health. Any client accounting for more than 33% of the network’s nodes that experiences errors can cause the Ethereum network to go offline. If a significant vulnerability is found in a client with over two-thirds of the nodes,it may cause the chain to fork incorrectly and potentially lead to penalties.

Prysm, developed by the Ethereum core development team Prysmatic Labs, is a Go-based implementation of the Ethereum consensus layer that allows users to run a node and participate in Ethereum’s decentralized economy. As a consensus protocol implementation, Prysm prioritizes usability, security, and reliability, making it the most popular Ethereum client with the largest user base. Currently, more than 42% of verification nodes are using Prysm to verify transactions.

As an industry leading firm that specializes in the security of the blockchain ecosystem, SlowMist has been closely following the development of the Ethereum platform. The collaboration between SlowMist and Prysmatic Labs to conduct a security audit of Prysm, a major Ethereum client, demonstrates SlowMist’s proactive involvement in the Ethereum ecosystem, while also contributing to the ecosystem’s emphasis on security-oriented development.

Starting from November 1, 2022 to November 21, 2022, SlowMist will employ a “black box, gray box, white box” strategy to conduct a comprehensive security test of the project, which simulates a real attack scenario to identify and resolve any security vulnerabilities. The primary objective of the security audit is to protect both the project and its users by providing recommendations to the team for strengthening and fixing any security flaws found. The SlowMist security audit process for the chain involves two main steps: 1) using automated tools to analyze the scanned/tested source code for common coding flaws, and 2) conducting a manual audit of the code for the listed security issues and manually analyzing the code for any potential issues.

Our audit focused on the following scope of vulnerabilities:

1)P2P:

  • Sybil Attack
  • Eclipse Attack
  • Eavesdropping Attack
  • Denial of Service Attack
  • BGP Hijack Attack
  • Alien Attack
  • Timejacking

2)RPC:

  • Eavesdropping Attack
  • Denial of Service Attack
  • The Ethereum Black Valentine’s Day Vulnerability
  • Http Input Attack
  • Cross-Domain Phishing Attack

3)Consensus:

  • Long Range Attack
  • Bribery Attack
  • Race Attack
  • Liveness Denial
  • Censorship Attack
  • Finney Attack
  • Vector76 Attack
  • Alternative Historical Attack
  • 51% Attack
  • Grinding Attack
  • Coin Age Accumulation Attack
  • SelfishMining
  • Block Double Production

4)Encryption:

  • Cryptographic Attack
  • Private Key Prediction
  • Length Extension Attack

5)Transaction:

  • Transaction Replay Attack
  • Transaction Malleability Attack
  • Time-Locked Transaction Attack
  • False Top-Up Attack

During the audit, SlowMist detected two low-risk vulnerabilities and one advisory vulnerability, and also provided recommendations for improvements. Following communication with the Prysmatic Labs team, the issues were successfully resolved and underwent review and approval by the auditors once again. For further information, the audit report can be accessed via the link.

About Prysmatic Labs

Prysmatic Labs is a core software development team responsible for maintaining, upgrading, and innovating the Ethereum network, as well as developing the Ethereum client, Prysm. The team focuses on horizontal scaling of Ethereum and provides support for significant DApps and smart contracts on the Ethereum blockchain.

Official Site: https://prysmaticlabs.com/
GitHub: https://github.com/prysmaticlabs

About SlowMist

For many years, SlowMist has been a top blockchain security firm that conducts security audits to provide users with peace of mind and reduce the likelihood of attacks.

SlowMist was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, O3Swap, etc.

Website:
https://www.slowmist.com
Twitter:
https://twitter.com/SlowMist_Team
Github:
https://github.com/slowmist/

Audit
Blockchain
Ethereum

--

--

SlowMist

Written by SlowMist

2.6K Followers

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams